Previous section.

X/Open Single Sign-on Service (XSSO) -<br> Pluggable Authentication Modules

X/Open Single Sign-on Service (XSSO) -
Pluggable Authentication Modules
Copyright © 1997 The Open Group

XSSO Architecture

This chapter presents an overview of the architectural concepts of the XSSO services. The services and the architecture are described in greater detail in XSSO Sign-on Services and XSSO Account Management Services . As described in Introduction to Single Sign-on there are two perspectives to a Single Sign-on service, an end user perspective and a user account management perspective. For simplicity these two perspectives are presented as two separate models.

XSSO Single Sign-on Model

Figure: SSO Sign-on Model

SSO Sign-on Model is a top-level view of the sign-on model. The model illustrates a combination of primary and secondary sign-on operations.

The initial user sign-on is performed by the primary sign-on application. Secondary sign-on operations are invoked when a user invokes an application that interfaces to services that require user authentication. These services are typically client-server applications requiring the communication of user authentication information to a further platform.

The XSSO services invoked by the Primary Sign-on Application are responsible for:

The XSSO services invoked by a secondary sign-on application client and target service in effect comprise a Distributed XSSO Sign-on Service. The XSSO sign-on service invoked by the target service performs essentially the same functions as the XSSO services invoked by the Primary Sign-on Application. However, the user dialogue is replaced by an exchange of information with the application client. The XSSO sign-on services invoked by the application client are responsible for retrieving the information required for the exchange with the target service from the XSSO service cache created by the primary sign-on operation or from the Sign-on Service Management Information.

In addition, the XSSO sign-on services invoked by the application client and target service are responsible for protecting the sign-on information exchanged.

XSSO Account Management Model

SSO Account Management Model illustrates the XSSO Account Management Model. The objective of the XSSO Account Management Service is to support the development of management applications that are capable of managing a set of distributed account information bases whilst providing a common administrator user interface. This is to be achieved by defining an XSSO Account Management API to be supported by management modules specific to each of the individual account information bases. This will enable an XSSO Management Application developer to provide agent applications that will interface to management services provided by each domain that supports the XSSO ACM-API.

The definition of the Account Management API is deferred to a future specification.

Figure: SSO Account Management Model

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.

Contents Next section Index