Single Sign-On Using Cookies for Web Applications
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Secure authentication system for public WLAN roaming
Proceedings of the 1st ACM international workshop on Wireless mobile applications and services on WLAN hotspots
GSABA: a generic service authorization architecture
Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture
A network access control approach based on the AAA architecture and authorization attributes
Journal of Network and Computer Applications
Use of XACML Policies for a Network Access Control Service
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Bootstrapping a global SSO from network access control mechanisms
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Hi-index | 0.00 |
Over the last decade, several international initiatives have tried to provide different solutions to a common issue: resource sharing among several institutions. Some have been mainly designed for Web resources or computing resources, like Grid Computing environments, or even for network access for roaming users. A common aspect in most of those approaches is the management of identities, that is, the representation of the information related to specific individuals or other entities and its use for authentication and authorization purposes. However, since the different solutions are focused on different application scenarios (Web, Grid, and network) it has been really difficult to create a unified point of view (cross-layer) for identity management and, therefore, mechanisms like Single Sign On (SSO) across different layers are considered to be a main gap in current efforts. In this article, we present an architecture based on an existing solution for roaming in educational environments (eduroam). The architecture is able to provide what has been called a unified SSO mechanism, that is, once the users have been authenticated during the network access, they are enabled to obtain protected resources at higher layers (like Web resources) without further re-authentication. Additionally, we include a performance analysis to illustrate the feasibility of this architecture, which has been tested in a real production environment like eduroam.