| Web Initial Sign-On | |
| Overview | |
| Web Initial Sign-On (WEB-ISO, sometimes called Single Sign-on)
refers to systems designed to allow users to authenticate to web-based services across many web
servers using a central authentication service. The user does not
have to authenticate (i.e sign-on) multiple times to each
different server or service.
We embrace a model of fewer sign ons rather than single sign-on knowing that different applications have different acceptable levels of risk. A WebISO solution should not be used as an authentication method for sensitive applications like medical records, monetary transactions, and certain student information. We propose providing a single sign-on service for an umbrella set of services with similar levels of risk e.g. the portal.. We are closely following Internet2 Web-ISO efforts in this space to leverage our startup and resource requirements, to contribute to national effort based on our University's needs and to align ourselves with developing cross- institution authentication technologies for information sharing aka as the Shibboleth. |
|
| Project Description | |
| Our initial project approach is to get
the pubcookie login server and the Apache and IIS web server modules in
our environment using netid and password to authenticate using LDAP to
our directory server. Once this evaluation and test environment is
operational, we can begin to test and integrate different types of
applications with the pubcookie modules. At a minimum, our
analysis should yield strengths, weaknesses of the implementation
and a recommendation to proceed or not to proceed with this
architecture. In addition, we will identify areas that must be reworked
and rewritten to accommodate our needs.
If the recommendation is to proceed, we will identify a candidate app to integrate with pubcookie and implement the infrastructure necessary to move the WebISO architecture into production. See project description submitted to e-Infrastructure. Look here for Plan |
|
| PubCookie Evaluation and Test Environment | |
| PubCookie
Review (mod_pubcookie v1.64 and pub_cookie login v1.30 authored
by Ryan Muldoon
Status of our the Pubcookie Test Perl Coding Guidelines authored by Jon Miner |
|
| Other University Single Signon Approaches | |
| UW
Washington Authentication Service (Pubcookie)
Yale's Central Authentication Services (CAS) Ohio State distauth Authentication |
|
| Commercial Single Signon Approaches | |
| Microsoft Passport | |