Professional Documents
Culture Documents
Single Sign On
Single Sign On
Internet
UNIX App
The Business Impact Internet
UNIX App
The Business Impact
z Increases risk of compromise z People Intensive
z Reduced productivity z Delayed access for new hires
B2B z Increased helpdesk expenses B2B z Risk of unauthorized access
User Account/Credentials
Account Directory z No single view of the user
Passport
Reduced
¾
Sign-on
¾ Proprietary (eg database lookups) Using Active Directory for LDAP authentication
z Multiple Account Directories The role of Microsoft Metadirectory Server (MMS)
¾ Active Directory Active Directory in Application Mode (ADAM) usage
¾ LDAP
¾ Databases
¾ Application integrated
z Complexities with B2B and B2C B2E using Active Directory and IIS
Sign-on
Single
Web
¾ Concerns about mixing partner & customer accounts with employee accounts
¾ Privacy (outbound) as well as security (inbound) concerns
B2C using Active Directory and Passport
¾ Are external users & their entitlements up to date? Extranet Access Management using Active Directory
¾ Day to day management issues (eg password reset)
Sign-on
Sign-on
Active
Directory
Extending Windows SSO to non-integrated applications
Enterprise
Reduced
Sign-on
390/AS400
B2E using Active Directory and IIS
Sign-on
Sign-on
Sign-on
B2C using Active Directory and Passport • Supports URL authorization in Windows Server 2003
Extranet Access Management using Active Directory
Active Cookie
Directory
Authorization Web App 1
Check
(Step 3) Web app verifies
(Step 2) Passport verifies SSO Agent
activation code & maps SSL
the user’s credentials
PUID to AD account. Session
“Their” Corporate
and sends a PUID back Identities
to the Web site
Web App 2
EAM
Web SSO Agent
(Step 4) User is authorized SSO Active
based AD account. Directory
Delegated
Windows Server 2003
Admin SSL
¾ Certificates Directory
¾ Biometrics “TrustBridge”
Supplier A Supplier B
z Federated Authentication and Access
¾ Single Sign-on that spans businesses WS Security WS Security
¾ Single sign-on that spans consumer applications User Account/Credentials
Application
Requires XRML
Application
Requires SAML
Security Token