Good little article. But there is a difference between having an on-line single sign-on, and using SSO internally in your company, which is what the original poster was looking for. I don't think any of us are willfully considering using MS .Net for SSO when shopping on-line.
Consider this scenario. I boot my laptop, then VPN to my network, read my e-mail through Outlook, and then use Terminal Server to manage a Win2K server, and lastly telnet to a router. At each of these steps I need to authenticate separately and provide my username and password all over again. For those of us who deal with issues like this (not that it's THAT hard, but), wouldn't it be nice to boot your laptop, logon once, and then be able to securely access all of your network resources? I'm not saying SSO fully addresses the idea of security, but it sure could make my chores a lot easier if implemented securely. Brownfox -----Original Message----- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 6:25 PM To: [EMAIL PROTECTED] Subject: Re: Single Sign On Software and One Time Password I was just reading something that someone forwarded me from Tech Republic I think (doesn't really matter as the author's e-mail address is included, so you can write there directly). This might interest you as you are looking into this technology right now. >> WHY SINGLE SIGN-ON IS STILL A BAD IDEA >> Why are so many companies interested >> in single sign-on services and centralizing >> customer information when it's fairly >> obvious that (given a choice) consumers >> wouldn't choose to store this personal >> information online? >> >> Obviously, this is a rhetorical question. I >> understand that it's all about marketing. >> With detailed customer information >> available real-time in a large, distributed >> database, targeting marketing based on >> that information is bound to occur. And >> since such a data store is intended to be >> accessible across the Internet, abuse of >> this data, either intentional or by accident, >> is also likely. >> >> To me, the entire issue of single sign-on >> introduces the type of monitoring and >> access control issues that border on >> invasion of privacy. Not to mention that >> wily hackers, eager for the crown of >> "Ultimate Hack," will do whatever they can >> to find vulnerabilities and exploits on any >> large-scale database, like the one Passport >> provides and the one that Liberty Alliance >> Project proposes. >> >> Single sign-on services are a horrible >> simplification of authentication that is >> needed. I want to be authenticated when I >> try to view my bank account! I want to type >> in a different username and password when >> I need to! If one of my usernames and >> password gets compromised, at least it only >> gets compromised in one place. Most people I >> asked agreed that single sign-on is a bad >> idea, based on the explanation I just gave. >> >> So for now, count me out of being a >> participant in the Liberty Alliance Project. For >> that matter, I'm perfectly content keeping my >> multiple username and passwords for access >> to myself--which is where that information >> belongs in the first place. >> >> To comment on this TechMail, write to Jonathan Yarden. >> mailto:[EMAIL PROTECTED]?subject=Internet%20Security >> >> Jonathan Yarden is the senior UNIX system >> administrator, network security manager, and >> senior software architect for a regional ISP. Jon >> is also a member of the FBI InfraGard program, >> a partnership between the FBI and the private >> sector. JayW >>> "Vicki Vinson" <[EMAIL PROTECTED]> 11/11/01 08:40AM >>> Computer Associates has a Single Sign On app >>> "eko yulianto" <[EMAIL PROTECTED]> 11/08/01 10:29PM >>> Hello, I looking for software for Single Sign On and One Time Password solution for my company, does anyone know which software that I need to used or the best one ? Because I will implemented that requirement in many platform ( Win9x, W2K, AS/400, OS/390, ) and each platform have limited features for authentication process. Thank's for any help and comments. Eko Yulianto IT Security Menara Asia 3rd Floor Diponegoro 101, Lippo Karawaci Tangerang, Indonesia Phone: +62.21.5460666 ext.5335 Fax: +62.21.5460660 Post Office: 15810 E-mail:[EMAIL PROTECTED]
