Skip to Main Content
Web single-sign-on protocols-such as Microsoft passport, Oasis's security assertion markup language (SAML), and the Internet2 project Shibboleth, aim to solve security problems by letting individuals log in to many Internet services while authenticating only once, or at least always in the same way. Enterprises hope that single-sign-on protocols will significantly decrease customer-care costs due to forgotten passwords and increase e-commerce transactions by enhancing the user experience. Commercial interest centers on distributed enterprises and on small federations of enterprises with existing business relationships, such as supply chains. We concentrate on the liberty-enabled client and proxy (LECP) profile. The LECP protocol assumes a special protocol-aware client (the enabled client). We also consider the design of security protocols based on XML and Web services.