A Zero Trust Single Sign-On Framework with Attribute-Based Access Control

Abstract

Authentication, authorization, and access control are fundamental functionalities that are crucial for network infrastructures and software applications. These functionalities work together to create a fundamental security layer that allows administrative entities to control user actions. Implementing a security layer may be simple for basic applications, but as modern digital infrastructures become more complex, more advanced security systems are needed. Traditional perimeter-based security models, long relied upon for securing large networks, exhibit vulnerabilities and lack adaptability to modern architectures. As technology advances, there is a growing demand for new authentication and authorization systems to keep up with the changes. Zero Trust (ZT) emerges as a paradigm embodying such principles and concepts for constructing contemporary security systems. This paper introduces a ZT-based Single SignOn (SSO) framework to demonstrate how ZT can be realized in multi-service environments using Attribute-Based Access Control (ABAC). A prototype is developed to show the feasibility and applicability of the proposed framework in a smart city context.