CS272 Dissertation Project

A computer user today spends a lot of time accessing online applications, online games and social networking sites at the same time on the Web. As part of this, the user often needs to input his/her username and password at a dozen different sites or applications every day. To cope with this, users typically create simple passwords or reuse a few ones. This might lower the security of the system and increases the risk of an attacker to compromise the account(s). This study discusses a methodology for the development of a java application for a single login system on the web. The internet, being what everyone uses today, has unlimited potential in regards to what people can do or add in it. The system will be using Java Open Single Sign-On (JOSSO) as a temporary technology, which separates the concerns of the user authentication so that they may be managed independently. JOSSO integrates Java 2 Platform Enterprise Edition (J2EE) and Windows Transparent Cross-Domain/Cross-Organization for the actual Single Sign-On (SSO) and using Security Assertion Markup Language (SAML) for its exchange of authorization and authentication data between parties. By extending the verification vectors JOSSO extends the security architecture for XML-based data format that require authentication and authorization modules. The study aims to produce a technology application that can login to Ateneo de Davao Systems using a few login details. After the development, the proponents found out that most of the Ateneo systems are from open source application and only the Student Information System is made from complete scratch. The proponents successfully made a complete copy of the Ateneo systems on the localhost for simulation. After the set up was done, the simulated systems were all connected via a single credential. The logging in of the single credential enabled the proponents to connect/access the simulated systems successfully.

Keywords: login, internet, single single-on, JOSSO, java