Summary

With the surge of mobile devices and applications accessing the Internet, the network and the service environment are becoming increasingly complicated. As a result, there is a pressing need to simplify the user authentication mechanism to improve user experience and service quality.

Many standardization organizations including ITU-T have conducted a lot of research work on the unified authentication mechanism (i.e., single sign-on). However, all the current work is basically focused on unified authentication among the service applications, without considering the relationship with the network authentication.

From the network operator's perspective, users undergo some forms of network authentication when they access the network. However, when they log in again to request access to a service their initial network authentication is not reused. When adopting an authentication results sharing mechanism between the service and the network, the service applications can identify a user by using the authentication results from the network. Such mechanism allows a user to be authenticated only once by the network and directly gain access to the service.

Recommendation ITU-T X.1256 develops guidelines for network operators and service providers to share network authentication results, and provides a framework for sharing minimum attributes across multiple services within an established trust relationship.