SSO
"plethora of terminology, standards, frameworks, acronyms and vendor disinformation has added to the market confusion."
The plethora of terminology, standards, frameworks, acronyms and vendor disinformation has added to the market confusion, a theme that has in the past has characterised the Identity Management industry, as to the myth of Single Sign On (SSO). Enterprise Single Sign On (ESSO), Reduced Single On (RSO), Simplified Sign On(SSO), Web Single Sign On(WSSO) Cross Domain Single Sign On (CDSSO) Password Synchronisation (Not SSO) the list goes on however the one thing that is certain is that every man and his dog wants or in the past has pursued one of those acronyms.
So you’re now probably saying “I’m Confused what is SSO anyway?” "Single Sign On", is an authentication process that lets a user to enter a username and password only once when they log on to a system and won't be prompted again for a username and password each and every time they want to switch to another program or application. As opposed to Password Synchronisation which is any process or technology that helps users to maintain a single password that is subject to a single security policy and changes on a single schedule across multiple systems, however the user is still prompted to authenticate to each system or application.
SSO has in the past been viewed by many as the Identity Management nirvana. The problem is that Single Sign On(SSO) in the modern multinational enterprise is impractical if not impossible. In many cases end users are unable to have a single username and password for multiple different applications because there are pre-existing business rules that prevent identical identity information from existing simultaneously in different directories, some legacy applications cannot comply with identity management at all and some applications have password rules that can’t all be met by a single password. Web-based authentication is very different than internal authentication and there is also the question on non-repudiation, the list of obstacles goes on.
Agreon advises its customers toward Web Single Sign On (WSSO), SSO for Web based applications. Ideally an organisation should evolve towards a consolidated identity store, usually in the form of an LDAP directory, and then educate application developers on how to consume authentication material from that store. When multiple applications leverage a single repository, it is simpler for the user to access them in a consistent way, data accuracy is ensured, data redundancy is eliminated and the environment is secured.
