Enterprise Single Sign-On (SSO)
Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > Traditional single sign-on (SSO) products versus federated identities
Ask The Security Expert: Questions & Answers
EMAIL THIS

Traditional single sign-on (SSO) products versus federated identities

Joel Dubin EXPERT RESPONSE FROM: Joel Dubin

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 02 September 2007
My company's employees need to access their employee benefit information on an external Web site. What are the advantages and disadvantages of using traditional single sign-on products, like RSA ClearTrust or SiteMinder, versus federated identities?

>
EXPERT RESPONSE
Single sign-on (SSO) and federated identity management seem very similar on the surface. And, in fact, a federated identity management system may use SSO for logon. But the similarity ends there.

SSO allows a single authentication credential--user ID and password, smart card, one-time password token or a biometric device--to access multiple or different systems within a single organization. A federated identity management system provides single access to multiple systems across different enterprises.

While SSO deployments can be involved and tricky, they are within a single company, which may already have a common IT architecture throughout the enterprise. Federated identity management deployment across organizations with different IT architectures, however, requires more work. A third party must then set a neutral standard that is accepted by all participants.

Because it requires agreement across various companies with disparate systems, federated identity management hasn't been widely accepted. The technology calls for member companies to agree, among other things, on a unified directory structure for housing authentication credentials--not an easy task, especially for competing companies in the same industry that might need to share a federated system.

There have been initiatives by Microsoft and IBM, as well as Liberty Alliance, OASIS and others, in developing federated identity management standards. But such systems are still tricky, at best, partly because the standards are still evolving, due to shifting alliances among the various players, and partly because the technology isn't mature enough for enterprise use.

Unless your company and the company hosting the external Web site are both part of the same federated identity management system, it would be best to stick with traditional SSO, which has an excellent track record and a long history of successful implementation.

It's also important, particularly with SSO, to make sure that there are adequate safeguards for authentication credentials, especially if employees will be accessing high risk data, such as employee benefit information. Remember, SSO is a great convenience, but it's also a single key to the store. If it's compromised, then everything it allows access to is also compromised.

Consider adding two-factor authentication, or some other strong authentication, to your SSO mix. This is another reason to implement SSO over federated identity management. Today's SSO systems are flexible and work well with two-factor authentication.

For more information:

  • In this expert Q&A, Joel Dubin discusses the federated identity managment basics.
  • Discover the dangers associated with turning off pre-boot authentication (PBA).


    • Sound Off! -   Be the first to post a message to Sound Off!


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Identity Management and Access Control
    CardSpace vs. user IDs and passwords
    Biometrics vs. biostatistics
    What are the dangers of using radio frequency identification (RFID) tags?
    What are the risks of connecting a Web service to an external system via SSL?
    What should an internal support model for identity management look like?
    How to prevent hack attacks against smart card systems.
    For a small office, what are the best, least expensive office servers with secure access?
    What are the pros and cons of using stand-alone authentication that is not Active Directory-based?
    Should users set up password expiries in Active Directory?
    How to conduct an efficient and thorough employee access review.

    Enterprise Single Sign-On (SSO)
    Startup Symplified delivers SSO in the cloud
    SaaS Offering Handles SSO
    Kerberos security evolves for B2B, mobile tech
    IBM acquires Encentuate for single sign-on software
    Security360: Identity management market
    Top 10 access-related controls for PCI compliance
    What type of protections should security question and answer authentication credentials have?
    Best practices for deploying enterprise single sign-on (SSO)
    Does single sign-on (SSO) improve security?
    Flaws fixed in widely-used Kerberos program
    Enterprise Single Sign-On (SSO) Research

    Two-Factor and Multifactor Authentication Strategy
    Trends in enterprise identity and access management
    Address Authentication and Transaction Validation Protocols to Stem Identity Theft
    Understanding multifactor authentication features in IAM suites
    SaaS Offering Handles SSO
    Identity Management Suites Enable Integration, Interoperability
    Product review: Secure Computing SafeWord 2008
    Keystroke recognition aids online authentication at credit union
    Fraudsters exploiting multiple financial services channels
    Video: Changes ahead for MIT Kerberos Consortium
    Kerberos security evolves for B2B, mobile tech

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    single sign-on  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts