Abstract:  In order to solve the problem of single point failure in the traditional central single sign-on （SSO） schemeand accommodate to the dynamic and broad SSO across organizations‚a trust -based peer -to-peer SSO scheme （P2P-SSO） between Web-based applications was proposed based on the Liberty protocol．In this scheme‚by introducing theconcept of peer -to-peer into SSO‚it is possible to dynamically control the boundary of SSO across organizations．Thecorresponding identity federation process and the SSO process were then put forward by establishing a SSO trust scheme‚and the problems such as the user information exchange strategy‚authorization administration‚etc．in the SSO across organization scenario were finally solved．The analytical results indicate that the traditional central SSO scheme is adaptable to the SSO within an organization and the P2P-SSO scheme to the SSO across organizations‚while for practical applications‚the combination of the two schemes is more adaptive.

Key words:  peer -to-peer single sign-on, Dempster -Shafer theory, trust model