A Taxonomy Model for Single sign-on Oriented towards Cloud Computing Glauber C. Batista 1 , Maur´ ıcio A. Pillon 1 , Guilherme P. Koslovski 1 , Charles C. Miers 1 , Marcos A. Simpl´ ıcio Jr. 2 and Nelson M. Gonzalez 3 1 Santa Catarina State University (UDESC), Joinville, Brazil 2 University of S˜ ao Paulo (USP), S˜ ao Paulo, Brazil 3 IBM Watson Research Center, Yorktown Heights, U.S.A. mjunior@larc.usp.br, nmimura@us.ibm.com Keywords: Cloud Computing, Single Sign-On, Taxonomy. Abstract: Clouds can be seen as a natural evolution of the Internet, allowing the utilization of computing capabilities maintained by third parties for optimizing resource usage. There are several elements that compose the cloud infrastructure and its services, and all of them must operate harmoniously. In particular, to allow the creation and deployment of services resilient to internal and external threats, the observance of security aspects is essential. This includes the deployment of authentication and authorization mechanisms to control the access to resources allocated on-demand, a strong requirement for any cloud-based solution. With this issue in mind, several providers have recently started using some form of Single Sign-On (SSO) mechanism to simplify the process of handling credentials inside the cloud. In this work, aiming to provide a structured overview of the wide variety of mechanisms that can be employed with this purpose, we propose a classification of SSO systems for cloud services, which can be used as a model for comparing current and future designing instances of such mechanisms. In addition, to validate the usefulness of the proposed taxonomy, we provide a classification of existing cloud-oriented SSO solutions. 1 INTRODUCTION Cloud computing is a model that supports ubiquitous, convenient, on-demand access to a shared pool of configurable resources that can be rapidly provisioned and released with minimal effort (Mell and Grance, 2011). As such, clouds can be seen as the natural evo- lution of the Internet, allowing the utilization of com- puting capabilities maintained by third parties in an optimized manner, potentially reducing costs (Velte et al., 2009). In order to provide a suitable service, the multiple elements that compose the cloud infra- structure must operate harmoniously. In particular, to allow the creation and deployment of services resi- lient to internal and external threats, the observance of security aspects is essential. This includes the de- ployment of authentication and authorization mecha- nisms to control the access to resources allocated on- demand, a key requirement for any cloud-based solu- tion (Tavizi et al., 2012). Whereas authentication is widely deployed in se- veral cloud systems, each independent cloud services may end up adopting its own authentication mecha- nism. For example, it is not uncommon for cloud ser- vices to perform some basic authentication using an identity (e.g., a username) and a secret (e.g., a pas- sword), which is straightforward to deploy and use. However, such uncoordinated authentication appro- ach usually harms the usability of these systems, at the same time that it hinders any possibility of inte- grating different services. Even worse, the lack of in- tegration is also likely to impair the system’s security itself, since users who are forced to remember several pieces of information to access different services are often compelled to set the same secret for most (if not all) of them. In addition, from the services’ stand- point each authentication operation corresponds to a separate process, requiring the allocation of additio- nal system resources and increasing the possibility of information leakage (You and Zhu, 2012). Aiming to avoid such issues, many existing cloud services have adopted some form of SSO mecha- nism (Chadwick et al., 2013; Sette and Ferraz, 2014). The core characteristic of SSO solutions is to provide Batista, G., Pillon, M., Koslovski, G., Miers, C., Simplício Jr., M. and Gonzalez, N. A Taxonomy Model for Single Sign-on Oriented towards Cloud Computing. DOI: 10.5220/0006784205730581 In Proceedings of the 8th International Conference on Cloud Computing and Services Science (CLOSER 2018), pages 573-581 ISBN: 978-989-758-295-0 Copyright c  2019 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved 573