Re: Web single sign-on
From: Eric Rostetter (firstname.lastname@example.org)
- Previous message: Levenglick, Jeff: "RE: Web single sign-on"
- In reply to: Marty: "Web single sign-on"
- Next in thread: Nasko Oskov: "Re: Web single sign-on"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Dec 2002 13:24:07 -0600 From: Eric Rostetter <email@example.com> To: Marty <firstname.lastname@example.org>
Quoting Marty <email@example.com>:
> We have a big discussion going on at one of my clients as we are about
> to add an Internet portal to several applications. We are looking at
> implementing a single sign-on (SSO) solution for our web applications.
> 1- Should we buy an already made up single sign-on solution or build one
> in house?
Or use an existing opensource solution.
> We've met with the people from Tivoli and Computers associates already.
> Other suggestions?
Nope. Lots out there.
> 2- What if we go for a temporary in-house solution for next year and get
> stuck with it as the portal and the number of applications starts
Then you need to make sure the in-house solution you pick, even if only
meant to be temporary, is flexible and extensible.
> My concern here is the potential of risk being blamed by the auditors
> about an in-house development vs a well known product.
I wouldn't worry about that. Either cen be secure/insecure, cheap/expensive,
easy/hard to maintain, etc. No clear advantage either way without knowing
your extact setup (manpower available, skill level, etc).
> The number of users of the portal will grow in the ten of thousands by
> the end of next year. Robustness of the solution should also be a main
Yes, but that doesn't affect the choice of in-house/opensource/commercial.
> The security of the project is taken care of by firewall, access list,
> DMZ etc.
Well, I'd sure not depend on only that. Build security into everything,
including the single-signon. Security through depth.
> The number of different application is already up to ten and the portal
> is not even built yet. The deployment of the appliactions (all web
> based) should start as early as march 2003.
> Pre-requisites : We have to work with the fact that the environment is
> IBM Websphere servers and the fact that we are already using LDAP for
> authentication on some applications. No comments on that part please, we
> have to live with it...
Look at commerical apps and opensource apps (like Horde at www.horde.org)
and see if anything meets your needs. If not, then go in-house.
-- Eric Rostetter The Department of Physics The University of Texas at Austin Why get even? Get odd!