Authentication infrastructures have been around for many years now. They are very popular in big computing environments where
scalability is a key requirement. In such environment, it’s not very cost-efficient from both an implementation and an administration
point-of-view to create a separate authentication system for every individual computer system, resource or application server.
It is much better to outsource this functionality to an authentication “infrastructure”.
The outsourcing of authentication to a specialized infrastructure also enables the enforcement of a consistent authentication
policy throughout the enterprise. Another major driver behind the creation of authentication infrastructures is single sign-on
(SSO). In short, SSO is the ability for a user to authenticate once to a single authentication authority and then access other
protected resources without reauthenticating. The Open Group defines SSO as the mechanism whereby a single action of user
authentication and authorization can permit a user to access all computers and systems where that user has access permission,
without the need to enter multiple passwords.
This paper focuses on the architectural approaches one can take when designing an SSO solution for a large I.T. infrastructure
and on the security technology building blocks that can be used to construct such an SSO infrastructure. This brief does not
address the architecture of every SSO solution that is currently available on the software market. Many of them have a relatively
small scope and only span a couple of applications, platforms or authentication methods.