Re: Web single sign-on

From: Eric Rostetter (eric.rostetter@physics.utexas.edu)
Date: 12/09/02

  • Next message: Dan Kaminsky: "Re: Web single sign-on"
    Date: Mon,  9 Dec 2002 13:24:07 -0600
    From: Eric Rostetter <eric.rostetter@physics.utexas.edu>
    To: Marty <marti@videotron.ca>
    
    

    Quoting Marty <marti@videotron.ca>:

    > We have a big discussion going on at one of my clients as we are about
    > to add an Internet portal to several applications. We are looking at
    > implementing a single sign-on (SSO) solution for our web applications.

    Good idea.

    > 1- Should we buy an already made up single sign-on solution or build one
    > in house?

    Or use an existing opensource solution.
     
    > We've met with the people from Tivoli and Computers associates already.
    > Other suggestions?

    Nope. Lots out there.

    > 2- What if we go for a temporary in-house solution for next year and get
    > stuck with it as the portal and the number of applications starts
    > growing?

    Then you need to make sure the in-house solution you pick, even if only
    meant to be temporary, is flexible and extensible.

    > My concern here is the potential of risk being blamed by the auditors
    > about an in-house development vs a well known product.

    I wouldn't worry about that. Either cen be secure/insecure, cheap/expensive,
    easy/hard to maintain, etc. No clear advantage either way without knowing
    your extact setup (manpower available, skill level, etc).

    > The number of users of the portal will grow in the ten of thousands by
    > the end of next year. Robustness of the solution should also be a main
    > factor.

    Yes, but that doesn't affect the choice of in-house/opensource/commercial.

    > The security of the project is taken care of by firewall, access list,
    > DMZ etc.

    Well, I'd sure not depend on only that. Build security into everything,
    including the single-signon. Security through depth.

    > The number of different application is already up to ten and the portal
    > is not even built yet. The deployment of the appliactions (all web
    > based) should start as early as march 2003.

    Normal.

    > Pre-requisites : We have to work with the fact that the environment is
    > IBM Websphere servers and the fact that we are already using LDAP for
    > authentication on some applications. No comments on that part please, we
    > have to live with it...

    Look at commerical apps and opensource apps (like Horde at www.horde.org)
    and see if anything meets your needs. If not, then go in-house.

    > Thanks!
    >
    > Marty

    -- 
    Eric Rostetter
    The Department of Physics
    The University of Texas at Austin
    Why get even? Get odd!
    


    Relevant Pages

    • Re: Sharing Code
      ... I simply followed the steps that someone suggest of referencing the DLL. ... If I do that with all applications, then updating or fixing the DLL will require exactly zero steps to ensure all applications are upgraded to the new version. ... The biggest issue I run into is upgrading the library and then making sure every application uses the newest version. ... But for me, particularly for in-house stuff, only one of these issues is a concern. ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: GNU
      ... Ben Hochstrasser wrote: ... > applications don't fall in this category ... But even in-house, you'll have to give people using your binary ... the source on request. ...
      (borland.public.delphi.non-technical)
    • Application Encryption
      ... Are people who write software for clients (as opposed to in-house use) ... encrypting their applications, and what is the general state of password ... protected encrypted applications or even applications that cannot be ...
      (microsoft.public.fox.programmer.exchange)
    • [NEWS] Advanced Application-Level OS Fingerprinting: Practical Approaches and Examples
      ... Get your security news from a reliable source. ... Dan presents an alternate approach to application-level OS fingerprinting. ... cross-platform applications which result in OS-dependant responses. ... As a part of a default Apache ...
      (Securiteam)
    • Re: Active Directory/HIPPA Question
      ... The client ... > roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ...
      (microsoft.public.win2000.general)