Analysis of Liberty Single-Sign-on with Enabled Clients

Abstract

The Liberty-enabled client and proxy (LECP) protocol's profile is discussed. The LECP protocol is essentially a three-party authentication and channel-establishment in the standard setting of protocols such as Needham-Schroeder or Kerberos, in which all three parties run specific protocol engines. The main advantage of channel-based protocols is that they work with secure sockets layer (SSL) or transport-layer security (TLS), the only current ubiquitous cryptographic infrastructure. Several concerns disappear with an enabled client, as in the LECP protocol, if the operational and user-interface aspects are well designed.