The Architecture Space

The Architecture Space
Let's build it together

Thursday, 23 August 2007

Single Sign On (SSO)

Enterprise Single Sign On (ESSO) (Defined by Wiki: http://en.wikipedia.org/wiki/Single_sign-on) IS
Ability of a user to log in once to multiple applications that would ordinarily require their own separate logins. The same credentials will be used while navigating through the multiple Organisation websites and depending on your policies constraints. The ability could be allowed to share the SSO credential to the Business partners.
IS Not

Password synchronisation, as password synchronisation doesn't reduce the number of log-on. Behind the seen it is still log-on for each individual system.

Attributes:

  • Rule based capabilities
  • Role based capabilities

Benefits and Business Drivers

  • Improve user experience by not maintaining large number of users password by the end user
  • Reduce Operational cost incurred to organisation in provisioning and maintaining user-passwords
  • Organisation wide consistent policies and security implementation and be able to enforce uniform Enterprise authentication and/r authorisation policies across the enterprise
  • Maintainability is increased by simplifying the process and also greater audit-ability of user sessions
  • Eliminate possibility of Orphaned Accounts
  • Resolves redundant and overlapping Administration across various system
  • Free up developer for implementing silo solution for the security authentication and/or authorisation) and promote re-usability
  • Fine grained Auditing

Cons:

  • Single Point of Failure due to Denial of Service or Lack of availability
  • Stolen credential via insecure implementation

Type of SOS

  • Web Based

Website:

  • One log-in to access multiple website
  • All subsequent Logins to websites are handled transparently

Web Services

  • Legacy Based

Solution Option:

Big Players:

  • Entrust :GetAccess
  • Evidian : PortalXpert
  • Netegrity : SiteMinder
  • RSA : ClearTrust
  • IBM : TIVOLI Access Manager (TAM) with WebSeal
    WebSeal will act as the first point of contact and work as a reverse proxy. This entails that the internal systems will trust all incoming request that have passed through the byWebSeal and thus the access to website will only be allowed via the WebSeal and all other requests are just rejected.
  • Novell
  • Computer Associates
  • HP : Identity and Access Management (IdM)
  • Sun : Sun Java Access Security Manager
  • Passlogix : v-GO Sign-On Platform
Posted by at

1 comment:

Anonymous said...

You forgot to mention Microsoft. Biztalk and Sharepoint both have Single-Sign On providers. Biztalk for integration, Sharepoint for web access.

19 May 2008 at 9:07 am

Post a Comment

Subscribe to: Post Comments (Atom)