CoSign is An open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. cosign is part of the National Science Foundation Middleware Initiative (NMI) EDIT software release.

• Passwords, if used, are sent only to the central weblogin service over SSL.


• Users need only authenticate once per session to access any number of cosign-protected campus sites.


• Optional per-service re-authentication.
  
• A compromised service host does not represent a compromise of the cosign system as a whole.


• x509 users needn't enter a password to authenticate.


• The cosign 'friend' system allows non umich users to authenticate using self-created, centrally-administered guest accounts.


• Trusted systems can request Kerberos credentials from central server for N-Tier authentication (e.g. IMAP, LDAP, Oracle, etc.).


• There are no domain cookies used in this system.


• Sessions have both idle and hard timeouts.


• Users can logout of all cosign-protected services by visiting a single URL.