A Single Sign-On Model for Web Services Based on Password Scheme

Author

Kiran, Lata ; Singh, Kuldip ; Sood, Sandeep

Author_Institution

E & CE Dept., IIT Roorkee, Roorkee, India

fYear

2009

fDate

23-25 July 2009

Firstpage

308

Lastpage

313

Abstract

At present, Internet users authenticate themselves using credentials to access different registered web services. These credentials are vulnerable to security threats in presence of active attackers. This imposes a burden on users to manage their credentials in different ways. This paper outlines a Single Sign-On model that defines user authentication and authorization scheme which makes the system secure against various attacks. There are various authentication schemes proposed that were based on like Kerberos and X.509. It may be difficult to utilize these schemes to modify legacy applications in which only password based authentication can be used. This paper proposes a solution based on Single Sign-On in which the system transmits a userpsilas password securely over the network. The model uses the concept of AAA (Authentication, Authorization, and Accounting) and a credential management scheme where the user has to authenticate itself only once.

Keywords

Web services; authorisation; message authentication; Internet user authentication; Internet user authorization; Internet user credential management; Web services; password based authentication; password scheme; single sign-on model; Computational intelligence; Web services; Authentication; Authorization; Credentials; Secret key exchange; Single Sign-On; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence, Communication Systems and Networks, 2009. CICSYN '09. First International Conference on

Conference_Location

Indore

Print_ISBN

978-0-7695-3743-6

Type

conf

DOI

10.1109/CICSYN.2009.44

Filename

5231957