Single Sign-on Article Index for
Single 		Website Links For
Single 		 

Information About

Single Sign-on
  CATEGORIES ABOUT SINGLE SIGN-ON
   
identity management systems
   
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



There are at least five major types of SSO or reduced signon systems in common use
at the time of this writing (2005):

  • Enterprise Single Sign-on (E-SSO), also called legacy single sign-on, after primary user authentication, intercepts login prompts presented by secondary applications, and automatically fills in fields such as a login ID or password. E-SSO systems allow for interoperability with applications that are unable to externalize user authentication, essentially through " Screen Scraping ."

  • Web single sign-on (Web-SSO), also called Web access management (Web-AM) works strictly with applications and resources accessed with a web browser. Access to web resources is intercepted, either using a web proxy server or by installing a component on each targeted web server. Unauthenticated users who attempt to access a resource are diverted to an authentication service, and returned only after a successful sign-on. Cookies are most often used to track user authentication state, and the Web-SSO infrastructure extracts user identification information from these Cookies , passing it into each web resource.

  • Kerberos is a popular mechanism for applications to externalize authentication entirely. Users sign into the Kerberos server, and are issued a ticket, which their client software presents to servers that they attempt to access. Kerberos is available on Unix , Windows and Mainframe Platforms , but requires extensive modification of Client/server application code, and is consequently not used by many Legacy Applications .

  • Federation is a new approach, also for web applications, which uses standards-based protocols to enable one application to assert the identity of a user to another, thereby avoiding the need for redundant authentication. Standards to support federation include SAML and WS-Security .

  • Light-Weight Identity and ''' OpenID ''', under the ''' YADIS ''' umbrella, offer distributed and decentralized SSO, where identity is tied to an easily-processed URL which can be verified by any server using one of the participating protocols.


The term ''enterprise reduced sign-on'' is preferred by some authors because they believe ''single sign-on'' to be a misnomer: "no one can achieve it without an homogeneous IT infrastructure" {Link without Title} .


SEE ALSO



EXTERNAL LINKS