Figure 3. Service invocations from and to workspaces
A Secur ty Solut on for Web-Serv ces Based Gr d Appl cat on
Copyright ?© 2007, Idea Group Inc. Copying or distributing in print or electronic forms without written permission
of Idea Group Inc. is prohibited.
Another issue of concern is ???Single Sign-On (SSO)???. Single Sign-On provides a solution if
one user is legitimate on many nodes or holds multiple identities of different organizations.
By means of X.509 certificates, SSO can be achieved. A chain of certificates must be used
in the solution, so a user or the proxy of the user can be verified by the service providers.
The service request can then access the services on behalf of the user who holds the root
certificate of the chain. The authentication is implicit to most of the issuers of PCs and
the root. However, a large number of certificates, including identity certificates and proxy
certificates, might be generated within the systems. The Liberty Alliance project (Liberty,
2003) provides another possible solution. A Liberty-enabled server can integrate all user
identities on behalf of the user. When a user, from a Liberty-compatible organization, firstly
accesses a Liberty-related server, he will be asked if he wants to associate his identity on the
current server within his other identities on other Liberty-related servers.
Pages:
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438