AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- SSO and LDAP
- SSO Strategy and Policies
- SSO Business Case
- SSO Software
- SSO Management
- SSO Federation
- Enterprise Single Sign On
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Biometric Authentication
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Enterprise Single Sign On (ESSO)
Most enterprises begin their single sign on projects focussing on Web Based Single Sign On (WSSO). This addresses all applications that use a web browser to logon to the applications and are normally LDAP enabledWhy not do all applications in the beginning (called "Enterprise Single Sign On" or "ESSO")?
The reasons are normally cost. Web based single sign on systems are relatively cheaper to install. They're less expensive because it only requires a small piece of code to be installed on each web or application server that intercepts all traffic to the web or application server and redirects the url enquiries to the security server. The security server then determines whether the resource is protected or not and if so, what is the authentication and authorization policy pertaining to it. As a result, WSSO systems can be relatively easily designed to scale. Security and LDAP servers can be easily placed in the network to handle the workload.
Enterprise Single Sign On (ESSO) has been until recently, relatively more expensive to deploy. In ESSO the applications are usually mainframes where there is no web based LDAP authentication. This normally involves the deployment of proxy servers and more complicated code in the network. These systems are more expensive to scale since the proxy servers always need to be added.
There are some new ways emerging to deal with ESSO. It's what I call "fudged" single sign on. Today, you can buy XML based SSO appliances, that quickly install in the enterprise racks. These devices monitor what the user accesses and the id and passwords used to access the applications. It then maintains a centralized list of the ids and passwords and uses these to authenticate on the user's behalf. A small amount of code is deployed on the user's computer that in turn communicates with the hardware appliance in the enterprise rack. From an end user's perspective, they have achieved single sign on.
Recommended ESSO vendors are Passlogix and Imprivata.
Access Control Authentication
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
