«
»

Basic SSO Terminologies

Having understood the basic concepts of security we can now move on to the popular feature SSO i.e. Single Sign On, mainly from a portal perspective because a portal is a web application that provides access to various backend systems each with its own security mechanisms.

Below are some important terms that will be used very often:

  1. Authentication: Authentication is the first step in providing access control, and it involves validating the identity of a user. In a portal environment, authentication may be achieved via user name/password login, validation of a user’s client certificate, or identity validation with a smart card or biometric device. Developing a solution for authentication usually means providing a repository for validating these identities and integrating it with the system. Mutual authentication means proving the identity of both parties involved in communication, and this is done using special security protocols, such as SSL/TLS. Message origin authentication is used to ensure that the message was sent by the expected sender, and that it was not replayed.
  2. Authorization: Once a user’s identity is validated, it is important to know what the user has permission to do. Role-Based Access Control (RBAC) is an important access control strategy. A key component of RBAC is to map roles to permissions, and to map users to roles.
  3. Non-repudiation: It is a security service employed in digital signatures to legally prove that a user has performed a transaction or sent a message. In many business-to-business (B2B) systems whereby thousands of expensive transactions take place, non-repudiation is often an essential requirement. Because digital signatures are based on public key cryptography, the sender of the signed message cannot successfully repudiate the fact that he signed the message—it can be mathematically proven by a third party that the sender indeed signed the message with his or her private key. In a portal scenario, portal may sign a portion of its message to a Web service, and a Web service may sign a portion of its messages. A side effect of digitally signing a document is also integrity. Because the signed message is actually the signature of the hash of the message used for proving integrity, non-repudiation is considered a very strong integrity. XML Signature is a W3C standard used for providing non-repudiation.
Advertisement

This entry was posted on May 26, 2010 at 11:10 am and is filed under SSO. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Basic SSO Terminologies”

  1. Encryption – A basic understanding « Tech_Pa's Blog Says:
    May 26, 2010 at 12:26 pm | Reply

    [...] “Basic SSO Terminologies” defines a few terms that are important in understanding the SSO goal. [...]

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.