Computerworld - Suppose an airline wants to give its online customers access to special offers from its hotel and car rental partners, yet spare those users the bother of logging in each time they link to a new password-protected Web site.
The airline also might want to give its employees access to the secure sites of its 401(k) and insurance providers without forcing them to prove their identities multiple times.
Two of the more prominent options the airline might consider are Microsoft Corp.'s Passport service and future systems based on specifications drawn up by the Liberty Alliance Project, an industry consortium with more than 120 members, whose founders include Sun Microsystems Inc., American Express Co. and United Air Lines Inc.
But IT shops might want to carefully assess their choices for single sign-on and user identity management, because both options are in a state of flux and new Web services approaches could alter the landscape even more.
"You really have to have a driving business need to want to do this now, because of the potential for change," says Randy Heffner, an analyst at Cambridge, Mass.-based Giga Information Group Inc.
In July, the Liberty Alliance Project released its specifications for a standards-based mechanism for simplified sign-on and user identity management. But although vendors have promised products based on those specifications, they have yet to produce them.
The second phase of the specificationswhich will include guidelines for site-to-site authentication and user-attribute sharingisn't due until the first half of next year, says Paul Madsen, a member of the Liberty Alliance's technology expert group and manager for identity services at Addison, Texas-based Entrust Inc.
Microsoft's Passport authentication service, which has primarily targeted consumers, relies largely on proprietary protocols that the company made available last month for inspection and development through its shared source code licensing program. But Passport is expected to shift to authentication tokens based on MIT's Kerberos technology and add support for Web services standards next year. That, in turn, has given many in the industry hope that Passport may someday interoperate with Liberty-based authentication and identity management systems.
Currently, the approaches differ. One major distinction is the location where each model stores and maintains user data. Another is the means by which the systems share a user's authentication status information.
Under the Microsoft service, users register either via www.passport.com or a member site that has an agreement with Microsoft. The member site must be running Passport Manager software, which serves as an intermediary between the site's server and the Passport server and helps decrypt incoming cookies.
When a user logs into a member site, he is redirected to a page with the Passport user interface and branding from the referring site. The member site can decide how many of 10 possible fields of information it wants the user to fill in, and the information is stored in Microsoft's Passport servers. Users can opt to share all of that information with other Passport-enabled sites when they sign in, or only their e-mail addresses or names.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts