University of Twente Student Theses


Balancing security and usability in Web Single Sign-On

Ahmed, A.B.H. (2020) Balancing security and usability in Web Single Sign-On.

[img] PDF
Abstract:Web Single Sign-On (SSO) systems enable users to access multiple enterprise services by authenticating once to the enterprise Identity Provider (IdP). Although SSO improves usability, the current SSO implementations work on a per-user-application basis. This means that users still need to authenticate for every application they use on the same device. Moreover, Web SSO systems rely on Multi-Factor Authentication (MFA) to achieve a high-level of security, while requiring MFA for each used application leads to frequent user annoyance. The thesis addresses this problem by proposing a novel method for synchronizing authentication information across local applications. This is achieved by using a local agent that acts as a local IdP for local applications and as a local application to the main IdP. Furthermore, current SSO implementations do not provide a mechanism for the IdP to synchronously push security updates (e.g., a change of authorization) to Service Providers (SPs) without terminating the session. We address this problem by proposing a novel SSO authentication mechanism that allows the IdP to synchronously update the current user authorization with no need for session termination (if not necessary).
Item Type:Essay (Master)
Cisco Systems Netherlands, Amsterdam, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page