ThresPassport - A Distributed Single Sign-On Service
نویسندگان
چکیده
In this paper, we present ThresPassport (Threshold scheme-based Passport), a web-based, distributed Single Sign-On (SSO) system which utilizes a threshold-based secret sharing scheme to split a service provider’s authentication key into partial shares distributed to authentication servers. Each authentication server generates a partial authentication token upon request by a legitimate user after proper authentication. Those partial authentication tokens are combined to compute an authentication token to sign the user on to a service provider. ThresPassport depends on neither Public Key Infrastructure (PKI) nor existence of a trustworthy authority. The sign-on process is as transparent to users as Microsoft’s .NET Passport. ThresPassport offers many significant advantages over .NET Passport and other SSOs on security, portability, intrusion and fault tolerance, scalability, reliability, and availability.
منابع مشابه
Single Sign-On Scheme using XML for Multimedia Device Control in Children’s Game Network based on OSGi service Platform
This paper proposes a single sign-on scheme in which a user offers his credential information to children’s game network running the OSGi (Open Service Gateway Initiative) service platform, to obtain user authentication and control a remote device through a mobile device using this authentication scheme, based on SAML (Security Assertion Markup Language). By defining the single sign-on profile ...
متن کاملSingle Server Bulk Queue with Service Interruption, Two Phase Repairs and State Dependent Rates
This paper reports a study on a single server queue with bulk arrival and bulk service patterns wherein the incoming traffic depends on the state of the server which may be in operating or breakdown state. The repair of the breakdown server is performed in two phases. The operating duration of server, repair duration of both phases of repairing as well as job's inter-arrival times and service t...
متن کاملSecurity Enhancement of Single Sign on Mechanism for Distributed Computer Networks
Single sign-on mechanisms allow users to sign on only once and have their identities automatically verified by each application or service they want to access afterwards. There are few practical and secure single sign-on models, even though it is of great importance to current distributed application environments. Most of current application architectures require the user to memorize and utiliz...
متن کاملSecurity Analysis of a Single Sign-On Mechanism For Distributed Computer Networks
Single sign on mechanisms allow users to sign on only once and have their identities automatically verified by each application or service they want to access afterwards. There are few practical and secure single sign on models, even though it is of great importance to current distributed application environments. Most of current application architectures require the user to memorize and utiliz...
متن کاملDesign and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security
In recent years, the Grid development focus is transitioning from resources to services. A Grid Service is defined as a Web Service that provides a set of well-defined interfaces and follows specific conventions. SAML is an XML based Single sign-on (SSO) standard for Web Services, which enables the exchange of authentication, authorization, and profile information between different entities. Th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005