1. Field of the Invention
The present invention relates to secure network communications. More specifically, the present invention relates to a method and system for facilitating single sign-on authentication between a Web Services for Remote Portlet (WSRP) consumer and a WSRP producer.
2. Related Art
Over decades, software architectures have been constantly evolving to deal with increasing levels of software complexity. With the Internet creating new dimensions in computational complexity, traditional architectures seem to be reaching their limits in scalability, portability, and interoperability. Meanwhile, the consumers' needs for information are becoming progressively more sophisticated and demanding.
Distributed, platform-independent programming, which takes advantage of a myriad of connectivity products, is an answer to this paradigm shift. Particularly, the Service Oriented Architecture (SOA) is expected to be the next evolutionary wave in software architecture to meet these more complex challenges. Based on SOA, the Organization for the Advancement of Structured Information Standards (OASIS) has produced Web Services for Remote Portlets (WSRP), a set of specifications that allow web portals to embed remotely-running portlets inside their web pages without requiring any additional programming by the portal developers.
One essential feature of WSRP portlets is single sign-on (SSO). SSO is a mechanism whereby a single authentication of a user can permit the user to access a set of systems which the user is authorized to access without the need to enter multiple passwords.
WSRP web services involve communications between a service consumer (WSRP consumer) and a service producer (WSRP producer), typically in the form of Simple Object Access Protocol (SOAP) messages. The security of these messages is important, because a WSRP portlet can potentially transmit sensitive information, such as financial or personal identity data. To ensure secure communication, the WSRP SSO feature generally requires a user to provide both a username and a password.
However, this approach can be impractical. For instance, a WSRP consumer and producer can reside in different organizations and different systems, and hence the user profiles at the consumer system and producer system are often unsynchronized. Furthermore, most of WSRP consumers use directory services, such as Lightweight Directory Access Protocol (LDAP) services, for user management, and user passwords are unavailable with such directory services. Therefore, secure WSRP SSO can be difficult or impractical to implement for existing applications.
Hence, what is needed is a method and system that facilitate secure SSO for WSRP applications without requiring a user to submit a password.