Single Sign-On in Service-Oriented Computing

  • Kurt Geihs
  • Robert Kalcklösch
  • Andreas Grode
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2910)


Support for Single Sign-On (SSO) is a frequently voiced requirement for Service-Oriented Computing. We discuss SSO strategies and approaches, their requirements and constraints. The two most prominent approaches in this field are presented, i.e. Microsoft Passport and Liberty Alliance. Because implementations of Liberty were not widely available and in order to understand the conceptual implications and practical requirements of SSO we have built our own SSO solution. Its modular and flexible design is compatible with the Liberty specifications. The prototype reveals valuable insights into SSO design and operations.


Service oriented computing security service authentication single sign on 


  1. 1.
    Communications of the ACM 46(6) (June 2003)Google Scholar
  2. 2.
    Apache Software Foundation,
  3. 3.
    CPAN. Comprehensive Perl Archive Network,
  4. 4.
    Dierks, T., Allen, C.: The TLS Protocol Version 1.0 (January 1999)Google Scholar
  5. 5.
    Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0 (November 1996)Google Scholar
  6. 6.
    Kormann, D.P., Rubin, A.D.: Risks of the Passport Single Signon Protocol. Computer Networks 33, 51–58 (2000)CrossRefGoogle Scholar
  7. 7.
    Liberty Alliance. Liberty Architecture Overview Version 1.1 (January 2003)Google Scholar
  8. 8.
    Microsoft. Microsoft .NET Passport Review Guide (March 2003)Google Scholar
  9. 9.
    OASIS. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) v1.1 (July 2003)Google Scholar
  10. 10.
    Pashalidis, A., Mitchell, C.J.: A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Pfitzmann, B.: Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 189–204. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Shirey, R.: RFC: 2828: Internet Security Glossary (May 2000)Google Scholar
  13. 13.
    SUN. Interoperability Prototype for Liberty (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Kurt Geihs
    • 1
  • Robert Kalcklösch
    • 1
  • Andreas Grode
    • 2
  1. 1.Intelligent Networks and Management of Distributed SystemsBerlin University of TechnologyBerlin
  2. 2.DIN IT Service GmbHBerlin

Personalised recommendations