Towards Single Secure Sign On – Demonstrator
The issues to be addressed
Users in large organisations have to remember multiple passwords to log-on to multiple systems. With the transition from centralised mainframes to distributed systems, and more recently through the use of web sites, there is a proliferation in the number of services requiring separate passwords. Users are finding it cumbersome having to remember all their passwords and having to log on separately to each service they access. Passwords no longer provide the ease of use or the level of security most organisations require.

netproject members believe that there are two issues to be addressed:

  • Providing a simplified way that users can log on to the services for which they have authority;
  • Ensuring the level of security meets the needs of the organisation.

Towards Single Secure Sign On
From the work netproject has done in this area, we accept that creating Single Secure Sign-On (SSSO) for all systems is not realistic nor, for security reasons, is it desirable. However we believe it is possible to demonstrate SSSO for a useful class of computing services. The class of computing being considered is:- Windows NT, UNIX and web sites (Web technology provides separate authentication services).

In this scenario each user will have a consistent user name and password for the services they are authorised to access. This would immediately improve both the usability and security of such systems.

The netproject demonstrator will also implement a system that allows the phased transition to an authentication based on the posession of a card and a secret. The aim would be to implement the best system using currently available technologies. In this way, an organisation could create a phased transition to a more secure single sign on system, which ensures that users can legally be held accountable for their actions.

netproject will evaluate the use of digital certificates, certificate authoritites, smart cards and revocation processes while building the demonstrator and will use those technologies that are practicable within the project timescales.

Technical Details
In the interests of brevity, technical details of the proposed direction of the demonstrator are explored in a companion document: Demonstrator of "Single Secure Sign On – Technical Issues"

Deliverables

  • Presentation:- Slide presentation explaining the architecture and technical details.
  • HOWTO:-        A detailed technical document describing the set-up of the demonstrator, the technologies that have been used and the design and implementation issues that had to be addressed.
  • Web Site:-      The above documentation will be published to netproject members on the Internet.
  • Workshop:-     A one day workshop where the above presentation will be given to netproject members with hands on experience working with the Single Secure Sign On demonstrator. A round table discussion will be held on the way forward.