Article

Single sign-on for java web start applications using myproxy

Authors:

Von WelchAuthors Info & Claims

SWS '06: Proceedings of the 3rd ACM workshop on Secure web services

Pages 95 - 102

https://doi.org/10.1145/1180367.1180384

Published: 03 November 2006 Publication History

Abstract

Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an authentication scheme other than username/password. Asimple solution for single sign-on involves transmitting a user's password over the network. However, it is undesirable to expose a user's private password in an insecure environment. This paper describes our effort to create "session passwords" which are short-lived passwords transmitted in lieu of a user's private password. Our implementation utilizes the MyProxy X.509 credential service as an authentication service. We demonstrate our solution in the MAEviz application portal, a Java Web Start application for earthquake risk management and analysis.

References

[1]

Automated Learning Group, NCSA, MAEviz Introduction & Tutorial, Sep. 2004. http://algdocs.ncsa.uiuc.edu/TU-20040901-1.pdf

[2]

Basney, J., Humphrey, M., and Welch, V., The MyProxy Online Credential Repository, Software: Practice and Experience, Volume 35, Issue 9, July 2005, pp. 801--816.

Digital Library

[3]

Cantor, S., Hodges, J., Kemp, J., and Thompson, P., Liberty ID-FF Architecture Overview, Version 1.2-errata-v1.0, Liberty Alliance Project Website, 2005. http://www.projectliberty.org/specs

[4]

Counterman, C., Glenn, G., Gollub, R., Norton, M., Severance, C., Speelmon, L., Sakai Java Framework, Version 1.5, Technical Report Sakai Project, Mar. 5, 2005. http://www.sakaiproject.org/

[5]

Elnashai, A.S., Director, MAE Center Launches New Website, Inside MAE, Winter 2006, Vol. 9, No. 1, 2006, p.6. http://mae.cee.uiuc.edu/

[6]

Herrick, A., Java Network Launching Protocol & API Specification (JSR-00056), Java Cummunity Process Website, 2005. http://jcp.org/aboutJava/communityprocess/mrel/jsr056/index2.html

[7]

Housley, R., Polk, W., Ford, W., Solo, D., Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Internet Engineering Task Force Request For Comments 3280, IETF Website, 2002. http://www.ietf.org/rfc/rfc3280.txt

Digital Library

[8]

Khan, F. Simplify Enterprise Java Authentication with Single Sign-on, IBM Website, Sep. 9, 2003. http://www-128.ibm.com/developerworks/java/library/j-gss-sso/

[9]

Marinilli, M., Java Deployment with JNLP and WebStart, Sams Publishing, Indianapolis, IN, 2001.

Digital Library

[10]

Microsoft Corp., Microsoft .NET Passport Review Guide, Jan. 2004. http://www.microsoft.com/net/services/passport/review_guide.asp

[11]

Newman, B.C. and Ts'o, T., Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9):33--38, Sept. 1994.

Digital Library

[12]

Novotny, J., Tuecke, S., and Welch, V., An Online Credential Repository for the Grid: MyProxy, Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, August 2001. http://myproxy.ncsa.uiuc.edu/

Digital Library

[13]

Osbaldeston, R. and Bauer, G., Unofficial Java Web Start/JNLP FAQ: http://lopica.sourceforge.net/faq.html

[14]

Pubcookie Website: http://www.pubcookie.org/

[15]

Schwidder, J., Talbott, T., Myers, J., Bootstrapping to a Semantic Grid, Proceedings of the Semantic Infrastructure for Grid Computing Applications Workshop, IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID), Cardiff, UK, May 9-12, 2005. http://www.scidac.org/SAM/fd

Digital Library

[16]

Shibboleth Website: http://shibboleth.internet2.edu/

[17]

Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M., Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile, Internet Engineering Task Force Request For Comments 3820, IETF Website, 2004. http://www.ietf.org/rfc/rfc3820.txt

Cited By

Basney JGaynor JMarru SPierce MKanewala TDooley RStubbs JLathrop SAlameda J(2014)Integrating Science Gateways with XSEDE SecurityProceedings of the 2014 Annual Conference on Extreme Science and Engineering Discovery Environment10.1145/2616498.2616559(1-2)Online publication date: 13-Jul-2014
https://dl.acm.org/doi/10.1145/2616498.2616559
Sobie RAgarwal AGable ILeavett-Brown CPaterson MTaylor RCharbonneau AImpey RPodiama WChard K(2013)HTC scientific computing in a distributed cloud environmentProceedings of the 4th ACM workshop on Scientific cloud computing10.1145/2465848.2465850(45-52)Online publication date: 17-Jun-2013
https://dl.acm.org/doi/10.1145/2465848.2465850
Kiran LSingh KSood S(2009)A Single Sign-On Model for Web Services Based on Password SchemeProceedings of the 2009 First International Conference on Computational Intelligence, Communication Systems and Networks10.1109/CICSYN.2009.44(308-313)Online publication date: 23-Jul-2009
https://dl.acm.org/doi/10.1109/CICSYN.2009.44
Show More Cited By

Index Terms

Single sign-on for java web start applications using myproxy
1. Information systems
2. Security and privacy
  1. Security services
    1. Authentication

Recommendations

A Novel Distributed Authentication Framework for Single Sign-On Services
SUTC '08: Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)

In this paper we present a novel single sign-on scheme known as Secure Distributed Single Sign-On (SeDSSO). SeDSSO provides secure fault-tolerant authentication using threshold key encryption with a distributed authentication service. The authentication ...
A Single Sign-On Model for Web Services Based on Password Scheme
CICSYN '09: Proceedings of the 2009 First International Conference on Computational Intelligence, Communication Systems and Networks

At present, Internet users authenticate themselves using credentials to access different registered web services. These credentials are vulnerable to security threats in presence of active attackers. This imposes a burden on users to manage their ...
Secure Single Sign-On Schemes Constructed from Nominative Signatures
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Single Sign-on (SSO) allows users to only log on once and then access different services via automatic authentication by using the same credential. However, most existing SSO schemes do not satisfy security notions or require a high trust level on a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SWS '06: Proceedings of the 3rd ACM workshop on Secure web services

November 2006

120 pages

ISBN:1595935460

DOI:10.1145/1180367

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Ernesto Damiani
University of Milan, Italy
,
Alban Gabillon
University of Pau, France

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

November 3, 2006

Virginia, Alexandria, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
767
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Basney JGaynor JMarru SPierce MKanewala TDooley RStubbs JLathrop SAlameda J(2014)Integrating Science Gateways with XSEDE SecurityProceedings of the 2014 Annual Conference on Extreme Science and Engineering Discovery Environment10.1145/2616498.2616559(1-2)Online publication date: 13-Jul-2014
https://dl.acm.org/doi/10.1145/2616498.2616559
Sobie RAgarwal AGable ILeavett-Brown CPaterson MTaylor RCharbonneau AImpey RPodiama WChard K(2013)HTC scientific computing in a distributed cloud environmentProceedings of the 4th ACM workshop on Scientific cloud computing10.1145/2465848.2465850(45-52)Online publication date: 17-Jun-2013
https://dl.acm.org/doi/10.1145/2465848.2465850
Kiran LSingh KSood S(2009)A Single Sign-On Model for Web Services Based on Password SchemeProceedings of the 2009 First International Conference on Computational Intelligence, Communication Systems and Networks10.1109/CICSYN.2009.44(308-313)Online publication date: 23-Jul-2009
https://dl.acm.org/doi/10.1109/CICSYN.2009.44
Tiwari PJoshi S(2009)Single sign-on with one time password2009 First Asian Himalayas International Conference on Internet10.1109/AHICI.2009.5340290(1-4)Online publication date: Nov-2009
https://doi.org/10.1109/AHICI.2009.5340290
Gupta MSharman RBryan D(2009)Enabling Business and Security Through Technology Implementation: A Financial Services Case StudyJournal of Applied Security Research10.1080/193616109029301704:3(322-340)Online publication date: 17-Jul-2009
https://doi.org/10.1080/19361610902930170
Qin AYu HShu CXu BCortes T(2008)XOS-SSHFirst USENIX Workshop on Large-Scale Computing10.5555/1411725.1411726(1-10)Online publication date: 22-Jun-2008
https://dl.acm.org/doi/10.5555/1411725.1411726
Liu SWang WZhu Y(2008)A New-Style Domain Integrating Management of Windows and UNIXProceedings of the 2008 The Ninth International Conference on Web-Age Information Management10.1109/WAIM.2008.36(619-624)Online publication date: 20-Jul-2008
https://dl.acm.org/doi/10.1109/WAIM.2008.36
Dahan MNuthulapati PMock SDooley RHurley PBoisseau J(2008)Increasing TeraGrid User Productivity through Integration of Information and Interactive Services2008 Grid Computing Environments Workshop10.1109/GCE.2008.4738438(1-11)Online publication date: Nov-2008
https://doi.org/10.1109/GCE.2008.4738438
Wen YChen CWang S(2008)Crossing Heterogeneous Grid Systems with a Single Sign-On Scheme Based on a P2P LayerProceedings of the 2008 IEEE Asia-Pacific Services Computing Conference10.1109/APSCC.2008.232(45-51)Online publication date: 9-Dec-2008
https://dl.acm.org/doi/10.1109/APSCC.2008.232
Ionescu FNae VGherega A(2007)Credentials Management for Authentication in a Grid-Based E-Learning PlatformProceedings of the Sixth International Symposium on Parallel and Distributed Computing10.1109/ISPDC.2007.12Online publication date: 5-Jul-2007
https://dl.acm.org/doi/10.1109/ISPDC.2007.12

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents