Explore chapters and articles related to this topic
Hybrid Cloud
Published in Curtis Franklin, Brian J. S. Chee, Securing the Cloud, 2019
Curtis Franklin, Brian J. S. Chee
Going back in time just a bit, forcing your users to do two or more logins to do their job was fine in the old days, but today layering on completely separate sets of login credentials is a fast way to kick off a user revolt. The world of single sign-on (SSO) is here, and if you’re not using it, you should at least be taking a VERY hard look at it. Having a single ring to unite them all (sorry for the Tolkien reference) also means that a single stolen password will throw open the barbicans, exposing your whole kingdom. SSO is moving in a direction toward a single sign-on AND some sort of multifactor authentication system—something you know, and something you have. The HUGE advantage of SSO revolves around quickly revoking credentials if they’re compromised, and with a single authentication source, a single change also means fewer forgotten logins to leave systems vulnerable, and, most importantly, a single place to change a lost or stolen password.
Healthcare information security and assurance
Published in Abbas Moallem, Human-Computer Interaction and Cybersecurity Handbook, 2018
Ulku Yaylacicegi Clark, Jeffrey G. Baltezegar
To support their healthcare staff, IT departments must strive to make their systems as user friendly as possible while maintaining the security of patient data. In demanding work environments such as a healthcare facility, the stress of having to remember a unique password to login to an EHR system may create inefficiency in the workflow process. One way to improve upon using a unique password for every business system is to implement a single sign on, or SSO. The SSO is a login method whereby a user authenticates to one server, who then validates the user’s identity to multiple other systems. Many software vendors already support some form of SSO based on the security assertion markup language (SAML), which is an open standard for authentication between systems. By utilizing SAML in all business systems, a healthcare organization could require their users to create one strong password that protects their user account, which is then used to authenticate them within the organization. For instance, a user could then login one time to their company web portal, which would verify the user’s identify. That authentication server would then automatically provide SAML identity verification to any other system (e-mail, EHR, VOIP phones, etc.) the user attempted to login to, without the user having to enter any additional passwords. With only one strong password to remember, the user would have a much better experience when authenticating to a business system and security would be greatly improved.
System Definition Recommendations and Advanced Concepts
Published in Magan H. Arthur, Expanding a Digital Content Management System, 2013
SSO is taking the concept of simplifying the authentication process a step further. In most organizations users have a user ID and password that is used when logging into the computer at work or into the company intra or extranets. The concept of SSO is that the credentials of the initial authentication can be stored for a set period of time and when a user requests access to a specific system (i.e. The content management system) the same credentials are reused without the user having to provide them again. The authentication process is transparent to the user. If a positive confirmation conformation is received the user can access the system with a click of a button. Both LDAP and SSO will however not eliminate the need for thorough application security design and maintenance. The permission level for user roles and complex issues like intersecting permissions are still managed within the content management system. Only the basic authentication and the high level role assignment of the users are usually managed by LDAP and SSO systems.
Smart Cities, Playable Cities, and Cybersecurity: A Systematic Review
Published in International Journal of Human–Computer Interaction, 2023
Gustav Verhulsdonck, Jennifer L. Weible, Susan Helser, Nancy Hajduk
Three articles were coded as both “technology” and “people,” indicating that humans were considered as a part of the focus on enhanced privacy and security within smart cities. Aldeen and Salleh (2019) defined smart cities as integrated information and communication technologies that improve the quality of life of people. They utilized a heuristic anonymization technique to manage private data within the cloud in smart cities, which secures privacy of data when transferred between user to cloud storage to the end recipient. Chaturvedi et al. (2019) considered both the infrastructures and systems and the individuals’ experiences, thereby it was double coded as people and technology. They outlined key requirements for developing secure Spatial Data Infrastructures that secure access to data and integrate Smart City systems, and proposed ways to ensure privacy, security, and controlled access using Oauth2 access tokens, OpenID user claims, and security assertion markup language through single-sign-on authentications. An overview of the users’ experiences, as well as presenting a protocol and encryption system, was found in the Lai et al. (2017) article. In this study, Lai et al. examine a protocol that uses broadcast encryption. Their process provides a method for security of data, data privacy, and identity privacy for both user and developer. Overall security of the protocol is through revocable identity-based broadcast encryption where the users are anonymous and access can be revoked without revealing identities or message content. In each of these studies, consideration of the people using the system, not just those collecting and using the data, was found.
A cloud-based platform for the non-invasive management of coronary artery disease
Published in Enterprise Information Systems, 2020
Antonis Sakellarios, Joao Correia, Savvas Kyriakidis, Elena Georga, Nikolaos Tachos, Panagiotis Siogkas, Francisco Sans, Paolo Stofella, Valiani Massimiliano, Alberto Clemente, Silvia Rocchiccioli, Gualtiero Pelosi, Nenad Filipovic, Dimitrios I. Fotiadis
To enable a smooth integration for the user authentication and to support a transparent single sign-on across the different modules, a WSO2 Identity Server was deployed and integrated with the 3Dnet login services. The WSO2 Console enables the configuration of the different modules that can share the single sign-on. After login in one of the modules, the authentication between modules is verified by a security token passed on the URL.