InfoQ

News

Single Sign-On beyond the firewall

Posted by Gavin Terrill on Nov 05, 2007 11:00 PM

Community
Architecture
Topics
Security ,
WS Standards
Tags
SAML

It seems like only yesterday that developers were coming to grips with implementing Single Sign-On (SSO) across the enterprise. Now, organizations are concerned with how they can extend that thinking to beyond the corporate firewall. John Dunn wrote about the basic tenants of Federated Identity Management (FIM) in a recent Techworld article:

The first thing to say about FIM is that it is not really a technology as such – despite what some vendors will appear to claim - more a concept for understanding how technologies such as web services can be used to make possible a goal that has started to obsess forward-thinking IT die-hards: how can users at different organisations share or ‘federate’ data and conduct transactions using each other’s networks?

SAML (Security Assertion Markup Language) 2.0 is the standard endorsed by OASIS to facilitate SSO in FIM. John discusses three important SAML features that make it appropriate for FIM projects:

First, it requires no ongoing synchronisation, and sets up connections on the basis of a particular request at a particular moment in time. This makes it simple and auditable. Second, it allows the communication of privacy settings and manages sessions better once the person has logged out of a federated resource. Perhaps most critically, it is an abstraction layer that can unite otherwise different authentication systems from different vendors, something that has thus far tended to cause a mountain of problems for FIM projects.

John then discusses a checklist of issues for companies starting to investigate FIM. These include:

  • Ensuring your company has robust authentication in place. Your users will be accessing partner sites, and vice-versa.
  • Evaluating the security implications of employees accessing multiple systems
  • Compliance concerns
  • Determining who is responsible in the event of a failure

The vision of Federated Identity invokes exciting possibilities, however John concludes the article with some sobering advice:

Longer term, it has the potential to transform even the humblest IT operation into something quite new. But as a concept, federation surely represents the future of networks, so that they become not as islands of digital power, but overlapping ‘networks of networks’. It is happening already. But it will force companies to re-examine their own security processes before they jump into its whirlpool of potential difficulties.

More InfoQ coverage of SAML is available here.

No comments

Watch Thread Reply

Educational Content

Bindings, Platforms, and Innovation

This presentation focuses on the Internet and separating myth from fact, history from the future, and the mundane from the imaginative. Bob Frankston presents a vision of what could and should be.

Orchestrating Long Running Activities with JBoss / JBPM

This article explores the use of JBoss and jBPM to implement design solutions that effectively address the issue of orchestrating long running activities.

Neo4j - The Benefits of Graph Databases

This presentation covers the use of graph databases as an optimal solution for data that is difficult to fit in static tables, rapidly evolving data or data that has a lot of optional attributes.

Realistic about Risk: Software development with Real Options

This session introduces Real Options and shows how it can help in running your project. Real Options is a decision-making process that can be used to manage risk.

Communication Flexibility Using Bindings

This article discusses the use of bindings on services and references (including the instance of non-configured bindings) as the means to implement SCA communications in a Web and SOA environment.

Writing DSLs in Groovy

After a short introduction to DSLs, Scott Davis plays with the keyboard showing how to approach the creation of a DSL by typing working snippets of Groovy code that get executed.

Scaling Agile with C/ALM (Collaborative Application Lifecycle Management)

IBM Rational and InfoQ present, Scaling Agile with C/ALM, an eBook showing organizations how to become “finely tuned software delivery machines” by enabling team integration and scaling.

Concurrent Programming with Microsoft F#

Amanda Laucher presents a real life enterprise application written in F#. She shows actual code snippets, explaining design decisions and suggesting how to use some of the F# constructs.