ivo://ivoa.net/std/sso IVOA Taffoni, G. http://www.ivoa.net/icons/ivoa_logo_small.jpg Schaaff, A. Rixon, G. Major, B. 2017-05-24 2017-05-24 2.0 IVOA GWS WG grid@ivoa.net virtual observatory Approved client-server authentication mechanisms are described for the IVOA single-sign-on profile: No Authentication; HTTP Basic Authentication; TLS with passwords; TLS with client certificates; Cookies; Open Authentication; Security Assertion Markup Language; OpenID. Normative rules are given for the implementation of these mechanisms, mainly by reference to pre-existing standards. The Authorization mechanisms are out of the scope of this document. http://www.ivoa.net/Documents/SSOAuthMech 2.0 BasicAA Service supports authentication with HTTP basic authentication (RFC2617, sect. 4 of the Recommendation). tls-with-password Service supports authentication with a password transmitted through TLS as per section 7 of the Recommendation. tls-with-password Service supports authentication with a password transmitted through TLS as per section 7 of the Recommendation. tls-with-certificate Service supports authentication with a client-side X.509 certificate as per section 6 of the Recommendation. cookie Service supports authentication with RFC 6265-type cookies as per section 8 of the Recommendation. saml2.0 Service supports authentication via SAML (most likely, "Shibboleth") as per section 9 of the Recommendation. OAuth Service supports authentication via Open Authentication 2.0 ("OAuth") as per section 10 of the Recommendation. OpenID Service supports authentication via OpenID as per section 11 of the Recommendation.