Biblio
Single sign-on (SSO) becomes popular as the identity management and authentication infrastructure in the Internet. A user receives an SSO ticket after being authenticated by the identity provider (IdP), and this IdP-issued ticket enables him to sign onto the relying party (RP). However, there are vulnerabilities (e.g., Golden SAML) that allow attackers to arbitrarily issue SSO tickets and then sign onto any RP on behalf of any user. Meanwhile, several incidents of certification authorities (CAs) also indicate that the trusted third party of security services is not so trustworthy as expected, and fraudulent TLS server certificates are signed by compromised or deceived CAs to launch TLS man-in-the-middle attacks. Various approaches are then proposed to tame the absolute authority of (compromised) CAs, to detect or prevent fraudulent TLS server certificates in the TLS handshakes. The trust model of SSO services is similar to that of certificate services. So this paper investigates the defense strategies of these trust-enhancements of certificate services, and attempts to apply these strategies to SSO to derive the trust-enhancements applicable in the SSO services. Our analysis derives (a) some security designs which have been commonly-used in the SSO services or non-SSO authentication services, and (b) two schemes effectively improving the trustworthiness of SSO services, which are not widely discussed or adopted.
The Google Identity Platform is a system that allows a user to sign in to applications and other services by using a Google account. Google Sign-In is one such method for providing one’s identity to the Google Identity Platform. Google Sign-In is available for Android applications and iOS applications, as well as for websites and other devices. Users of Google Sign-In find that it integrates well with the Android platform, but iOS users (iPhone, iPad, etc.) do not have the same experience. The user experience when logging in to a Google account on an iOS application can not only be more tedious than the Android experience, but it also conditions users to engage in behaviors that put the information in their Google accounts at risk.
The Google Identity Platform is a system that allows a user to sign in to applications and other services by using a Google account. Google Sign-In is one such method for providing one’s identity to the Google Identity Platform. Google Sign-In is available for Android applications and iOS applications, as well as for websites and other devices. Users of Google Sign-In find that it integrates well with the Android platform, but iOS users (iPhone, iPad, etc.) do not have the same experience. The user experience when logging in to a Google account on an iOS application can not only be more tedious than the Android experience, but it also conditions users to engage in behaviors that put the information in their Google accounts at risk.
Single sign-on (SSO) is an identity management technique that provides users the ability to use multiple Web services with one set of credentials. However, when the authentication server is down or unavailable, users cannot access Web services, even if the services are operating normally. Therefore, enabling continuous use is important in single sign on. In this paper, we present security framework to overcome credential problems of accessing multiple web application. We explain system functionality with authorization and Authentication. We consider these methods from the viewpoint of continuity, security and efficiency makes the framework highly secure.