Open Source in Web-Based Applications: A Case Study on Single Sign-On

Open Source in Web-Based Applications: A Case Study on Single Sign-On

Claudio Agostino Ardagna (Università degli Studi di Milano, Italy), Fulvio Frati (Università degli Studi di Milano, Italy) and Gabriele Gianini (Università degli Studi di Milano, Italy)
DOI: 10.4018/978-1-60566-418-7.ch006
OnDemand PDF Download:


Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. In such a context, Single Sign-On technologies simplify the log-on process allowing automatic access to secondary domains through a unique log-on operation to the primary domain. In this paper, we evaluate different Single Sign-On implementations focusing on the central role of Open Source in the development of Web-based systems. We outline requirements for Single Sign-On systems and evaluate four existing Open Source implementations in terms of degree of fulfilment of those requirements. Finally we compare those Open Source systems with respect to some specific Open Source community patterns.
Chapter Preview


The global information infrastructure connects remote parties, such as users and resources, through the use of large scale networks. Many companies focus on developing e-services, business, and recreational activities, such as e-government services, remote banking, and airline reservation systems (Feldman, 2000; Damiani, Grosky, & Khosla, 2003). In such a context, where the huge number of resources and services accessible on the Web leads to multiple log-on processes and identity profiles, a solution is needed to give to the users at least the illusion of having a single identity and a single set of credentials.

Furthermore, several regulations affecting e-services, such as the Sarbanes Oxley (SOX) directive and the Health Insurance Portability and Accountability Act (HIPAA), mandate provisions for maintaining the integrity of user profile data as an essential component of an effective security policy. HIPAA, for example, explicitly states that the companies are required to assign a unique profile for tracking user identities to each user. Also, it mandates procedures for creating, changing, and safeguarding profiles. Traditional authentication policies do not even come close to fulfilling these requirements. Single Sign-On (SSO) (De Clercq, 2002) systems are aimed at simplifying log-on process, managing the multiple identities of each user, and presenting their credentials to network applications for authentication.

In the following, we put forward the idea of enriching existing e-services with a fully functional Open Source Single Sign-On (Buell & Sandhu, 2003) solution, allowing users to manage a single identity to access systems and resources. The motivation for focusing on Open Source software is that it is increasingly adopted as an alternative to proprietary solutions.

Many Web-based projects, in fact, are affected by budget, transparency, vendor lock-in, integration, and interoperability limitations that represent major crucial problems. The adoption of an Open Source approach can overcome these limitations. First, Open Source Software, although not necessarily free, is in most cases cheaper than proprietary software. Second, Open Source Software often adheres to open standards and it is conducted in public forums. Then, Open Source paradigm also guarantees supplier independence and avoids the lock-in problem: a lock-in situation, in fact, arises when software is proprietary; with Open Source Software data are not stored in a proprietary format, and it is possible for users to change between several different systems and suppliers. Finally, customization and re-use are simply addressable because source code is freely available and modifiable. Based on the above proprietary solution limitations, we can suggest that an important nonfunctional requirement for Web-based system could be implementing the entire application following the Open Source approach.

However, experience has shown that in some deployed systems based on Open Source operating system platforms a substantial amount of the application code, mostly used for access control and authentication related features, may belong to a proprietary application server (Ardagna, Damiani, Frati, & Montel, 2005). SSO systems need to be carefully operated to avoid becoming a single failure point for the whole infrastructure.

In this article, we describe a general model for Single Sign-On architectures focusing on the central role of Open Source implementations. We delineate a set of requirements that Single Sign-On solutions should satisfy and then evaluate four different fully functional Open Source Single Sign-On implementations: our system, called CAS++, developed as an extension to Yale University’s CAS (Aubry, Mathieu, & Marchal, 2004; Central Authentication Service, 2003), the Liberty Alliance implementation named SourceID (Liberty Alliance Project, 2004; SourceID, 2005), Shibboleth (Shibboleth Project, 2004), and finally Java Open Single Sign-On (JOSSO) (Java Open Single Sign-On Project, 2005). The analysis is finally summarized in a comparison table.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Chapter 1
Olivier Berger, Christian Bac, Benoît Hamet
Libre software provides powerful applications ready to be integrated for the build-up of platforms for internal use in organizations. We describe... Sample PDF
Integration of Libre Software Applications to Create a Collaborative Work Platform for Researchers at GET
Chapter 2
James Howison, Megan Conklin, Kevin Crowston
This paper introduces and expands on previous work on a collaborative project, called FLOSSmole (formerly OSSmole), designed to gather, share and... Sample PDF
FLOSSmole: A Collaborative Repository for FLOSS Research Data and Analyses
Chapter 3
Luis López-Fernández, Gregorio Robles, Jesus M. Gonzalez-Barahona, Israel Herraiz
Source code management repositories of large, long-lived libre (free, open source) software projects can be a source of valuable data about the... Sample PDF
Applying Social Network Analysis Techniques to Community-Driven Libre Software Projects
Chapter 4
Walt Scacchi, Chris Jensen, John Noll, Margaret Elliott
Understanding the context, structure, activities, and content of software development processes found in practice has been and remains a challenging... Sample PDF
Multi-Modal Modeling, Analysis, and Validation of Open Source Software Development Processes
Chapter 5
B. B. Rossi, M. Scotto, A. Sillitti, G. Succi
The aim of the paper is to report the results of a migration to Open Source Software (OSS) in one Public Administration. The migration focuses on... Sample PDF
An Empirical Study on the Migration to in a Public Administration
Chapter 6
Claudio Agostino Ardagna, Fulvio Frati, Gabriele Gianini
Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services... Sample PDF
Open Source in Web-Based Applications: A Case Study on Single Sign-On
Chapter 7
Qusay H. Mahmoud, Zakaria Maamar
Conventional desktop software applications are usually designed, built, and tested on a platform similar to the one on which they will be deployed... Sample PDF
Engineering Wireless Mobile Applications
Chapter 8
G. Sivaradje, R. Nakkeeran, P. Dananjayan
In this paper, a novel prediction technique is proposed, which uses road topology information for prediction. The proposed scheme uses real time... Sample PDF
A Prediction Based Flexible Channel Assignment in Wireless Networks using Road Topology Information
Chapter 9
Hesham A. Ali, Tamer Ahmed Farrag
Due to the rapidly increasing of the mobile devices connected to the internet, a lot of researches are being conducted to maximize the benefit of... Sample PDF
High Performance Scheduling Mechanism for Mobile Computing Based on Self-Ranking Algorithm (SRA)
Chapter 10
Khaldoon Al-Zoubi
This paper proposes hierarchal scheduling schemes for Grid systems: a self-discovery scheme for the resource discovery stage and an adaptive child... Sample PDF
Hierarchical Scheduling in Heterogeneous Grid Systems
Chapter 11
Amjad Mahmood, Taher S.K. Homeed
Object replication is a well-known technique to improve performance of a distributed Web server system. This paper first presents an algorithm to... Sample PDF
Object Grouping and Replication on a Distributed Web Server System
Chapter 12
Saher S. Manaseer, Mohamed Ould-Khaoua, Lewis M. Mackenzie
In wireless communication environments, backoff is traditionally based on the IEEE binary exponential backoff (BEB). Using BEB results in a high... Sample PDF
On the Logarithmic Backoff Algorithm for MAC Protocol in MANETs
Chapter 13
Xunhua Wang, David Rine
Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, the... Sample PDF
Secure Online DNS Dynamic Updates: Architecture and Implementation
Chapter 14
Osama H.S. Khader
In mobile ad hoc networks, routing protocols are becoming more complicated and problematic. Routing in mobile ad hoc networks is multi-hop because... Sample PDF
FSR Evaluation Using the Suboptimal Operational Values
Chapter 15
Suet Chun Lee
Software product line (SPL) is a software engineering paradigm for software development. A software product within a product line often has specific... Sample PDF
Modeling Variant User Interfaces for Web-Based Software Product Lines
Chapter 16
M. Brian Blake, Lisa Singh, Andrew B. Williams, Wendell Norman, Amy L. Sliva
Organizations are beginning to apply data mining and knowledge discovery techniques to their corporate data sets, thereby enabling the... Sample PDF
Experience Report: A Component-Based Data Management and Knowledge Discovery Framework for Aviation Studies
Chapter 17
A. F. Tappenden, T. Huynh, J. Miller, A. Geras, M. Smith
This article outlines a four-point strategy for the development of secure Web-based applications within an agile development framework and... Sample PDF
Agile Development of Secure Web-Based Applications
Chapter 18
D. Xuan Le, J. Wenny Rahayu, David Taniar
This paper proposes a data warehouse integration technique that combines data and documents from different underlying documents and database design... Sample PDF
Web Data Warehousing Convergence: From Schematic to Systematic
Chapter 19
Haya El-Ghalayini, Mohammed Odeh, Richard McClatchey
This paper studies the differences and similarities between domain ontologies and conceptual data models and the role that ontologies can play in... Sample PDF
Engineering Conceptual Data Models from Domain Ontologies: A Critical Evaluation
Chapter 20
John D. Ferguson, James Miller
It is now widely accepted that software projects utilizing the Web (e-projects) face many of the same problems and risks experienced with more... Sample PDF
Modeling Defects in E-Projects
Chapter 21
Jaime Gomez, Alejandro Bia, Antonio Parraga
This paper describes the engineering foundations of VisualWADE, a CASE tool to automate the production of Web applications. VisualWADE follows a... Sample PDF
Tool Support for Model-Driven Development of Web Applications
About the Editors