single sign-on strategies

[Craig Blaha <blaha () TCNJ EDU>]

The College of New Jersey is in the process of developing our single
sign-on strategy as we prepare to integrate our first enterprise
application - HRMS - into our portal.

We are considering using a partial single sign-on strategy: a user logs
into what I'm calling the "casual" portal which gives them access to the
news, their e-mail, navigation and (perhaps) self-service. If the user
tries to access an administrative screen of an enterprise application
such as HR or Finance, they are prompted to re-enter their password. The
enterprise applications would each have their own time out, and
username/password would be handled by LDAP.

The goal is to strike a balance between security and ease of use that is
closer to the secure side of the continuum than a true SSO solution.

Has anyone else done this or something similar? I would be interested in
any thoughts/lessons learned.

Sincerely,
Craig Blaha
--

   *Craig Blaha*
   /Associate Director
   Information Policy, Security and Web Development/
   The College of New Jersey
   PO Box 7718
   Ewing, NJ 08628
   www.tcnj.edu

--------------------------------------------------------------
Reminder: E-mail sent through the Internet is not secure.
Do not use e-mail to send confidential information
such as credit card numbers, changes of address, PIN
numbers, passwords, or other important information.
Your e-mail message is not private in
that it is subject to review by the College, its officers,
agents and employees.
--------------------------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.