IT Management - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Management


Averting Web Identity Crisis



 By: Anne Chen
2002-06-24
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Management story.


  Table of Contents:
  1. Averting Web Identity Crisis
  2. ' Above the Fray '

Rate This Article:
Poor Best
Averting Web Identity Crisis
( Page 1 of 2 )

Single-sign-on schemes become crucial to enterprises as Web services pick up speed.

In Craig Gorens book, the customer is king, even if that means his staff will be required to integrate with multiple Web-based frameworks. Thats one reason the president and chief technology officer of Centerpost Inc., in Chicago, said his company will support any identity management system customers want to use, even if that means his staff must manage multiple Web-based frameworks. Got an ID and a password from Microsoft Corp.s Passport? No biggie. How about one from America Online Inc.? Not a problem at Centerpost, which provides a Web-based service that allows clients such as UAL Corp. to communicate with customers via voice and data on wired and wireless hardware.

"The Holy Grail has long been the concept of single sign-on," Goren said. "But its easy for technologists to forget that the whole point of single sign-on is to make it easy on the end user."

Making life easier for customers may be the principal reason IT leaders such as Goren are increasingly jumping on board with single-sign-on and digital identity management products such as Passport. But its not the only reason. As enterprises begin to launch online applications as Web services, theyre realizing its critical to have an integrated repository of information that can tell them whom theyre doing business with. Not only can that information improve security by keeping bad guys out, but it can also help enterprises customize online services based on a users online history and stated preferences.

But theres a catch. Because high-profile, consumer-oriented single-sign-on frameworks such as Passport and AOLs ScreenName service dont yet interoperate, and because others such as the Sun Microsystems Inc.-led Liberty Alliance are just beginning to roll out, enterprises interested in taking advantage of single sign-on for the Web today must make a decision: either bide their time and wait for authentication services to become interoperable with accepted standards and a loosely coupled federation of trust (something IT managers predict could take 18 months or more); cobble together a federated single-sign-on capability using open standards such as SAML (Security Assertion Markup Language) on their own; or, like Centerpost, support any and all approaches.

Resource Library:

Even if you decide you can wait, experts advise that now is the time to start developing an identity management architecture and strategy so youll be ready to act once single-sign-on frameworks such as Liberty mature. That means deploying user authentication software internally, consolidating directory services, and creating delegated administration and self-service processes.

"Get your house in order first, no matter what strategy you decide on," said Dan Blum, an analyst at The Burton Group Corp., in Midvale, Utah. "You need to crawl before you can walk. Once you can manage your own identities, youll be much more effective at projecting that information to the rest of the e-business world."

In fact, its inside the enterprise where the real payoff from identity management and single sign-on will first be seen. In a recent survey conducted by Meta Group Inc., of Stamford, Conn., IT managers said consolidating stores of internal employee and external customer ID information would enhance productivity by 24 percent and efficiency by 25 percent. Single sign-on would also decrease help desk calls by 33 percent, managers said.

A number of vendors offer software products that enable enterprises to get a start on deploying their own single-sign-on capabilities in support of Web-based applications. These products, which enterprises can use to manage the digital identities of employees, customers or suppliers, include Netegrity Inc.s SiteMinder, RSA Security Inc.s ClearTrust, Oblix Inc.s NetPoint, Entrust Technologies Inc.s GetAccess, OpenNetwork Technologies Inc.s DirectorySmart and Symantec Corp.s Webthority.

Even most enterprises that deploy their own nonfederated identity management systems will eventually want to tie in to one or more of the increasingly popular federated services from Microsoft, the Liberty Alliance and AOL. Microsofts Passport (the authentication piece of the companys .Net My Services framework), with some 200 million accounts, is a single-sign-on service built on Kerberos 5.0 that provides identity management and authentication for Internet users. Liberty Alliance—which has more than 40 enterprise members, including Sony Corp., American Express Co. and Citigroup Inc.—is expected to release a specification for an open, distributed, single-sign-on solution built on federation, meaning multiple Liberty systems could interoperate. In addition, AOL has its ScreenName service, focused on unifying identity and access across AOL Web sites.

While each of these systems is expected to share some underlying Web technologies, they wont interoperate for a while. Experts say which ID management framework or frameworks IT managers choose to support first will depend in large part on the technologies underlying their enterprise architectures.

Although there has been some movement toward interoperability among identity management frameworks, the big frameworks will probably remain separate for some time, experts say.

In December, AOL became a member of Liberty Alliance and announced that its 31 million subscribers would have user IDs and passwords compatible with any specification released by the organization. In response, Microsoft, which has yet to join Liberty Alliance, announced it will release next year the first stage of its next-generation Passport services, called TrustBridge. TrustBridge will allow customers with Windows .Net servers or other Kerberos-based systems to have federated single sign-on using Kerberos tunneled over Simple Object Access Protocol Web services.

"Were sort of moving toward this polycentric identity environment, where initially the services will not interoperate, but ultimately theyll be pressured to do so by large-enterprise customers who will not want to support too many mechanisms," The Burton Groups Blum said. "There needs to be a common denominator single-sign-on solution across federated business-to-business environments. Theres a possibility they could all interoperate, but theres a whole lot of work to finish."





  Reader Comments: Averting Web Identity Crisis
>>> Be the FIRST to comment on this article!
 


 
 
>>> More IT Management Articles          >>> More By Anne Chen
 


x}ks㶲*Q3Co{)ْ:-K3>*-%Bc!)J6b?q-1;["w~ I Ӟ ǘ[cӑGLzIj}ݻ@BizNU sJe>HwW7nQ;^> \?g#Q;Y|}^~b .pѶ ⌳Qm xyG`azN5409;RZIj=IULxy$Y)r":_Cn&J ݒeL_;D_KŗG)H7#ǚMmdƱ(|ǺrN~}M'Zf-Mn "dh|]w P3Z$923=Pru&Sk~$M cb.L2o2|)m̗U/d`(AK/g- 5t*軤(If0;A0<^f/_\@ 1 p1S{n2.sd>U<8vwܬu"*մޙ-~4ҢKsInH{⧋vǫ #KEHYf7-wI09ꨦUʵt ?J jGExQѯ+& rO f[Ԗ-ò˄A >aϨ>s|V궝x>:AGAticŦh4@MMrӇtu4A.~{ݣn]?'tno7,Abχ@a`ΨsZ LP"AЂMx>tT؎]6}l2w9;-(;hk=`DkwCPb1(բ!Tg,zz>)@}>\ lmN7-}hZ`1 5#JKm;r-FaADأ$@!"-i]NP@Ar68 -8,rrޑvZ*&RPJnOq$;gJ"ڹ&,S,ЂW-Kᗄtfh(L=?Fu Q򍜈<"`&ˑea*0pRx5Qn`oʑUtDބxlLX,pU{<7-4a -|' -LpEQY 4 x9o@Cys;J`p=fX4Кs=RA\^XPaAݤ6[93mX0NєDWjP6~@-QM{lz:eR#O>uK-vc k2FE'6`FUMR|!||=Ꭴm4@>J|z[.z8 9r!M5kb$`CfO Д /kb*q (tzS\O Όō$ЊOW}?ٲZdY6(V7v/KT:߮LR[k 2LZԵ1 E$$BY`}.eGQHīd - ג686pc>7l{`(`T5J?Ȅeê%M*K[ ʸAfH ~c &ʥ ë;q\cOzu@nztq˱O@~P9gs?Q,C,8c(L>Eװ HZU{)u&\$(e\8V,'Ё*8t5u{yq?_YN۫®tٔ/xvp ;Dh2f ñiHuߴiF̫%UXOE}T5F" D ȸla,ri L*gXs>Qid^0RK´9& zI8e'og đaϗAܧ^ǨO`섏k 5o`" 2l3s&/ft|pE% i4Q,(J9A)` L] TFSyv0$u`m\>(cpF,`^\|<ׇ> B K'"Z``Es ǖYCǖbTیЂ[|P*ұ@%УpӞrVyC濚?O~2T+BZ= QQT*߬Ps1)'@S$f|`g<ڗ_ޝoh`1gRJo0t*tȕ`s|eLFjAB;?kJC4By^Ypw\pR "(87~Ɋh3 خ crFmhv~:N(k5PΓeO#c#lʂt!WMUm#Xݚ `1}jDa#CP`f0%+ #m6QJs8-"vV;gKjZS~I1H%[SsGŕRCȮcf>Fu*ZWּӪ`fcDH!S#2z q[kh0h-f;Z;pLjg  欩h+sJbOW2EߙizrujFYXy3is{"s-_M>0%XȓS;pi-uQB< 6|o D >RWo鸙 ĨhyUM+%Fےf038ʃϣ epv= [9,3?{諵R 2߼=p=JV:Ɲc}t;wֿLWE}k`gwɛ(*Kq3`93"mLt #jZ,lZǐlwBO ~'A΁MO0="c^.k|Y{~4si l}[Uהю"eάɢ7(CiB/%9T1 Vv}b;_I|SeȣV)ki+TX񋰷 ?3pa-XPjh3HU5}dE C/ ސOZDC^$G|)ATEUPU(V $yVp8*h7xџ6XD+++0/7"h ޜ-cr[ e|\+fK%2_vܖ[J,]>a u0 mL%Q;o^n@h secn-`I3I9`{IO4cJ7ѭj՚*ӪV$,< 7Cd',-LGI4^:&.2O%ss< ⿂On{ܝ9ЍFIΝrQӊ 5`JR}'00 ƈkS@Z: #ɢ\' WeRU8J3Az' vBq]6p ^a?up-492=QhZavOT+ʬf4A48'o/>C(1A A D@";n߱?% ?S-e{5al 9e#(Jagme_:m^t? ?:N;QAZrXi\/šHV_tD`Q˖Թh~h,/M[dzNR(I1>dd˙]=+boVta Oa區 _9 ys)}=^zGsٖW's=BnTH·CF_!zNfS L k;d8) hdjm\8`ziB_KվĂqK՜$"j ON3$nPh0Sޚ( Z`!旁woH2|(_bHH\T dDӻ:o~Nlen/ m! D785S*PW2REHIAFZu_f bt<~Ut":Ho1r!~_!c&o8~P6hLuf:n|"B2^'68;=h19H/pǻ"TS(LMàvD)fTxi'y0:Ɩs8쀒N1{LGlOܡM]>--g̑s$S)Ҥ\ AgJȄaye5)a5R!MLCYOC/D$f;B:z{ giMN.m2jt.>6D2F\`ql)JZa""A|)J| 9i@ Rr;8%}@J^KJPW&BR0><-@s`:<@´+,zTVHlw;`ұGy~`ѴNxĆ#^@)s^XL2k=x'[gY.t0w쯾d#ޓd=fcL_ ;]Z=w>1j8;=?P.zZTrcW}V7 ˳0q!~<,?4n8iueO5i^~&mЯ> H-Н>u?y{do&=)dzIlΜu 9obXKwfimԕa6FKp?Koҽ{g;᧥mes7tȳV*1$DH!Hnm e_"2gNIJn/:Ld< ,f}x3tT?.#ze9mfoxzoo=ȥ&q=*~O7]f+wB%mJK{9nhp;D%ýqQ#y∶K`!j>b5o14L,*z>;l-3hL ;yor:? G Ofx՛R\P`-ݺܭ1J "i#ĠHߙSsEs _5 4:as*|"ZyVaoE[ά1!Ifm1ZP|9ߎ93{K4j Z*2kp+cS[K//.̼V&v zГqi+"@ыO-1-}O:d|:3mXY?5ut*:}E-K))E&e~\{<9Z _aǷ?tpVsvo4D f,Gg.;T$13s>6|ő}JݐĢ֒#*FGʺx4bW $F" bxi!vZǕJ- S丌 : >ƣUv*R*Ss%E1B> j_=bҗ)v A }"A*ڳP~7%&W%/9gRE93*]S_1;R< "LAV*-ϳ5CX3va|:/dWX,c\̽+N}aooooފR֞EK8|7 {MgN-'KR N- pMC0PF)KCP6kyԾdGDqԍ_ؒ$ẽ|VdfCLc/=œ@jj?&x)O: 3 gV|N ߧ>gE/GY"ښwh_u?voN@?̶nmޢƄ2N@cK%)2p$L{2O)O[ ~Ԅ m$~!:@Ha[~LKPxA`[Ri4f)HoQr1cg6)a}=/QQhVrK/5) ` 8Jīǃ9UX}"'_?K3Ũݒ^]cY:9H`p5m$'%ը˕hI<+']~^^^^^kJR|-k{iP̑~Hw CNc Tx}΋c Ҧw\ ˌt\?s0hΖFXz}Y+y$ J7g$bWx=+fۜa5!p_pBL/|ё{[dp=l Z`ɆM*DTM l߼0!٩LfDRso ZߦLفm_mDV(J(V_tׅ dUoko9wt%۬Rߌ2ײ#1}eL_zl/oif#e։ V(Hzj3ƚe< -~ m%@=܀Ybb>8\AO=cЃ%:?w}L(õe,(P'>k~~i//m~ic' kɗy0 \ 'o>-nb1E+l@.h s}iŽ\簽Cr~G&Cя"xvh2݀v*k+HW!-soL>,%\k>!3Opl G:@Cq {aS@a]IYQ{ҬfSxQi vf4iSu&.[{쏉;T= ? KL)`G%5C~0g.6SPI\y|s 㷈1PSo-]z?*n)ǝ@ BoA dqbZsʑmOUlxQEW#|B7oWήqHjXm[gR] X(яTc~/:"j\DjsܕĤAI҂B4vĨW\7n"9HXWԖkrk#"Z"'"KIH^X09pD]dbɠ#t(p#(4o&vn =L%PP*(Zz/[\#Q1m˖C0经UztWc1\A/m,%;^$~ +^Rc$W6 O,Il6SfEg+vl"6\%pKp|{=-0VU5}bx@vZ*f63ZI B;#4xc8Q@O@L%F J 47\CP |X-C7Wq+P~ЪۣV7>2B&s'ُp{S;B΀E!D|tz['u}H?Km1IEhb#3!Ff0\'M3CsN.7v߾U Ci|Q^Hou.Ma >=[q80xd+ 3;9 wCy– \vKXӁz c>r*?Dr6Б`5A1H3vJ~;o~)5ٹ՝ cpT`sjKd5B&t85{_{=n%[ lx Dxg93ۈ) =L#&|x >ԁ DXS36Faŷ^(l8*wxc||>+$@€b)(bWE@,G,(ϏB5D*%n67PFͭ03L\UYej xpx})lH ɖàzEQt#ߛ3,ȏ%%nNKM b$!%H$bcx=9`1A2dzwȗYaP8\  +z+U'I]U@)p!xW`ǪZJWt'x5n?R.4!W)WPh s#cvFCd$ڟ,\yuuvI^ۤwrݹw}޽sV֚_ԝnIi}uݹSf&E`<eJE)sS9@)B*r4,xy^/>M`%^< NL*a^e=DM@*:ecʧ j]{=--YWG>;tɉcdHw>(}uR\jsg# )n}>e;MjV}QyxQ3Q Q~ כO@͌.w3ʑ[V;O6~N3!>Bg\㬳5:r_'\fC;k( 7 sȂ"?0_}^dE}"^f(?@?2/"2c~/.32cnF  !_>2 ޿x:~z0^{0^@ # 埲a|2 )7P~U{A7MF7@7ug+\8=Rgr z)A^d_~*%iFy 3YY zvAeX^e\512ௗednleҹ:鶒 aqʍz^S_xڞ馵pۭ]n@+G{1:,y& r hxVydb bye?VPw;]CҤ]z.!{%])W[O'ikr(s<2g)h{d3-DuL QUނb>Y"x}s&p"!H8߱&Z! g8 a箩%gWxJ# {4 K5:Ѝ21vNr|(VT+[-WJr=]~ 〈 &T$`rXJ D`q9CTx|Femƫ9 C8b{hDŽ[ɖ(=^?FG'&^rnu^ŗ1Y {7/#^"Uv&Ac(<ǀ)"RK?^*q0 j>d%Q(8s`ͫFbЦ!Kva[`Z';=8djy }d)049+hw ` z}y<8ëN)œIbș |dK$pgB-[˫t!ލPeD˦憄aG:XԞ/{nnaV'ֆ*V<'B;NˇuErlyѻKdgm!X5RǬy@G}Q!j6e:]n\#S?p[_|e @ N_cś0V>փݍlb5)"R ϙIqm4Hx>}r 1)7⣭A{=M,'g`Erl9~u ZQ'8݈83nwZf$]Hn.v>ވ'ĕ}lHP=ۺ9l܆,&]ݨ3K~#xR Hn<휦?jg1xo3B|(pIdh/ 0S\ΖG~)Lmb[>/I>7{z\='=~93ӃsLYRcm\$a )I'kQ`8O 챧0,%>AWd]& A_&|NbOhSxugĹmRc4!a/XVX#eE)TPsHO-N-ONjf-~&oL"6;͸1,{ݞ#1DK#456q7A^|˼kAўXnw0w>L/#]ZFc`p ۂ{XiWeJpC)tO˞ĵ˰7#Tt ` GYu`+r 8ǩ3bhwq#ƫ1ucB\ (cto@L?Q1?c]'nFQMF.D]hT[)*ʢS6M /ߵS3pݼg®,vyXF4X3' cgb@xO=f_qxN|,Xu 2^;FB~ea'Zϼ:?ʂo/ QF$V/(ylHbK9m5G0X1'NRK&t>f cJ\gGۂ~G+2G S<"Y4/'`)O#xje 3 .^3 {e75wHQ#z.fiACWqk @[&Sǂ)y0Ǖ2D1F(g,1f.& Ax&=`#hxj<nRh1 Lb'kI˟#795GBJiF 5cP.Xd-'oB@: εxBG,?ɋ| byx ^Uf}')VS/ρ.ȟ$ʓ}E?b%P|^k/oYi/6/:yH%D=C ɳQFK;O(QFp?\S|=^`gh[^zVju.?$+=={T7v r9F˳`bhP7]ӨZY$IL#;ob[b$- U.IM)V [gv[W(~r[)CU:M\"GZk/%!zRM39Q/kEsk&|R2ұ=RZ`'l/Z6?"3+