Secure Coding mailing list archives
RE: Credentials for Application use
From: ljknews <ljknews () mac com>
Date: Thu, 12 May 2005 01:49:54 +0100
At 11:00 AM -0500 5/11/05, Gizmo wrote:
Maybe I don't fully understand the concept of Single Sign-On. As I understand it, SSO allows a user to login to an application portal, and all of the applications that user accesses via that portal know who the user is and what rights they have within their respective application realms. As such, it is a front-end technology; the back-end applications don't know anything about this.
That is _one_ (relatively insecure) method of implementing single sign-on. The general definition of single sign-on is that a user only logs on once to access a variety of computer applications. For some applications, relying entirely on Microsoft's credentials is adequate. For some applications, relying on the TSO login is adequate. For some applications, relying on Kerberos credentials is adequate. etc. -- Larry Kilgallen
Current thread:
- Credentials for Application use Mikey (May 11)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use Gunnar Peterson (May 11)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use Mikey (May 12)
- RE: Credentials for Application use Gunnar Peterson (May 11)
- <Possible follow-ups>
- RE: Credentials for Application use Goertzel Karen (May 11)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use ljknews (May 11)
- Re: Credentials for Application use Dave Aronson (May 12)
- RE: Credentials for Application use Gizmo (May 12)
- Re: Credentials for Application use Dave Aronson (May 13)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use Mikey (May 12)
- Re: Credentials for Application use Michael Silk (May 12)
- RE: Credentials for Application use Gizmo (May 11)
- RE: Credentials for Application use ljknews (May 12)