1. Field of the Invention
The present invention relates to web-hosted computer applications. More specifically, the present invention relates to a method and an apparatus to facilitate single sign-on services for web-hosted applications.
2. Related Art
As use of the Internet continues to grow at an exponential rate, the number of entities subscribing to web-hosted applications has grown dramatically. Access to these web-hosted applications is typically controlled by an entity, such as a hosting company, as directed by a client company.
One method of controlling access to web-hosted applications is by using separate computers for each entity, wherein each computer includes an access list for the applications hosted on that computer. This method has several drawbacks. For example, this method wastes available computing resources and fails to present an integrated interface to the user. Using separate computers is, therefore, not cost effective. Also, providing separate computers for each entity does not facilitate sharing computational resources to provide differing levels of quality of service (QOS) to different entities. In order to provide these differing levels, the provider of web-hosted applications presently has to maintain multiple computer configurations.
Administering multiple systems is also difficult when new applications are added. The administrator typically installs the application on each computer and then makes needed changes in the access lists on each computer so that the users can access the application.
Each application typically controls access to its services using an authentication scheme such as user-name and password. While these authentication schemes provide protection against unauthorized access to the application, they can also cause frustration. When the user switches to a related application, the related application typically requests authentication credentials even though the user had access to the first application. Switching applications may also invalidate the authentication for the first application and may require re-authentication when the user returns to the first application.
What is needed is a method and an apparatus to facilitate access to web-hosted applications that do not exhibit the problems listed above.