True SSO June 6, 2006
Posted by Phillip in : work, geek , trackbackAt last! Someone who understands what SSO really entails finally asked me what it would take to implement it. Some people are under the impression that SSO is simply re-using the same password in multiple places (*yuck*). For those of us in the identity management business, we know that SSO is really much more.
I like Wikipedia’s definition of SSO: “Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.”
The idea is that Jo[e] User comes to work, sits down in his/her sterile cubicle and logs into his/her desktop. Once Jo[e] User has logged into his/her desktop (via some form of Directory Services), he/she should have access to everything he/she needs to do his/her job without authenticating again.
There are several ways to accomplish this. Ideally, you are managing identities in these disparate systems via some federated form of directory services, maybe you are using Novell’s eDirectory with Identity Manager to integrate OpenLDAP and Active Directory. Assuming you have a decent way to manage identities, the next layer can be mildly challenging. Providing the authentication into each application. If you are using web-based apps, you can utilize a WEB-SSO or Web-AM (Web access management) technology to provide this authentication, something like iChain. If you are using any non-web-based apps, you will have to use something a little more robust. Never fear, SecureLogin is here.
From what I have read, this is exactly what I am looking for. Not sure on the price, so I’m glad I don’t own any budgets. I have the full trial version, but I have yet to find time to install it. More on that is it unfolds.
I am still concerned about how to handle the last layer of access, the authorization part. Most applications have their own authorization and access level scheme based on profiles and roles. Figuring out how to integrate to this level is the Real Challange (TM).
Comments»
Phil - TRUE SSO includes passing the three A’s of Access/Authentication/and Audit.
From a technical perspective you can get by with the getting the first two A’s but you’ll fall short of industry standards and requirements [ISO/SOX/PCI..etc].
One of the most seamless solutions I have ever seen is a product called Direct Controll. It integrates into most corporate infrastructures and doesnt have you creating one off’s, and multiple local administration points. It is a true SSO path in the stricktest sense. I liked it so much I came to work for them.
www.centrify.com