Abstract
Web-based interfaces to applications in all domains of university life are surging. Given the diverse demands in and the histories of universities, combined with the rapid IT industry developments, all attempts at a sole all-encompassing platform for single-sign-on (SSO) will remain futile. In this paper, we present an architecture for a meta-SSO, which is able to seamlessly integrate with a wide variety of existing local sign-in and SSO mechanisms. It is therefore an excellent candidate for a university-wide all-purpose SSO system. Among the highlights are: No passwords are ever stored on disk, neither in the browser nor in the gateway; its basics have been implemented in a simple, yet versatile Apache module; and it can help reducing the impact of security problems anywhere in the system. It could even form the basis for secure inter-university collaborations and mutual outsourcing.
BibTeX (Download)
@inproceedings{Gienger2011Polybius, title = {Polybius: Secure Web Single-Sign-On for Legacy Applications}, author = {Pascal Gienger and Marcel Waldvogel}, url = {https://netfuture.ch/wp-content/uploads/2011/gienger11polybius.pdf}, year = {2011}, date = {2011-06-20}, urldate = {1000-01-01}, booktitle = {4. DFN-Forum Kommunikationstechnologien}, abstract = {Web-based interfaces to applications in all domains of university life are surging. Given the diverse demands in and the histories of universities, combined with the rapid IT industry developments, all attempts at a sole all-encompassing platform for single-sign-on (SSO) will remain futile. In this paper, we present an architecture for a meta-SSO, which is able to seamlessly integrate with a wide variety of existing local sign-in and SSO mechanisms. It is therefore an excellent candidate for a university-wide all-purpose SSO system. Among the highlights are: No passwords are ever stored on disk, neither in the browser nor in the gateway; its basics have been implemented in a simple, yet versatile Apache module; and it can help reducing the impact of security problems anywhere in the system. It could even form the basis for secure inter-university collaborations and mutual outsourcing.}, keywords = {Cloud Storage, Identity Management, Security, Trust, Web Applications}, pubstate = {published}, tppubtype = {inproceedings} }