Difference between revisions of "Authentication Protocols"
(→Federated or Open systems of users and services)
|Line 15:||Line 15:|
Revision as of 21:26, 11 July 2018
Full Title or Meme
A collection of Authentication protocols are compared and contrasted.
Since Kerberos was released at MIT in 1999 as a means to allow Single Sign On by students and staff to the variety of systems available at the university, the combination of one user sign on to a variety of different services has been promoted as necessary in the variety of network services now available to users. There are two distinct cases and a wide range of intermediate cases that are addressed by authentication protocols:
Captive users and services
At MIT and at most corporations there is a pre-existing legal agreement that is signed by all users that applies to all services.
In such a closed system in makes sense to allow Single Log Out so that a user can close their connection and go home for the day.
Federated or Open systems of users and services
In such an open system it is not often helpful for a user to be signed out of all web sites when they chose to sign out of (say) the purchase of concert tickets.
Users doe not want to be forced to create a distinct sign-on user name and password at every site they visit.