Security Basics mailing list archives
RE: Single Sign On with USB Tokens
From: Luis Lopez Sanchez <luis.lopez () atosorigin com>
Date: Thu, 29 Sep 2005 11:40:05 +0200
Hi list, The solution that Rodrigo have said for IE named Web Sign-On (WSO) is not an aunthentic SSO, simply is a way to manage identities via smart chip into Aladdin Security Token assign an user/password to each http form identifying the form and URL The SSO is possible with eToken PRO from Aladdin, IMHO is a good choice, but you must think in crytoflex from Schlumberger SmartCards Division (Axalto now!) is an historic reference, and others like ActiveCard for instance. At time to make an election, you must to think in the USB security token integration possibilities, it must be able to integrated with other crypto-aplication such as PGP Enterprise, Entrust modules, Utimaco natively or via PKCS#11. Is very important to make a good choose, assure that the Cryptographic Service Provider (or CSP) is supported natively from your Certification Authority (or CA). Beside is important known the key type and its lenght, for example, in the Aladdin eToken PRO only accept RSA Keys with a lenght of 1024. Is possible integrate eToken PRO in a GNU/Linux enviroment, SUN Solaris, *BSD ... Cisco Systems have choosen this solution too to two factor authentication to upgrade IOS and console authentication recently. Please, visit the M.U.S.C.L.E for more info and diferent drivers for SC (there are a lot of them): http://www.musclecard.com/drivers.html Regards, -- Luislo -----Mensaje original----- De: Rodrigo Blanco [mailto:rodrigo.blanco.r () gmail com] Enviado el: mié 28/09/2005 19:54 Para: Carlos Andres Rodriguez C. CC: security-basics () securityfocus com Asunto: Re: Single Sign On with USB Tokens eToken from Aladdin will do web SSO on IExplorer (Windows only, I think). On 9/26/05, Carlos Andres Rodriguez C. <carlosarodriguezc () gmail com> wrote: > Hi, > > I'm looking for a Single Sign On (SSO) solution based on USB tokens that > works with multiplatform environments.... Does anyone here in the list > know about any vendors who offers these kind of products? > > Thanks > > Carlos Andrés Rodríguez C. > CISSP, BS7799-2 Lead Auditor > > > ------------------------------------------------------------------ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener informacion confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente. Pueden estar protegidos por secreto profesional Si usted recibe este correo electronico por error, gracias de informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos Origin no se hace responsable por su contenido. Su contenido no constituye ningun compromiso para el grupo Atos Origin, salvo ratificacion escrita por ambas partes. Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no sera responsable de cualesquiera danos que puedan resultar de una transmision de virus ------------------------------------------------------------------
Current thread:
- Single Sign On with USB Tokens Carlos Andres Rodriguez C. (Sep 27)
- Re: Single Sign On with USB Tokens D.N.Vaidya (Sep 28)
- Re: Single Sign On with USB Tokens Rodrigo Blanco (Sep 28)
- <Possible follow-ups>
- RE: Single Sign On with USB Tokens Manuel de Miguel Moreno (Sep 28)
- RE: Single Sign On with USB Tokens Luis Lopez Sanchez (Sep 30)