This Work Item aims to provide service requirements for interworking of the operator-centric identity management with the user-centric Web services provided outside of an operator’s domain. Specifically, it addresses integration of SSO and the 3GPP services, which is essential for operators to leverage their assets and their customers’ trust, while introducing new identity services. Such integration will allow operators to become SSO providers by re-using the existing authentication mechanisms in which an end-user’s device effectively authenticates the end user.
For the operator to become the preferred SSO Identity Provider might require integration of the operator core with existing application service / content providers to allow the usage of credentials on the UE for SSO services. The 3GPP operator may leverage its trust framework and its reliable and robust secure credential handling infrastructure to provide SSO service based on operator-controlled credentials. Such SSO integration has to work with varied operator authentication configurations.
The Objective is to provide a comprehensive set of service requirements for the integration of SSO frameworks with 3GPP network by building upon the work done in the related feasibility study FS_SSO_Int (published in TR 22.895) as well as previously published related technical reports. This Work Item covers the following:
• Service requirements for integration of Identity Management and SSO frameworks, e.g. OpenID;
• Service requirements for Operators to enable users to access 3rd party services using Operator controlled user credentials;
• Service requirements associated with ensuring that the intended user is making use of the associated SSO capability (including the case when the UE has been stolen or lost).
3GPP TR 22.895 V12.0.0 - Study on Service aspects of integration of Single Sign-On (SSO) frameworks with 3GPP operator-controlled resources and mechanisms (Release 12) is an interesting read that provides use cases for SSO
The diagram above is from an interesting paper titled "Multi-domain authentication for IMS" that describes SSO and other authentication procedures and introduces the advantage of SSO.