Single Sign-On: A Solution Approach to Address Inefficiencies During Sign-Out Process
Autor: | Dilip Sarkar, Lokesh Ramamoorthi |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2020 |
Předmět: |
General Computer Science
single sign-on Computer science information security Cross-site scripting 02 engineering and technology identity provider Identity provider 020204 information systems service provider 0202 electrical engineering electronic engineering information engineering Web application General Materials Science Session (computer science) Vulnerability (computing) Authentication business.industry General Engineering Authorization Information security Browser security authorization 020201 artificial intelligence & image processing Single sign-on lcsh:Electrical engineering. Electronics. Nuclear engineering business lcsh:TK1-9971 Computer network |
Zdroj: | IEEE Access, Vol 8, Pp 195675-195691 (2020) |
ISSN: | 2169-3536 |
Popis: | In a Single Sign-on (SSO) environment, an Identity Provider (IDP) authenticates a user for the first Service Provider (SP). The IDP creates an active IDP session and stores its information in the user’s web browser. Each SP also creates and maintains one active service session. Using state-transition diagrams, we illustrate sign-in and sign-out processes. An information security vulnerability situation is created because users are unaware of an active IDP session in the user’s browser and signs-out only from SP sessions. One solution to this problem is educating users. Another solution is to implement the SSO that ensures the termination of the IDP session as soon as user signs-out from all services that the IDP authenticated. The first solution appears to be simple, but practically an impossible task to educate millions of web based SSO users worldwide. The second solution is better because one good implementation solves the problem for all users. In this article, we propose several solutions for terminating the hidden active IDP session. Also, we review the data storage-methods commonly used for storing information of SP and IDP sessions in the browsers. Moreover, we propose a browser extension for conveniently and efficiently managing active SP and IDP sessions. In our proposed browser extension, we have recommended IndexedDB browser storage for storing active session information. We believe our proposed browser extension is simple, but efficient solution for eliminating hidden active IDP session. |
Databáze: | OpenAIRE |
Externí odkaz: |