[OpenID] OpenID and SSO
Peter Williams
pwilliams at rapattoni.com
Thu Jun 26 16:59:14 UTC 2008
But note the very bias built into the definition! The fighting has moved on to the wikipedia front, now.
To many folks SSO/CCA is at most an authentication method, not a method of access control. In trusted system evaulation criteria, one MUST distinguish between authentication and access controls. SSO is a variant of the kerberos logon service, there! Others believe its time to discard that distinction, and let an attributed authentication statement act as an access control ticket.
________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Mayukh gon [totuis at yahoo.com]
Sent: Thursday, June 26, 2008 9:44 AM
To: general at openid.net
Subject: [OpenID] OpenID and SSO
The same as what wikipedia describes it:
Single sign-on (SSO) is a method of access control<http://en.wikipedia.org/wiki/Access_control> that enables a user to log in<http://en.wikipedia.org/wiki/Log_in> once and gain access to the resources of multiple software systems without being prompted to log in again. Single sign-off is the reverse process whereby a single action of signing out terminates access to multiple software systems.
As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.
More information about the general
mailing list