Single Sign-on機制之探討與實現

In the recent years, the internet has became a necessary part for human beings. Usuaully, every website has its own membership system. The user must register first for an account before he starts to get the service from the website. If the user cannot properly manage all of his account information, there will be a burden. Therefore, this phenomenon causes the development of the single sign-on mechanism. There are many kinds of methods to log in single sign-on mechanism, such as “OpenID” and “OAuth”. Currently, in the market condition, almost all of the sites support just one kind of single sign-on mechanism. Both “OpenID” and “OAuth” belong to the Single Sign-on mechanism; nevertheless, the usage of the context (modal) and the aspect of emphasis are quite different, and the error use might bring hidden risk. In this paper, we will investigate these two mechanisms and compare the difference between them. In the experimental part, we will develop a website supporting both “OpenID” and “OAuth”. Now, the user can choose either way to log in in order to promote Single Sign-on mechanism.