Web single sign-on

Hi,

This was posted at Vuln-Dev, maybe it would be intersting to hear from your group too.

---

Merci

Marty!

******************************************

> Hi group,

> 

> 

> We have a big discussion going on at one of my clients as we are about


> to add an Internet portal to several applications. We are looking at 

> implementing a single sign-on (SSO) solution for our web applications.

> 

> 

> This discussion is as follow:

> 

> 1- Should we buy an already made up single sign-on solution or build 

> one in house?

> 

> We've met with the people from Tivoli and Computers associates 

> already. Other suggestions?

> 

> 2- What if we go for a temporary in-house solution for next year and 

> get stuck with it as the portal and the number of applications starts 

> growing?

> 

> My concern here is the potential of risk being blamed by the auditors 

> about an in-house development vs a well known product.

> 

> The number of users of the portal will grow in the ten of thousands by


> the end of next year. Robustness of the solution should also be a main


> factor.

> 

> The security of the project is taken care of by firewall, access list,


> DMZ etc.

> 

> The number of different application is already up to ten and the 

> portal is not even built yet. The deployment of the appliactions (all 

> web

> based) should start as early as march 2003.

> 

> Pre-requisites : We have to work with the fact that the environment is


> IBM Websphere servers and the fact that we are already using LDAP for 

> authentication on some applications. No comments on that part please, 

> we have to live with it...

> 

> 

> 

> ---

> 

> Thanks!

> 

> Marty

> 

> ******************************************

> 

> Pensée de la semaine :  Comme pour l'esprit, rien n'est trop grand, 

> pour la bonté, rien n'est trop petit.

> 

> Martin M Samson

> Chef de projets,

> 

> 

>