Abstract—Single sign-on (SSO) systems allow to solve the following problem: how to store and to use a large amount of authentication information (e. g. username and password pairs) to gain access to different resources. SSO systems can be divided into two main types. One of them is pseudo-SSO systems. Their main feature is that they simply act by the following scheme: first, the pseudo-SSO component authenticates a user once; second, when the user requires any service of the covered system, the pseudo-SSO component uses certain user’s data required to gain access to the desirable service. In this paper we propose a generalized scheme of data interchanging among users and SSO modules with specifics of pseudo-SSO systems. We describe relations between pseudo-SSO component’s datasets required to perform SSO functions. Also we discuss that the single entry point to the secured system (such as a pseudo-SSO component) raises extra security problems.
Index Terms—SSO, pseudo-SSO systems, authentication.
Dr. S. Panasenko, head of software development, ANCUD Ltd., Moscow, Russia (e-mail: serg@panasenko.ru).
[PDF]
Cite: Sergey Panasenko, "A Generalized Pseudo-SSO Scheme,"
International Journal of Computer Theory and Engineering vol. 3, no. 4, pp. 571-574, 2011.
