Traffic Evaluation of a Claim-based Single Sign-On System with Focus on Mobile Devices

摘要

The work on Web services security is not that new; however, the provided solutions either are not efficient, or applicable only to some special cases. As an example, the standardization group OASIS specified a huge amount of standards, which are unofficially called WS-*. Unfortunately, not all of these standards are implemented by modern frameworks and their applicability to mobile Web services is also questionable. As the WS-* technologies are very useful in realizing single sign on (SSO) solutions, we discuss, in this paper, an implementation prototype for a single sign-on system with WS-* standards and evaluate the resulting network traffic while focusing on mobile devices. To be more precise, two implementations (one based on NetBeans and another one developed by the authors themselves) were achieved and their corresponding results were compared. It appears that the authors' implementation performs better that the NetBeans one and reduces the traffic generated from 85% to 50%.