Abstract
Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. On corporate networks as well as on the open Web, the huge number of resources and services often requires to multiple log-ons leading to credential proliferation and, potentially, to security leaks. An increasingly widespread approach to simplify and secure the log-on process is Single Sign-On (SSO) that allows automatic access to secondary domains through a single log-on operation to a primary domain. In this paper, we describe the basic concepts of SSO architecture focusing on the central role of open source implementations. We outline three major SSO trust models and the different requirements to be addressed. We then illustrate CAS++, our open source implementation of a Single Sign-On service. Finally, we illustrate the application of CAS++ to a real case study concerning the development of a multi-service network management system. The motivation for our work has been raised in response to the requirements of such case study within the Pitagora project.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Anisetti, V. Bellandi, E. Damiani, M. Montel, and S. Reale. Open Source Electromagnetic Field Monitoring as e-Government Service. Proc. of the International Symposium on Telecommunications, Shiraz, Iran, September 2005.
M. Anisetti, V. Bellandi, E. Damiani, and S. Reale. Localize and tracking of mobile antenna in urban environment. Proc. of the International Symposium on Telecommunications, Shiraz, Iran, September 2005.
C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, and P. Samarati. Towards Privacy-Enhanced Authorization Policies and Languages. Proc. of the 19th IFIP WG11.3 Working Conference on Data and Application Security, Nathan Hale Inn, University of Connecticut, Storrs, USA, August 2005.
C.A. Ardagna, E. Damiani, F. Frati, and M. Montel. Using Open Source Middleware for Securing e-Gov Applications. Proc. of the First International Conference on Open Source Systems (OSS 2005), Genova, Italy.
P. Aubry, V. Mathieu, and J. Marchal. ESUP-Portal: open source Single Sign-On with CAS (Central Authentication Service). Proc. of EUNIS04-IT Innovation in a Changing World, Bled (Slovenia), July 2004
C. Bettini, S. Jajodia, X. Sean Wang, and D. Wijesekera. Provisions and obligations in Policy Management and Security Applications. Proc. of the 28th VLDB Conference, Honk Kong, China, 2002.
D.A. Buell, and R. Sandhu. Identity Management. IEEE Internet Computing, November–December 2003.
Central Authentication Service, http://jasigch.princeton.edu: 9000/display/CAS
A. Corallo, M. Cremonini, E. Damiani, S. De Capitani di Vimercati, G. Elia, and P. Samarati. Security, Privacy, and Trust in Mobile Systems. Mobile and Wireless Systems Beyond 3G: Managing New Business Opportunities, Idea Group Inc., (2005).
S. De Capitani di Vimercati, and P. Samarati. Access control: Policies, models, and mechanisms, Foundations of Security Analysis and Design, 2001.
J. De Clercq. Single sign-on architectures. International Conference on Infrastructure Security (InfraSec 2002), Bristol, UK, October 2002.
S. Feldman. The Changing Face of e-Commerce. IEEE Internet Computing, 4(3):82–84, May/June (2000).
B. Galbraith et al. Professional Web Services Security. Wrox Press, 2002.
F. Hao, R. Anderson, and J. Daugman. Combining cryptography with biometrics effectively. Technical report, Cambridge University-Computer Laboratory Technical Report UCAM-CL-TR-640.
Java Open Single Sign-On (JOSSO), http://www.josso.org/.
R. Khosla, E. Damiani, and W. Grosky. Human-Centered E-Business. Kluwer Academic Publishers, Massachusetts, USA, 315 pages, April 2003.
Liberty Alliance Project, http://www.projectliberty.org/
PRIME (Privacy and Identity Management for Europe), http://www. prime-project.eu.org.
Shibboleth Project, http://shibboleth.internet2.edu/.
Single Sign-On, The Open Group, http://www.opengroup.org/security/sso/.
SourceID Open Source Federated Identity Management, http://www.sourceid. org/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Frati, F., Samarati, P. (2006). CAS++: An Open Source Single Sign-On Solution for Secure e-Services. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_18
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)