Difference between revisions of "Authentication Protocols"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
Line 13: Line 13:
  
 
In such an open system it is not often helpful for a user to be signed out of all web sites when they chose to sign out of (say) the purchase of concert tickets.
 
In such an open system it is not often helpful for a user to be signed out of all web sites when they chose to sign out of (say) the purchase of concert tickets.
 +
 +
 +
===Subsequent History===
 +
In the early 2000's Microsoft and other software providers began the process of linking
  
 
==Problems==
 
==Problems==

Revision as of 20:40, 11 July 2018

Full Title or Meme

A collection of Authentication protocols are compared and contrasted.

Context

Since Kerberos was released at MIT in 1999 as a means to allow Single Sign On by students and staff to the variety of systems available at the university. Since then the combination of one user sign on to a variety of different services has been promoted as necessary in the variety of network services now available to users. There are two distinct cases and a wide range of intermediate cases that are addressed by authentication protocols:

Captive users and services

At MIT and at most corporations there is a pre-existing legal agreement that is signed by all users that applies to all services.

In such a closed system in makes sense to allow Single Log Out so that a user can close their connection and go home for the day.

Federated or Open systems of users and services

In such an open system it is not often helpful for a user to be signed out of all web sites when they chose to sign out of (say) the purchase of concert tickets.


Subsequent History

In the early 2000's Microsoft and other software providers began the process of linking

Problems

  • Users do not want to be forced to create a distinct sign-on user name and password (their credentials) at every site they visit.
  • It is proven to be insecure for users to be required to have distinct sign-on credentials as they will generally reuse their credentials at every site possible.
  • Developers select a protocol based on the tools available for implementing the protocols and only later start adding requirements like Single Log Out. As are result they wind up using a protocol that is not designed for the system that they are implementing.

Solutions

Kerberos

SAML

OpenID Connect

References