Browse Prior Art Database

Web based distributed authentication system

IP.com Disclosure Number: IPCOM000190493D
Original Publication Date: 2009-Dec-03
Included in the Prior Art Database: 2009-Dec-03

Publishing Venue

IBM

Abstract

There are two big considerations about a user authentication function under a cloud computing environment. 1: There is no wide-spread function for user id management under distributed systems like a cloud computing environment, so it is difficult to avoid user id conflict effectively among authentication systems. 2: On the single sign-on point of view, a representative authentication server is used in most web authentication systems(For example, Identity Provider of SAML and OpenID Provider of OpenID), but we can't use the system if this authentication server would down. To solve these issues, this idea provides these HTTP/HTTPS based functions. 1: A function to define a minimum system unit as a "realm" in which user ids are not conflict. When the system authenticates users, it uses not only the user id but also the realm name to distinguish same user names among different realms. 2: A function that all web servers can authenticate users and generate single sign-on message to other servers.