
	Home > Ask the Security Experts > Questions & Answers > Expert opinion on the viability of SSO

Ask The Security Expert: Questions & Answers

EMAIL THIS

Expert opinion on the viability of SSO

EXPERT RESPONSE FROM: Jonathan Callas

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 11 July 2002
We've been researching SSO for months now. We asked Meta for the lowdown. Meta says there are three typres of Single Sign-On. Client-based, Web SSO and Infrastructure. Client based works but is costly and has a high rollout and support problem. Web SSO is great if all your applications are Web-based. Infrastructure (module on central server logs on to applications for you) is not easy -- lots of interfaces and lots of script writing.

We are getting pressure from management to find an enterprise solution. We are not all Web-based. We have OS390, Lotus Notes, PeopleSoft, etc.

Without all the vendor sell, we need an expert opinion on the viability of SSO. Does everyone have it? Does infrastructure work or will it be a scripting nightmare? Which do you recommend? Thank you.

Cutting to the chase, no, everyone does not have Single Sign-On. In fact, almost no one does. Single Sign-On is the holy grail that every CIO and sysadmin wants, which is one reason why you're getting pressure from management to "implement" it, as if you could just go out and sign a check and poof there it would be.

Let's step back for a moment and look at what the problem is. Anytime you deal with security, it's good to do this, because it's too easy to get sucked into solutions rather than problems.

Ideally, as users, we would like to walk into the office and poof, all the stuff we need to use is there for us to use. Failing that, we should type *a* password or use *a* smartcard or whatever. If we leave the office for a cup of coffee, a meeting, lunch or -- shock horror -- going home for the evening, things should automatically turn themselves off.

As systems people, we want to have a central place where we can authorize users for systems, resources like printers, building access and so on.

Unfortunately, there are many things that make gestures towards it. There are standards for doing it -- RADIUS and Kerberos are both ways to do it. NIS is there for Unix systems. Microsoft has incorporated Kerberos into their domains, but alas enhanced it so that you can only use it with their stuff.

CA has an SSO system. So does Entrust. So do lots of other people. And guess what -- none of them let you do what I described above. Various vendors have also tried to turn SSO on its head by saying essentially, "Buy everything from us, and then you won't need SSO."

So what do you do when management pressures you to "implement" it?

List the resources that are important. You mentioned PeopleSoft, Lotus Notes and OS390. Talk to people who use those or the vendors themselves. Talk to your own users. See if you can find something that's most important. For example, I'll just suggest that maybe it's PeopleSoft and Lotus. Find an SSO system that works for those -- better yet, find more than one. See which ones work with OS390. If you find one, you've succeeded. If not than you're just stuck. I can assure you, too, that you're going to get stuck before you support all the things you would like to.

Let's face it, everyone wants SSO, and if there were a solution, we'd all just go buy that. It is a hard problem for which there's no broad-based solution.

BROWSE BY TAG

Enterprise Single Sign-On (SSO), Enterprise Identity and Access Management, User Authentication Services, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Enterprise Single Sign-On (SSO)
	How to log in to multiple servers with federated single sign-on (SSO)
	Security on a budget: How to make the most of authentication tools
	Best Identity and Access Management Products
	Changing times for identity management
	Kerberos configuration as an authentication system for single sign-on
	How to use single sign-on for Web access control to prevent malware
	Learn about enterprise strategy for server virtualization single sign-on
	Enterprise single sign-on: Easing the authentication process
	Exploring authentication methods: How to develop secure systems
	User provisioning and SSO for PeopleSoft- and Unix-based products
	Enterprise Single Sign-On (SSO) Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

onboarding and offboarding (SearchSecurity.com)

single sign-on (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy