Liberty Alliance Project
Usually each Web Service requires its own sign-on procedure where each user must present his own user name and password. This results in a cumbersome user experience. What users would like to be able to do is to sign-on only once to a set of related services and then freely move between them, although they may be located on multiple servers or even in different domains. This is known as Single-Sign-On (SSO). LAP tries to provide a SSO solution by specifying a simple but secure mechanism for ``federating'' identities (a system for binding multiple accounts for a given user).
One of the core pieces in this architecture is the Protocol lap-lecp (76) presented in [107] (for further discussion, see also [156]).
Protocol lap-lecp should provide Fresh Key Agreement, 3P-Authorization, and ID Protection (Eavesdropper and Peer) (G1-3,6,7,10,12-14).