7 Sign-On Minimisation

Once users are authenticated to the awayWEB gateway, they may access intranet systems as if they were directly connected to the organisation network (subject to the access control policy).

Each intranet system may have its own authentication requirements and each internal authentication system may operate using a variety of common web authentication schemes.

Using a variety of techniques, awayWEB can greatly reduce or completely eliminate the need for repeated logins.

7.1 Credential Storage

Rather than sending user authentication information to the browser the awayWEB system uses both a ``cookie storage'' system (see 8.1) and a 'Credential Store' to save user login and session information at the gateway. Users login information is preserved in the gateway even when a user is logged out of awayWEB. When a user re-connects at a later time, they can continue with their intranet applications without repeating the login process. (This functionality is subject to login time limits or other policy enforced by the intranet system). This provides a number of important benefits:

Once a user has logged in to an intranet system once, they need never log in again thus reducing the number of user sign-ons required.
Internal passwords are not used in the untrusted environment. The user never needs to type intranet passwords into the keyboard in an Internet cafe or other unsafe environment
Reduced data entry in WAP applications minimising or eliminating difficult user name and password entry on small devices like WAP phones

7.2 Intranet Single Sign-On

If you organisation already employs a single sign-on system for intranet applications, users need only perform a single intranet sign-on to remain permanently authenticated (subject to your SSO system policies). The awayWEB system will operate automatically with most single sign-on system that inter-operate with a standard browser.

7.3 Intranet Zero Sign-On

The awayWEB system can be configured to pass the credentials of each user to an internal system by appending an additional HTTP credential header to each intranet request.

The intranet system can easily access the additional information and use it to customise site content or preferences. For secure applications, the user id can be used for a system login. This information is protected by a timestamp and a digital signature. Through the use of plug-in modules for supported web server the intranet system can validate the signature to ensure that only the awayWEB gateway can perform the secure login.