Single sign-on for Java Web Start applications using MyProxy

Terry Fleury; James Alan Basney; Von Welch

doi:10.1145/1180367.1180384

Single sign-on for Java Web Start applications using MyProxy

Terry Fleury, James Alan Basney, Von Welch

National Center for Supercomputing Applications (NCSA)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an authentication scheme other than username/password. A simple solution for single sign-on involves transmitting a user's password over the network. However, it is undesirable to expose a user's private password in an insecure environment. This paper describes our effort to create " session passwords" which are short-lived passwords transmitted in lieu of a user's private password. Our implementation utilizes the MyProxy X.509 credential service as an authentication service. We demonstrate our solution in the MAEviz application portal, a Java Web Start application for earthquake risk management and analysis.

Original language	English (US)
Title of host publication	Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Pages	95-101
Number of pages	7
DOIs	https://doi.org/10.1145/1180367.1180384
State	Published - Dec 1 2006
Event	3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 - Alexandria, VA, United States Duration: Oct 30 2006 → Nov 3 2006

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Country	United States
City	Alexandria, VA
Period	10/30/06 → 11/3/06

Keywords

Grid portals
Session passwords
Single sign-on

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/1180367.1180384

Fingerprint Dive into the research topics of 'Single sign-on for Java Web Start applications using MyProxy'. Together they form a unique fingerprint.

Cite this

Fleury, T., Basney, J. A., & Welch, V. (2006). Single sign-on for Java Web Start applications using MyProxy. In Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 (pp. 95-101). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1180367.1180384

Single sign-on for Java Web Start applications using MyProxy. / Fleury, Terry; Basney, James Alan; Welch, Von.

Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06. 2006. p. 95-101 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Fleury, T, Basney, JA & Welch, V 2006, Single sign-on for Java Web Start applications using MyProxy. in Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06. Proceedings of the ACM Conference on Computer and Communications Security, pp. 95-101, 3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06, Alexandria, VA, United States, 10/30/06. https://doi.org/10.1145/1180367.1180384

Fleury T, Basney JA, Welch V. Single sign-on for Java Web Start applications using MyProxy. In Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06. 2006. p. 95-101. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1180367.1180384

@inproceedings{f025aed9c794499e9caa15145619dbff,

title = "Single sign-on for Java Web Start applications using MyProxy",

abstract = "Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an authentication scheme other than username/password. A simple solution for single sign-on involves transmitting a user's password over the network. However, it is undesirable to expose a user's private password in an insecure environment. This paper describes our effort to create {"} session passwords{"} which are short-lived passwords transmitted in lieu of a user's private password. Our implementation utilizes the MyProxy X.509 credential service as an authentication service. We demonstrate our solution in the MAEviz application portal, a Java Web Start application for earthquake risk management and analysis.",

keywords = "Grid portals, Session passwords, Single sign-on",

author = "Terry Fleury and Basney, {James Alan} and Von Welch",

year = "2006",

month = dec,

day = "1",

doi = "10.1145/1180367.1180384",

language = "English (US)",

isbn = "1595935460",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "95--101",

booktitle = "Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06",

note = "3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 ; Conference date: 30-10-2006 Through 03-11-2006",

}

TY - GEN

T1 - Single sign-on for Java Web Start applications using MyProxy

AU - Fleury, Terry

AU - Basney, James Alan

AU - Welch, Von

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an authentication scheme other than username/password. A simple solution for single sign-on involves transmitting a user's password over the network. However, it is undesirable to expose a user's private password in an insecure environment. This paper describes our effort to create " session passwords" which are short-lived passwords transmitted in lieu of a user's private password. Our implementation utilizes the MyProxy X.509 credential service as an authentication service. We demonstrate our solution in the MAEviz application portal, a Java Web Start application for earthquake risk management and analysis.

AB - Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an authentication scheme other than username/password. A simple solution for single sign-on involves transmitting a user's password over the network. However, it is undesirable to expose a user's private password in an insecure environment. This paper describes our effort to create " session passwords" which are short-lived passwords transmitted in lieu of a user's private password. Our implementation utilizes the MyProxy X.509 credential service as an authentication service. We demonstrate our solution in the MAEviz application portal, a Java Web Start application for earthquake risk management and analysis.

KW - Grid portals

KW - Session passwords

KW - Single sign-on

UR - http://www.scopus.com/inward/record.url?scp=77954334497&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77954334497&partnerID=8YFLogxK

U2 - 10.1145/1180367.1180384

DO - 10.1145/1180367.1180384

M3 - Conference contribution

AN - SCOPUS:77954334497

SN - 1595935460

SN - 9781595935465

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 95

EP - 101

BT - Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS '06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

T2 - 3rd ACM Workshop on Secure Web Services, SWS'06, Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

Y2 - 30 October 2006 through 3 November 2006

ER -