Authentication delegation for subscription-based remote network services

There is growing interest in collaboration and resource sharing among institutions and organizations. In this paper, we investigate the problems of identity management inherent in distributed subscription-based resource sharing. The paper describes the design, implementation and performance of a system that provides controlled access to subscription-based remote network services through a browser. A third-party authentication protocol is designed and employed to exchange security assertions among involved parties. The web servers use plug-ins to provide an authentication-delegation service and a policy-based authorization service. Users can use a single userID and password to access multiple subscribed resource sites.