Ticket model: a generalised model for internet-based three-party authorisation systems

Using web technology, a user may use a web browser to access a service on a web application that runs on a server. In many cases, a user needs to perform the task that requires the use of multiple web applications. Traditionally, a user needs to give his credentials to a third party website which leads to privacy and security issues. Though there are many existing protocols, most of them are ad hoc. Since the way a user accesses two independent web applications can be different, we define a web-based three-party communication model. After that, the well-accepted existing protocols are analysed. However, we found the common work flow in the communication though the protocols are in different scenarios. Therefore, we proposed the generalised model called Ticket model. Then, the details were discussed using a reference implementation. Finally, an accounting extension was added to the reference implementation as an example.