Single sign-on for java web start applications using myproxy

摘要

Single sign-on is critical for the usability of distributed systems. While there are several authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may be difficult to modify a particular legacy application to utilize an authentication scheme other than username/password. Asimple solution for single sign-on involves transmitting a user's password over the network. However, it is undesirable to expose a user's private password in an insecure environment. This paper describes our effort to create "session passwords" which are short-lived passwords transmitted in lieu of a user's private password. Our implementation utilizes the MyProxy X.509 credential service as an authentication service. We demonstrate our solution in the MAEviz application portal, a Java Web Start application for earthquake risk management and analysis.