Computerworld - Suppose an airline wants to give its online customers access to special offers from its hotel and car rental partners, yet spare those users the bother of logging in each time they link to a new password-protected Web site.
The airline also might want to give its employees access to the secure sites of its 401(k) and insurance providers without forcing them to prove their identities multiple times.
Two of the more prominent options the airline might consider are Microsoft Corp.'s Passport service and future systems based on specifications drawn up by the Liberty Alliance Project, an industry consortium with more than 120 members, whose founders include Sun Microsystems Inc., American Express Co. and United Air Lines Inc.
But IT shops might want to carefully assess their choices for single sign-on and user identity management, because both options are in a state of flux and new Web services approaches could alter the landscape even more.
"You really have to have a driving business need to want to do this now, because of the potential for change," says Randy Heffner, an analyst at Cambridge, Mass.-based Giga Information Group Inc.
In July, the Liberty Alliance Project released its specifications for a standards-based mechanism for simplified sign-on and user identity management. But although vendors have promised products based on those specifications, they have yet to produce them.
The second phase of the specificationswhich will include guidelines for site-to-site authentication and user-attribute sharingisn't due until the first half of next year, says Paul Madsen, a member of the Liberty Alliance's technology expert group and manager for identity services at Addison, Texas-based Entrust Inc.
Microsoft's Passport authentication service, which has primarily targeted consumers, relies largely on proprietary protocols that the company made available last month for inspection and development through its shared source code licensing program. But Passport is expected to shift to authentication tokens based on MIT's Kerberos technology and add support for Web services standards next year. That, in turn, has given many in the industry hope that Passport may someday interoperate with Liberty-based authentication and identity management systems.
Currently, the approaches differ. One major distinction is the location where each model stores and maintains user data. Another is the means by which the systems share a user's authentication status information.
Under the Microsoft service, users register either via www.passport.com or a member site that has an agreement with Microsoft. The member site must be running Passport Manager software, which serves as an intermediary between the site's server and the Passport server and helps decrypt incoming cookies.
When a user logs into a member site, he is redirected to a page with the Passport user interface and branding from the referring site. The member site can decide how many of 10 possible fields of information it wants the user to fill in, and the information is stored in Microsoft's Passport servers. Users can opt to share all of that information with other Passport-enabled sites when they sign in, or only their e-mail addresses or names.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts