Diameter Single Sign On – Secure and Personalized Service Provision via Authentication and Authorization Mechanisms

Network Services universally rely upon Authentication and Authorization mechanisms to ensure secure and personalized service provision. Protocols, such as Diameter provides a reliable framework for efficient access control to network services utilized by network devices. This framework can also encompass application level services e.g. web applications accessed via web browsers [1]. On the other hand, the prevalence of Internet based services and applications have brought about the burden of identity management among distributed security domains, an issue not specifically addressed by protocols such as Diameter. Efforts such as OpenID alleviate this difficulty by proposing an application level framework based on open standards to realize single sign on/off [2] semantics with regard to application level services. However, these technologies do not build upon existing security infrastructure, require significant investment in terms of technology adoption and have yet to receive industry wide acceptance and support. This paper presents Diameter Single Sign On – a framework that provides single sign on/off semantics in the context of network and application level services by harnessing the strengths of existing and proven authentication and authorization infrastructure. Because of combination of the Diameter protocol with Single Sign On and OpenID the proposed architecture overcomes the problem of identity management and also builds on existing security infrastructure.