Design of web service single sign-on based on ticket and assertion

The system that integrating the information systems by using web services should provide a unified identity authentication single sign-on scheme for heterogeneous platforms. This paper introduces the characteristics of Kerberos based single sign-on and SAML based single sign-on. A single sign-on scheme which combines the advantages of the two schemes is designed based on analyzing the advantages and disadvantages of the two schemes. The architecture and the designing approach are also presented. And an application is introduced to analysis the operating process of implementing the scheme. Finally, the security is analyzed.

[1]  Pla Information Security Research on a SAML-based Single Sign-on implement mode , 2007 .

[2]  Audun Jøsang,et al.  A User-centric Federated Single Sign-on System , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[3]  Jason Garman Kerberos: The Definitive Guide , 2003 .

[4]  Ryan Asleson,et al.  Foundations of Ajax , 2006 .

[5]  Gu Shi-wen An improved method of enhancing Kerberos protocol security , 2004 .