cosign is a Web single sign on system that
allows users to authenticate once per session
and access any protected Web resources at
the institution. If used, passwords are sent
only to a single, central URL. Sessions have
both idle and hard timeouts, and users can
logout of all protected services by visiting a
single URL. The use of public key cryptography
ensures that a compromise of a protected
Web server has no impact on the security of
other participating servers.
