Computerworld - Suppose an airline wants to give its online customers access to special offers from its hotel and car rental partners, yet spare those users the bother of logging in each time they link to a new password-protected Web site.
The airline also might want to give its employees access to the secure sites of its 401(k) and insurance providers without forcing them to prove their identities multiple times.
Two of the more prominent options the airline might consider are Microsoft Corp.'s Passport service and future systems based on specifications drawn up by the Liberty Alliance Project, an industry consortium with more than 120 members, whose founders include Sun Microsystems Inc., American Express Co. and United Air Lines Inc.
But IT shops might want to carefully assess their choices for single sign-on and user identity management, because both options are in a state of flux and new Web services approaches could alter the landscape even more.
"You really have to have a driving business need to want to do this now, because of the potential for change," says Randy Heffner, an analyst at Cambridge, Mass.-based Giga Information Group Inc.
In July, the Liberty Alliance Project released its specifications for a standards-based mechanism for simplified sign-on and user identity management. But although vendors have promised products based on those specifications, they have yet to produce them.
The second phase of the specificationswhich will include guidelines for site-to-site authentication and user-attribute sharingisn't due until the first half of next year, says Paul Madsen, a member of the Liberty Alliance's technology expert group and manager for identity services at Addison, Texas-based Entrust Inc.
Microsoft's Passport authentication service, which has primarily targeted consumers, relies largely on proprietary protocols that the company made available last month for inspection and development through its shared source code licensing program. But Passport is expected to shift to authentication tokens based on MIT's Kerberos technology and add support for Web services standards next year. That, in turn, has given many in the industry hope that Passport may someday interoperate with Liberty-based authentication and identity management systems.
Currently, the approaches differ. One major distinction is the location where each model stores and maintains user data. Another is the means by which the systems share a user's authentication status information.
Under the Microsoft service, users register either via www.passport.com or a member site that has an agreement with Microsoft. The member site must be running Passport Manager software, which serves as an intermediary between the site's server and the Passport server and helps decrypt incoming cookies.
When a user logs into a member site, he is redirected to a page with the Passport user interface and branding from the referring site. The member site can decide how many of 10 possible fields of information it wants the user to fill in, and the information is stored in Microsoft's Passport servers. Users can opt to share all of that information with other Passport-enabled sites when they sign in, or only their e-mail addresses or names.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!