Abstract

Over the last decade, several international initiatives have tried to provide different solutions to a common issue: resource sharing among several institutions. Some have been mainly designed for Web resources or computing resources, like Grid Computing environments, or even for network access for roaming users. A common aspect in most of those approaches is the management of identities, that is, the representation of the information related to specific individuals or other entities and its use for authentication and authorization purposes. However, since the different solutions are focused on different application scenarios (Web, Grid, and network) it has been really difficult to create a unified point of view (cross-layer) for identity management and, therefore, mechanisms like Single Sign On (SSO) across different layers are considered to be a main gap in current efforts. In this article, we present an architecture based on an existing solution for roaming in educational environments (eduroam). The architecture is able to provide what has been called a unified SSO mechanism, that is, once the users have been authenticated during the network access, they are enabled to obtain protected resources at higher layers (like Web resources) without further re-authentication. Additionally, we include a performance analysis to illustrate the feasibility of this architecture, which has been tested in a real production environment like eduroam.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.