RE: Web single sign-on

["Levenglick, Jeff" <jlevenglick () fhlbatl com>]

Dave,

I have been working on a major e-business project using bea and rsa
products. (Rsa bought
Securant) I can tell you this, you can create your own solution, but it is
very complicated
compared to the products out there. Keep in mind, nothing is fully
compatible and it will
take a good amount of effort on your part to get it working.

I have integrated Keon, Cleartrust and Ace with Bea Weblogic/Portal.
(Different parts of the portal
required different access requirements) I had to use the api's with java and
c.

No matter what the vendors say, no product out there is fully compatible or
really has been
tested to scale to thousands of users. (We have been working with the Rsa
engineers for months
while doing a load test of 20 users)

Jeff


-----Original Message-----
From: David M. Williams [mailto:d_wllms () lanl gov]
Sent: Monday, December 09, 2002 1:30 PM
To: Marty
Cc: vuln-dev () securityfocus com
Subject: Re: Web single sign-on


you might want to look at some of the Netegrity solutions.  they've been 
around for a long time and have imho solid products.

Dave

Marty wrote:

> Hi group,
>
>
> We have a big discussion going on at one of my clients as we are about
> to add an Internet portal to several applications. We are looking at
> implementing a single sign-on (SSO) solution for our web applications.
>
>
> This discussion is as follow:
>
> 1- Should we buy an already made up single sign-on solution or build one
> in house? 
>
> We've met with the people from Tivoli and Computers associates already.
> Other suggestions?
>
> 2- What if we go for a temporary in-house solution for next year and get
> stuck with it as the portal and the number of applications starts
> growing?
>
> My concern here is the potential of risk being blamed by the auditors
> about an in-house development vs a well known product. 
>
> The number of users of the portal will grow in the ten of thousands by
> the end of next year. Robustness of the solution should also be a main
> factor.
>
> The security of the project is taken care of by firewall, access list,
> DMZ etc.
>
> The number of different application is already up to ten and the portal
> is not even built yet. The deployment of the appliactions (all web
> based) should start as early as march 2003.
>
> Pre-requisites : We have to work with the fact that the environment is
> IBM Websphere servers and the fact that we are already using LDAP for
> authentication on some applications. No comments on that part please, we
> have to live with it...
>
>
>
> ---
>
> Thanks!
>
> Marty
>
> ******************************************
>
> Pensée de la semaine :  Comme pour l'esprit, rien n'est trop grand, pour
> la bonté, rien n'est trop petit.
>
> Martin M Samson
> Chef de projets,
>
>
>
>  

-- 
David M. Williams, CISSP                Phone: 505-665-8062
Systems Engineer, CCN-2                 Fax:   505-667-7428
Los Alamos National Laboratory          Email: d_wllms () lanl gov


 
____________________________________________________________________________
This e-mail message is private and may contain confidential or privileged
information.