Analysis of liberty single-sign-on with enabled clients

Web single-sign-on protocols-such as Microsoft passport, Oasisʹs security assertion markup language (SAML), and the Internet2 project Shibboleth, aim to solve security problems by letting individuals log in to many Internet services while authenticating only once, or at least always in the same way. Enterprises hope that single-sign-on protocols will significantly decrease customer-care costs due to forgotten passwords and increase e-commerce transactions by enhancing the user experience. Commercial interest centers on distributed enterprises and on small federations of enterprises with existing business relationships, such as supply chains. We concentrate on the liberty-enabled client and proxy (LECP) profile. The LECP protocol assumes a special protocol-aware client (the enabled client). We also consider the design of security protocols based on XML and Web services.