SSO authentication: a new approach

Guy Rixon gtr at ast.cam.ac.uk
Wed Mar 9 09:10:14 PST 2005


Hi everybody!

The 2004 discussions of single-sign-on authentication stalled due to
disagreements and misunderstanding about the trust model. Since then, there
have been other discussions about this (in AstroGrid and in EuroVO-VOTech and
among the GWS members discussing VOStore). From this, I've synthesized a trust
model that seems to work and which defines the architecture of an SSO system
that we could use. Here's the initial document:

  http://wiki.astrogrid.org/bin/view/Astrogrid/TrustModelForVO

(VOTech and AG people: it's compatible with what I said at the DS-3 meeting.)

(VOStore people: it's a poshed-up version of what we discussed earlier this
week.)

If this finds favour, then I'll write it up as an IVOA document.

It would be good if we could get some consensus on this trust model and
excellent if it could be agreed by or during the Kyoto interop.

Please note that the trust model sets the requirements for the SSO protocols.
Until we sort out the trust model we can't sort out SSO.

Cheers,
Guy

Guy Rixon 				        gtr at ast.cam.ac.uk
Institute of Astronomy   	                Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523



More information about the grid mailing list