Authentication: Single-Sign-On (SSO)

Single sign-on authentication means that you login once to a VO site or service and can then access any other VO site or service without repeating the authentication process. Conventional wisdom is that this should be done with digital signatures, but the standards for these signatures allow many different approaches. A specification for the authentication mechanisms that the VO should use is now an IVOA Recommendation.

Specification

The next aspects of the security infrastructure to consider are the delegation mechanism and community services and trust model:

• Credential Delegation Protocol v1.0
• Draft of specification for trust model and community operations.

Discussion

• Discussion page for the v1.0 specifications
• Discussion page for the v2.0 specifications
• Discussion page for the SSO Next Generation

History

• Original SingleSignOnProposal
• IVOA note introducing the profiles.
• V0.2 draft of authentication-mechanism standard
• V0.3 draft of authentication-mechanism standard
• PR version of authentication-mechanism standard
• Delegation protocol v0.1

Related material

• Review of the Shibboleth system.
• Proposed security architecture
• Registry metadata relating to security: initial proposal