Single Sign-On

We have never before in history had access to so much information or so much of it at our convenience. The plethora of resources available presents its own issue though - how does one control access ? Remembering one password is trouble enough, remembering 10 is a challenge, remembering 100 is nigh on impossible. The human mind solves this problem in an instant - it uses the same password repeatedly for all resources ...

Single Sign-On is an access control solution whereby a single username and password creates transferable authentication tokens for permissions to utilise resources - be they knowledge stores, computer systems or even printers. The technology has been around for a while, first having been developed with the Kerberos system at MIT in the early 1980s, but there are many variations and implementations of Single Sign-On.

Kerberos is now in common use as part of the authentication mechanism for Microsoft Windows, and Thinking Security was proud to be involved in the production of the official Microsoft guide on Interoperability with UNIX and Linux Kerberos implementations. We have also been involved in providing Kerberos advice for secure communication for embedded systems.

Shibboleth is a much newer Single-Sign On mechanism that is targeted at academia; it is more focused on authentication being granted to members of groups, rather than individual access controls, and thus is suited to institutional based subscriptions and accesses. We have designed, developed and successfully implemented a Shibboleth solution for access controls for over 1 million subscribers to our client's service.

PREVIOUS