Does anyone here have any experience implementing and or testing single sign on systems? Have you ever worked on verifying the integration of these systems with other systems...say in a service oriented architecture?
Printable View
Does anyone here have any experience implementing and or testing single sign on systems? Have you ever worked on verifying the integration of these systems with other systems...say in a service oriented architecture?
We toyed with the idea of single sign-on where I work Juridian, but I put so many restrictions around it (e.g. It wouldn't be used in the HR department, It could be used by anyone with access to confidential information, none of the technical IT staff or system admins could use it) it ended up not being a viable project. I am currently testing fingerprint readers and am having problems integrating them with all our App's (off the shelf and in house written)
Cheers.
Ahh, the finger print readers. Be sure to get a good one. There is a mythbusters episode where they faked out a couple of models fairly easily.
Yea, they have gotten better since the famous "Gummy Bear" hack. :DQuote:
Originally Posted by Juridian
Cheers:
Hi
Sorry for the general blabla and being unspecific. I can only write down
a couple of thoughts and share some experience - but I cannot do more
without knowing details.
simple, but often sufficient approach
When it comes to a verification of a SSO system, you are lost
when you try to show it too generally. In every single integration
project I participated, we had to restrict our proposition:
Instead of
"single-sign on is fully integrated"
we verified specific statements like
"database system xy is single-sign on-capable (Kerberos-tickets)"
"application xy is single-sign on-capable (Kerberos-tickets)"
...
etc. Hence, based on the actual needs, we have verified what
had to be verified. That was the only thing we could do in budget,
and it is reflected in DjM's statement
- What kind of SSO is to be applied/verified?Quote:
having problems integrating them with all our App's
- What kind of hardware/software has to be supported?
My personal taste is to go with ticketing systems. However the reality
certainly is, often proprietary software does not support it, and mostly,
you are not in a position to require it from the manufacturers. Thus you
are left with ***censored*** 'identify the mask'- approaches. I suggest
to evaluate these according to the above simple recipe - which is a simple,
but often sufficient approach.
SOA
The 'loose coupling' paradigma of SOA gives rise to what is known as
identity services - a set of services allowing applications to
leverage identity information (with the ambiguity of what identity
information actually is :) ). A few well known projects are bandit[1], OSIS[2]
and Higgins[3], however, on a enterprise level, they might not be sufficient
(depending on the actual regulations to be satisfied).
Thus, without going into specifics (please do so), I currently cannot give you
another hint than to wait - if possible.
Large software manufacturers, such as IBM, Microsoft and Oracle,
have or are on the way to build IAAS ("Identity as a Service")-frameworks,
which may help to reduce effective costs of integration - have an eye on verified
implementations of WS-Trust (OASIS approved[4a,4b]) in particular.
Cheers
[1] http://www.bandit-project.org/index....come_to_Bandit
[2] http://osis.netmesh.org/wiki/Main_Page
[3] http://www.eclipse.org/higgins/
[4a] http://docs.oasis-open.org/ws-sx/ws-...spec-cs-01.htm
[4b] http://www.ibm.com/developerworks/li...tion/ws-trust/
A good finger print scanner that supports multiple users would work well but I think people would be hesitant to scan their prints all the time. They might think you will keep a copy of it or something.
I would recommend using "smart cards" Xp has support for them built into the OS. :-)