Single Sign On
Classification Key
: Exterior Security, Spoofing
Problem
Many transactions involve invocations of multiple services in a distributed environment. Re-authenticating for every new service request is painful for an end-user because the user is going through a single transaction.
How can the user be relieved of re-authentication after he successfully authenticates once?
Solution
Create an authenticated session that keeps track of users authenticated identity through the duration of a transaction. Provide the user with some credentials that he can present with every new service request. Authenticate the user the first time he requests access. Timestamp the credentials and associate a validity period to the credentials so that the users cannot use the credentials forever.
Known Uses
RBL and RHSBL List used in Postfix to filter spam coming from known blacklisted IP addresses.
Related Patterns
Single Sign On Delegator
Source
Kienzle et. al. Repository
Tags
Single Sign On, Federation
|