Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. On corporate networks as well as on the open Web, the huge number of resources and services often requires to multiple log-ons leading to credential proliferation and, potentially, to security leaks. An increasingly widespread approach to simplify and secure the log-on process is Single Sign-On (SSO) that allows automatic access to secondary domains through a single log-on operation to a primary domain. In this paper, we describe the basic concepts of SSO architecture focusing on the central role of open source implementations. We outline three major SSO trust models and the different requirements to be addressed. We then illustrate CAS++, our open source implementation of a Single Sign-On service. Finally, we illustrate the application of CAS++ to a real case study concerning the development of a multi-service network management system. The motivation for our work has been raised in response to the requirements of such case study within the Pitagora project.
CAS++ : an open source single sign-on solution for secure e-services / C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, F. Frati, P. Samarati - In: Security and privacy in dynamic environments : proceedings of the IFIP TC-11 21. International information security conference (SEC 2006) : 22-24 may 2006, Karlstad, Sweden / [a cura di] Simone Fischer-Hübner ... [et al.]. - New York : Springer, 2006. - ISBN 038733405X. - pp. 208-220 (( Intervento presentato al 21. convegno International Information Security Conference (IFIP TC-11) tenutosi a Karlstad, Sweden nel 2006 [10.1007/0-387-33406-8_18].
CAS++ : an open source single sign-on solution for secure e-services
C.A. ArdagnaPrimo
;E. DamianiSecondo
;S. De Capitani di Vimercati;F. FratiPenultimo
;P. SamaratiUltimo
2006
Abstract
Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. On corporate networks as well as on the open Web, the huge number of resources and services often requires to multiple log-ons leading to credential proliferation and, potentially, to security leaks. An increasingly widespread approach to simplify and secure the log-on process is Single Sign-On (SSO) that allows automatic access to secondary domains through a single log-on operation to a primary domain. In this paper, we describe the basic concepts of SSO architecture focusing on the central role of open source implementations. We outline three major SSO trust models and the different requirements to be addressed. We then illustrate CAS++, our open source implementation of a Single Sign-On service. Finally, we illustrate the application of CAS++ to a real case study concerning the development of a multi-service network management system. The motivation for our work has been raised in response to the requirements of such case study within the Pitagora project.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
