Single Sign On (SSO)

Enterprise Single Sign On (ESSO) (Defined by Wiki: http://en.wikipedia.org/wiki/Single_sign-on) IS

Ability of a user to log in once to multiple applications that would ordinarily require their own separate logins. The same credentials will be used while navigating through the multiple Organisation websites and depending on your policies constraints. The ability could be allowed to share the SSO credential to the Business partners.

IS Not

Password synchronisation, as password synchronisation doesn't reduce the number of log-on. Behind the seen it is still log-on for each individual system.

Attributes:

• Rule based capabilities
• Role based capabilities

Benefits and Business Drivers

• Improve user experience by not maintaining large number of users password by the end user
• Reduce Operational cost incurred to organisation in provisioning and maintaining user-passwords
• Organisation wide consistent policies and security implementation and be able to enforce uniform Enterprise authentication and/r authorisation policies across the enterprise
• Maintainability is increased by simplifying the process and also greater audit-ability of user sessions
• Eliminate possibility of Orphaned Accounts
• Resolves redundant and overlapping Administration across various system
• Free up developer for implementing silo solution for the security authentication and/or authorisation) and promote re-usability
• Fine grained Auditing

Cons:

• Single Point of Failure due to Denial of Service or Lack of availability
• Stolen credential via insecure implementation
  

Type of SOS

• Web Based

Website:

• One log-in to access multiple website
• All subsequent Logins to websites are handled transparently

Web Services

• Legacy Based

Solution Option:

Big Players:

• Entrust :GetAccess
• Evidian : PortalXpert
• Netegrity : SiteMinder
• RSA : ClearTrust
• IBM : TIVOLI Access Manager (TAM) with WebSeal
  WebSeal will act as the first point of contact and work as a reverse proxy. This entails that the internal systems will trust all incoming request that have passed through the byWebSeal and thus the access to website will only be allowed via the WebSeal and all other requests are just rejected.
• Novell
• Computer Associates
• HP : Identity and Access Management (IdM)
• Sun : Sun Java Access Security Manager
• Passlogix : v-GO Sign-On Platform
  

Future of Mainframe based system

After the origin of all the integration layer technology, organisations are finding it more comfortable to extend the usage of the mainframe based system. Since mainframe is still based on quite old technology, the question arise. How long can we sustain the mainframe based solution?

For all those organisation where the core of the business functions are on Mainframe based technology, migrating to the midrange new technology is still quite expensive and complex exercise. Thus they refrain and delay as much further as they can. Integration technology has given them more hope now, as they have provided various adapters and technology integration options that you can now have a complete SOA based system using Integration Technology like TIBCO consuming the resources as mainframe.

Some question still arise:

1. How extensible will be these solutions?
2. When will they saturate considering the Resources (mainframe) technology and the more modern technology in the IT Arena?

There are probably more thinking that might be going around, need to get your opinion.

Architecture Frameworks

Architecture Framework in Use

While developing the Architecture Artifacts, Architects use various frameworks, Guidelines and Principles. Most of the time I came across Architects using a mix of frameworks. The most commonly used frameworks are:

• Zachman Framework
• TOGAF (The Open Group Architecture Framework )

More recently Gartner has come up with their own framework called "Gartner Enterprise Architecture Framework". Gartner highlight the importance of bringing together three constituents: business owners, information specialists, the technology implementers instead of checking off items on a process matrix. It is more agile approach towards building the Architecture.

I am posting this blog to get different opinion about the various other frameworks used across different industries. What value does one add as opposed to other or is it time to develop a new framework out of the experience of the Architects.