Now Offering a 50% Discount When a Minimum of Five Titles in Related Subject Areas are Purchased TogetherAlso, receive free worldwide shipping on orders over US$ 395.(This offer will be automatically applied upon checkout and is applicable to print & digital publications)Browse Titles

Special Offers
- Receive a 50% Discount When a Minimum of Five Titles are Purchased Together
  This 50% discount is automatically applied upon checkout and is only applicable when five or more reference books and scholarly journals are ordered. Discount valid on purchases made directly through IGI Global’s Online Bookstore (www.igi-global.com) and cannot be combined with any other discount. It may not be used by distributors or book sellers and the offer does not apply to databases. Exclusions of select titles may apply.
  Browse Titles
- IGI Global Converts Over 30+ Journals to Full Gold Open Access (OA)
  With access to digital resources and OA content being critical during this time, IGI Global has converted 30 journals to full Gold OA. IGI Global OA provides a quality, expediate, high-quality OA publishing process, flexible funding options, and more, which allows researchers to benefit from freely and immediately sharing their peer-reviewed research with the world.
  Learn More
- Additional Source of OA Funding When Your Institution Invests in IGI Global’s e-Collections
  When an institution invests in IGI Global’s e-Book and/or e-Journal Collections, IGI Global will match the library’s investment with a fund of equal value to go toward subsidizing the OA article processing charges (APCs) for faculty at that institution when their work is submitted and accepted under OA (following peer review) into an IGI Global journal.
  Learn More
- Reduced Research Anthology Pricing
  Based on the increased interest in our Research Anthologies line from last year and understanding current budgetary limitations, IGI Global is reducing the price of our multi-volume Research Anthologies up to 50%. These publications are ideal for accommodating library budgets, as they contain hand-selected research content of the highest quality.
  Learn More
- Receive Complimentary Electronic Access to the First, Second, Third, and Fourth Edition of the
  Encyclopedia of Information Science and Technology with the Purchase of the Fifth Edition
  For a limited time, receive the complimentary e-books for the first, second, third, and fourth editions with the purchase of the Encyclopedia of Information Science and Technology, Fifth Edition e-book*. Offer is only valid when purchasing the fifth edition’s hardcover + e-book or e-book only option directly through IGI Global’s Online Bookstore (www.igi-global.com/books) and is not intended for use by book distributors or wholesalers. Contact Customer Service, cust@igi-global.com, for details. Offer expires July 1, 2021.
  Learn More
- Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
- Receive Free Shipping on Orders Over US$ 395.00
  Free shipping will be automatically applied to shopping cart orders over US$ 395.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning e-Book and e-Journal Collections.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Recent Developments in Simplified Sign-On

Kevin Curran (University of Ulster, UK), Jennifer Caldwell (University of Ulster, UK), Declan Walsh (University of Ulster, UK) and Marcella Gallacher (University of Ulster, UK)

Source Title: Digital Business Security Development: Management Technologies

DOI: 10.4018/978-1-60566-806-2.ch003

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Authentication is the process of determining whether a user is to be granted access and verifying that they are whom they claim to be. This is generally done via a login system; typically consisting of a user ID and a corresponding password. An intrinsic weakness of this system of authentication is that passwords are easily forgotten, accidentally revealed, can be second guessed, or even stolen. Users today have multiple email accounts; manage their financial affairs, buy, and even sell regularly online. Many sites offer the opportunity to sign up. This can be problematic for managing usernames and passwords and it encourages insecure practices, such as writing them down, storing them electronically, or reusing the same login data on multiple Web sites repeatedly. One of the most common online security issues faced today is that every Web site has its own diverse authentication system that significantly heightens the probability of online crime, such as fraud and identity theft and, furthermore, can compromise the privacy of the individual. A common network identity-verification method is Simplified Sign-On, which allows users to roam between sites without having to repeatedly enter identifying information. Privacy of user’s information should be maintained, as only relevant details are passed on to other sites. A number of organizations are already taking Simplified Sign-On on board and have had successful outcomes using this type of system. Some companies, such as Microsoft Passport, have used a Single Sign-On password system but they have had security and privacy issues after the launch. The future for most, if not all, users may be a secure and private single logon to access different sites and accounts on the Internet via Simplified Sign-On. This paper discusses Simplified Sign-On in more detail.

Chapter Preview

Top

Introduction

Plain old authentication can be defined in many ways but perhaps the simplest and most relevant definition to most computer users is a security measure for checking a network user's identity. Even in today’s world of digital certificates and biometrics, authentication most typically takes the form of a username and password. Figure 1 shows a standard authentication process. Note that this is Basic authentication, wherein the Web server prompts for a username and password. Other common Web authentication types are Anonymous (no authentication required) and Integrated (currently logged in authentication details automatically checked to see if the user can access the resource). Simplified Sign-On is the concept of allowing users to move from one Web site to another on the Web without having to enter identifying information numerous times (see Figure 2). A person would enter, for example, a username and password, at the start of a network session, and this authentication information would be automatically passed to each Web site they visit thereafter. A network session might be when a user connects to the Internet or opens a Web browser. The rationale behind Simplified Sign-On is obvious; the growth of the Web has led to people having to manage a host of usernames and passwords for Web sites. An average Web user now shops online, pursues hobbies online, manages their bank accounts online, and communicates online using email, instant messaging and photo-sharing (Perry, 2006). The list is lengthy and almost all of these require authentication, usually in the form of a username and password. For many users, a single sign-on would be welcome. Listed below are some of the obvious benefits of Simplified Sign-On.

Figure 1.

Authentication on the Web

Figure 2.

Simplified Sign-On on the Web

•
More convenient for the user as they have to remember only one username and password.
•
Security issues reduced as the user should not have to write down the one username/password.
•
With only one authentication system, there is less chance of having the password stolen.
•
As the user has to logon only once, there is faster access to different sites.
•
There should be a continuous link to different sites.
•
The system is managed centrally.

As well as speed and convenience, Simplified Sign-On also offers improved security. Web users no longer have to remember and manage countless logons (making them more vulnerable to fraud) and organizations have less responsibility for the security and privacy of peoples’ authentication (and personal) information. The balkanization of today’s online identity-verifying systems is a big part of the Internet’s fraud and security crisis. Improving and maintaining people’s trust in the internet is critical to its survival as a useful, thriving entity (Talbot, 2006). Also, if authentication is consolidated in one session or authority, Web users only need to share their personal information once instead of giving numerous copies of that information to multiple third parties. This means greater privacy for users and less risk of personal information being accessed. Many companies have already encountered these issues on an organizational scale; workers use numerous systems and have to manage authentication for each of them. This causes a lot of inconvenience to users, I.T. resources are wasted resetting passwords and administering user accounts, and security can be compromised by users writing down usernames and passwords because they cannot remember them. As a result, many organizations have implemented Simplified Sign-On that allows workers (or students, or customers) to log in once, in order to access all the systems they use. Scaling up this kind of solution to something as vast and heterogeneous as the Web is a challenge.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Recent Developments in Simplified Sign-On

Abstract

Introduction

Complete Chapter List