Educause Security Discussion mailing list archives
Re: SSO (Single Sign On)
From: Peter Choi <pchoi () WTC-INC NET>
Date: Wed, 24 Sep 2003 16:38:11 -0700
Melissa, It is a noble effort to achieve the Holy Grill of SSO. I can tell you this though...that your battle will be fought in political landscape rather then in technology. Of all the SSO programs and initiatives I've seen (both in major financial institutions and military programs), I have never seen SSO program that scales to enterprise solution covering all aspect of authentication. I've seen military try to deploy enterprise wide SSO system (you know with their funny "Army of One" concept) but the cost of implementing it became prohibitive even for the Department of Defense. Does it mean that I think there are no successful SSO program? Absolutely not. I also seen many successful SSO programs but only with the condition that SSO limitations and boundaries are clearly stated and controlled. There are various form of XML, biometrics, PKI, token based systems that will enable you to do all kinds of things as I am sure you are aware of. But I think your true assurance for success will be in being able to achieve the organizational consensus on the meaning of SSO. Once you can achieve this objective, you can go through basket full of technology solutions that you can pick and choose from and convincing people of the solution you recommend. Be absolutely certain that you define the limitations of your SSO program and scope. Draw the boundary line, put a stake in it and do not weaver from your initial claims of intention. Regards Peter ======================================= S. Peter Choi, Ph D., CISSP Senior Information Security Consultant WTC, Inc. 801 South Grand Avenue, Suite 700 Los Angeles, CA 90017 (213) 689-5327 ======================================= Please visit our web site @ http://www.wtc-inc.net Melissa Guenther <mguenther () COX NET> Sent by: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> 09/24/2003 02:11 PM Please respond to The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To SECURITY () LISTSERV EDUCAUSE EDU cc Subject [SECURITY] SSO (Single Sign On) We are researching the benefits to achieving consistent, simple, and secure access, and protecting an enterprise commitment and investment to applications, through SSO solutions. Single Sign-On was once thought of as a security-decreasing product. Today’s SSO can actually increase security with the appropriate implementation, countering weak, transferable passwords, with user-transparent, consistent, and strong logon principles. We are chartered with ensuring that application access is quick, easy and consistent. This objective continues to be a moving target. Not only are the numbers of applications and platforms (Windows, Novell, web, etc.) increasing, the user populations are getting larger, and more distributed. While most IT departments have long known that there are substantial support ramifications for supporting multiple applications natively, "logging on" has now become one of the greatest challenges to user satisfaction and effectiveness. I would appreciate any lessons learned from anyone that has explored or implemented Single Sign On, in any part. Security and privacy are our biggest considerations at this point. I also would be happy to share findings. Although my email is not an edu extension, I am working with a large, decentralized university in Arizona. Thank you in advance for any information Melissa Guenther Increasing Awareness to Improve Security 480-786-6034 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- SSO (Single Sign On) Melissa Guenther (Sep 24)
- <Possible follow-ups>
- Re: SSO (Single Sign On) Peter Choi (Sep 24)
- Re: SSO (Single Sign On) Jere Retzer (Sep 25)