|
|
|
Passport and Liberty: A Match Made in Heaven?
By: Anne Chen
2003-02-14
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Single sign-on has long been the Holy Grail in identity management.These days, an increasing number of my friends are looking for Valentines online. Unfortunately, its all too common for people to pretend to be someone theyre not. Or at least, stretch the truth. Too often SWM with George Clooney looks, future CIO, turns out to be SWM with George Costanza looks and a help desk job.
Identity problems, unfortunately, are even more complex in the world of enterprise computing. As Web services move from early adoption to mainstream acceptance and migrate outside of the safety of enterprise firewalls, an increasing number of organizations are faced with the task of ensuring users are who they say they are. On top of that, these enterprises are also working to authenticate users not just for one application, but a slew of them.
Single sign-on has long been the Holy Grail in identity management. The ability to eliminate the need for users to manually enter a different username and password to gain access to applications—or, in the case of consumers, e-commerce sites--would not only lower help desk requests but also provide a more rewarding user experience.
But to date, single sign on implementations have been few and far between. The main culprit: The lack of interoperability between proprietary technologies from different vendors.
Earlier this month, however, The Liberty Alliance Project released a new specification that details how its federated identity model might be deployed to work with third-party single sign-on systems including Microsofts Passport and other identity management systems such as Verified by Visa. The technical white paper, Identity Systems and Liberty Specification version 1.1. Interoperability, also explains how Liberty can also be used by organizations to provide user authentication.
The Liberty Alliance supports the Secure Access Markup Language (SAML), which makes use of authentication tokens exchanged between remote sites and applications, while Passport has a proprietary schema. The two systems differ in the way they communicate the token from site to site. The paper proposes scenarios in which a third-party Web site might act as a mediator between Liberty and Passport domains, converting Passport tokens into SAML assertions and vice versa.
While most of the integration work would fall upon third party vendors, the move is still good news for IT managers reluctant to deploy multiple authentication systems to support both Liberty and Passport users. Whether or not Passport and Liberty are meant to be together, however, still remains to be seen.
How will you handle identity management for Web Services? Write to me at anne_chen@ziffdavis.com.
|
|
�������x}ks㶒qU��S$5Ҕlcؖ�gwKEQĘ"yHʶ&?_v�K�Zc2�OM�@�ht7�F
K�9aɅ=dQݥw�D�;;o�$�CRϨ��!:5Mt�;p�k1�Z>u3
��ۀp�a,[YÃ��[��j �(K&�Oz֘lL1dl�usccm0�f��E��{5h{=D@��;s3�"&�4<�{'s��a�]dU~�j7@oǮ=d暻�w7��T6'`>6C͛P�x>Ґ궫m�"��lˡ,kО~/m-J�
b@)�Ԭw}ްg�vr=}w[7?=Wj>(��U?
?05�p;XR/�`(.םnG.;�[oAㆷc#H
|+k�oD�R*��rPMDA{a|O,hx^�H}tT啒^X7jJxP+Z TkzZ츆G`�%�pbQU�:Ϧeu}uHu|vtn"|#9ĠV*�IF±,N/gs�`H,@iܺ̐L�9�˽k�aXX(6hFʋEQsi�O��@s�Շ{�64A�?
dzG\��:3� }�!oL3�P�G�A�:z!ز=hy3c)иι��voa23B/�Jy7t
4�4/f��O`\@9`�88ʬ��Ek>ѵG!���{0s;0aǀt8)��Koe˕�F��}"@F.HCmN|4�"BQF����T� * g3#X"M@#'Gs [A��;�B/VKŸ�\*y"�JM'8WKR�h&,��,ЂW-KKLAfsf(4{~u}bB$|#'$�Xr`Y
�\+|�)l
�6ŢR�UxѸ55���K9��ܺ<��sH�-(�
Tc���0�8Y)�0�Akzn0�*-ϑmQ2G�l�a�挽�
s����ԸFvGM'�95,X0N�}BB+p5L��Ѕi�5ľǪ笱��{
r�G%ם6-9an5�ډI!VB13O@1sz@fepIJ*�#7�J���>�q?�JLQ\O'ŕ8�)�|Њ'N6ec�pjlYo%,J?յ�0z1(a]k%�T��$70�Bʶd/^[``֩E]QZRMPD@BR)I�
aY�*^(t�xNLqעA\8}�}�Wc��.(
ռ\Pe�Ȅil1UKy%_^Ǫe+ �T��2�4
0�}�"3[0P&�^�V�vP=tm| ]}r3|6�g��c�p6sp>e�ۙ^�
CM4,��FE^=t�&��${2.|Nl��,/0s�g6SЬa|ia=m-�;eSK�Q:O[-��V ҃���D-0ڠ���Ey9_L:�b^-!毺0iTԗKJAU#�cmLĽf��2�3MR#4tĠZlF֬9 \Q6-D.�k�
l�jrpj� Z��p�rv^ni^0,my�.|<궇12q͍a&mG��R�*Ö1S{`bjG{�T&/A�łc4q V0��G5WcOc��S!a�k"�_xHE�1y�[kpp��\�x�U.(L,�:j���
�[
H<�T�:8ަ&�݂�k�,G$.g.OM{nc>T�Ze�f,z,RT�j%86eU-UjERf�E`q�ˍxK�=�B19T>�h_8圉}cXo�,~R�~K�>3nA6|�K>8N-â',;�h`2$̮fG ã2R*1�gP.Q8Ufj�憡Rݯ�96_n'?XL!IC��8�D"
Ψ'<έA1䰁��L��xeS�B1BGt��Ȃt��!WZ2tX�
`��1a�#�G
B��ES�zڬ̷Ow�Z�u.aOS)ƥVt u< _{sM�\�-�WC�$
�X�wUGL�y=L:,JZP9kyF܇1"e�H!�
#2>Z q�[k0OT8YGw��܁c20_}P@Mnƪ
7��B=Gm@$�L|4S(O;[TM07>�3'm&-o^�{�y�7cӞ
s�^ɴ�h:�(6<� ֠|o��
�R ƍQ5)��cc>ϡ��=WR�4!#1�s*?�\x�u8�WX[@aMɧzP±F�p��a�pgHog|�mkH�9X�hb9B�J9��ޡ�P)�P7@yz�-'F&Gt�%p?(�`FOWo}lw\?綷T0�Č�JI)�zV�ERT� HÖ1A�g Kf[q.~+�yys>�Bmcv.{i}��
a^G=#Wn\�abVY/���߫%a珥%<�8W}y吔j��5?|<�-~t1�=�myރ ���`i0Fjثd�k�fߏԳ"yrҾ|/]2i/p`�BAN�p.ۗ%y皟ԫeK:\[�j�nTHC���z_!z[�FS�Ltk3d8)0'g~H/�6Qbk:�B[Ku͉��\9�TzF[{r��qdQn4�'lS�G�²V�XHE`Cx]7$>T}��E �� kJ=!�Vo8iwΛ�I9@C�����`E+Щ
#~_RB�I$Q#=.#�ķqɉ�/`Ia�1:�*:_['kᷘo9�?Oů1Ok7�tA�h[(k��p�ubsZ=t IQ?xH�>owާ��e|t$-�Ӌ/Eq�Ǜ��"YUc�(LZ!�*rښSd[@ӆ'>s�gx!uL0hq�%ќb0�BٸEK�̫]L-��̐S[)ńL hұyP#%dB%fy�e5 a5�C{��v1CN:#^4/?@��̯��$Q
:tD{5c*]+GA,�k4 9g[Kg[ٽF]Yl�FC�[8S|/eJٽdZv-HT�z�x
J=~l'Nt:�D�sNm
d["2gNIJf'<���Ld�,Fu�
x30T?.�!ziТ16Rw�!F.u?6vK ��=,Qszq>.e~W)dR�n
g�ʷzD*]s\v㚨�p;X�E)(yȁQR�!y�b6ko"j4EBa"cIE]j}�1�~�_O}
�re�Gp7z}X3'r���v3lK9O2q&�}x�2��C%�6˶˷kFp7�N
f_�!O�"%�JJ���a&l�@|Րٰ/�h]Z0i��aj}Z�qj��ulD[/'Ɏ?7e{cA�|3L
e��ԣSÂկiq&�v9�'�^�=)'K�#T�
J�dfyp�A�K"Z'?X@Ʀ9gN.��Zwr��B �]!/[ۉ�3�3�sf�N҄�]Nl<�T�l+oeHN۱_���*���-sHqC�{Q��M�E5ZA�tu�t�e }/�" #U\`T\�*;C3;86e
�щyPL5(�zTE?[��D-Ɣ:͟V6bAEW~[1x`�6c�?�K<�h,R<%Q$^/zY=�#!�O2e^Ieʯ�7!lƦ9oJȮrQ6vq_R�IQR,Dd��`lח:3_:C� ]�4Oj[��V��x=���O"�{k#'a&@�ؾVV/oJj!5θ`��uMK
�"G��C�
A%Xچ�'��Yъ��<�T�x5�QWIX$枃ƳoK�TZ|:F.N+->��u&�-lҹqG�Is�����D����iIxo@&�)y,��
'< =��,V�q
)�m��+��q/ћpOx��T;$x�Lw]2�Cʈ p9.��gݐj_HR�Xul$j4��o�$,JDQ'fO�m��,z,߆db6sÚ=0#[ǡ"0pRf+ҍJ�ndgb(�>qT2A̴N��0$����F�Bz]$.�x)Ho�OY/�6:2A;I�7D-�<�#[ikƌQ�ITpQ��x5g7�_�_]6mJ�s#�;3�e�C_v���D!m{�EK4tfץoӛQ� Hp;t�!.�Z�v&�h7v>�
�cw>���j_gÛ^G.Jjj{c;i)�Q}M�\BW{1�lœQ
xk�gVSǠȍѓB=�F�53*�C�!٩�fDR3{ߴ@>WZ�TQ,�0;:�O
cjգ80,K~}|ziYΥS.E5KKe!X|j|z?bcaBN;p7�߇�y$`h֢��F r��G(�&S#yc0;X2̬L] ef{Xp'
J�)_�Np =9Gsg�<,Xe�Νm�w�Hj��y]�iW~vȥEqAd�Ti.+�IdǰMaK1Y��,Ñ@ty�r�Ec�d1�6��l�="u87tf}r>�vGe�c�ٻgs��P~
es�[�WQ�AR_@X���ǜAĸIH�p'juзxwqE�! )�06${5"�&14�M] *b�T[o��ꨭ�7v6J�W][L&>Ah#
J~n'n|oLxfv�Y_aR
�:'�绹�;�"
ëK��G@M>s|�x�*�G@ �N��;T��zAs�Ǻax��SQ1F�}!щ[,pŭKp}r�:�@a$a��+ Ⱦ,�W�`*4+Nx{�f�^9E
ǹp`N�0McؕĠ�$F�iA h!�Fvw;�Kb+n\JVs{F$�H�UW/V��FX*�x+zBΗ�9��E NE��7&��Xx�X0�"/24��
�
/(/ɛq~lwK]�+�u.91�͂E
tM�cc954_Q�՜t=oĜ�
]Z˽XjuRE.%�{�'O����&�NE(�(+�$:TC1_+R �bU꠴x�B~0*tǣMgUԈG+bW�z0m�z^EnL[W�\'Tc]8_q�=o7ݙ�B gnu"f�SnWmF\t@>廓
�pL�Kc
cbs9cqsR��w�ddf-M%aaZ ev�2R�
D#�fǢE"#M�㪅J�~"[�!=)ߏc[Vy�UP]�f 8]v�;"y���`v��+}\0YD?ס8ۮŨ#=/ByKs9i�m�`��]X2]1���0Y飏bi+�
�
M� 9̉$>{DK�b>X���-^a̷k>F]M5
��P�@<1�, �xo%5Bo�q{e
�>X`qә��:_a#�i*QwM[*%{=�y
h<#Ժ3\ۊ|�_tbusΩ sm�g��0Lۼ%Ux[hdo�wQf'1q8�@L4�e08|
Pp��c�1~�z.+sY900ވړbM\SC!�K��.C摶zZ*F�&#ZIikxg4B�Q+3h=٘G@�#
� D� bV$w�ߠf~z�*ܟ'�j[!Cdjoh}�exp#qJ��rK�33wn��~�Mz$
)8MЁ
��v�~K{$G7p�?}6�ژY��hF8�Y��Cr'o{�Lqx##�i
g�vH*K�_�ݰ�,VI my$7��[�$~ZĮ̄H!��%?��qł�=4u=oz.ZxX�2`A�嵁DO�Xȝj`6' .�
ϯ{xH�!/@va^Scޞ��:s\v��Ge|�K>{���҇��:�LX�Q4e[�(�n_À�3�[NEDƸ c��41G�H[!~y�eMN[�s��X�aB���\N�}]<6")(dhF�}_x���cӦxa �݄b,}�W'��1r�T-�K�b�qf�r9�<_b*~�H'P��l�MN"�@��� g
o�#���!\�aۺ)%hn"7Wp>�9wL<=2�
̱�yP&0л;�kLo?ѦNͯOpWGN�:ij@ S
f�vCk��E�YG71\o�N1'?��(�ۺ9�Pq.1$Lj�!c��B�4�_ �D��k]a]L�ݓ�?0}H�.ƌ JU(KRW�W
|�+R0bU-�+_cQ�wZ3H{��Z�+I)�����)!#vFC>�2o>4P =b5brM4�cѼ:DN;פIN[-p=n_ڝKr:)'kEۂ/WQjQqiuuݾe��31z;�&*:ϵUBY2 ͋�Sf�r=�si.$�"}Iw�'�顲8�/[�Ӭ0k�Ȳ�E[VC�aW~s8{ec yrrv؊rm8�ާGr:ٙE��H�5�t{�rX;h)�чzQe
cs�!Bv[�\2@bE9yJϐsJkJ5_O?n�6S;IIGJO?��Rҏ!x})4�?S�X~4IJ:>ϴ/Sҡ4~O�y
|��)sX�_�^�s�EJ/>/R�">G/S�?AYJ? �)�~�{2?)s w2~�h'�?��I/W@�W)q�R_�\O�M�I�诗B_ �>GH�ҿ)tߛ�oR�I\'I)�7Sy�S*�RqB/2ȋ�৴tXB]�@z<++B/ntR�ث�<�?S_�uS��̵T_WǝBh\jrr+̞ϫ/dmM5\8FVnp_/ΣB�_(
��V敭I<$x�EqZ&f�
3l>V�MY[,Oм�z'
Jܓs+Z`逷\]�d}+ar6V-Vcb�%x{,x {� ��pۭo㦠Ǜ݈_%-_��>@eNԶ+j6`)?�3oxތz�6~&m\ʠbC�ؒ:VOD-ݟ�
1'�m'cFĹ=�,N�>n
3��c�V
ޡR�g�B�7�C�-��jW�ȅă]"�>�oQ^\']�F�N* X֭2��kVr-�C2-�XJr�XLD7/'ɑz,yCw|b)H���U^���!A�ЋǶEwF̱0.6��4IƠe�@脸
vOj[#�ŝI��Vݎ�Ɗ+�ql��xL°kD�5Su�Ĥ����'Jk>U�5~�ɑi�(�V1�EJ(�d%byu2�&Q��݉ې⭏ 0n�j!t&t8=[t�,ut]3K~�kR���v/ty .`I_��a0G{Trbc�HɐO㽄$ l�L\1t^���l�ɡ>���$>}P.Q�5sE�Eא�E$*J =˵
L�;Ʉ�e~� o&j/�[A��|$Xl)Ӿb$ӣ&u&�G}�^��IvP�ƀ!����
E1^{�#
D3$ �Zoc{Ġ��/4�+v�:XU�m$>�=�A�Sh8�ϛWU��;�gCJGrBi;�c{]/I)�H[AȹX6Nwn
�&5SY,�~ V_D�z��~%�"S�?y��[h=m���K�)u@AikA/?nwH3۱xĭ%�mY $�v.~mpFJ˒4\z�#0|�R/��9"E
mPm��Jh����{K}o{�
,��ARh6�vo�>Occ� a�vwjX�e]�)�
�GVJp`)h�F�<}y=Y�uK�Ŀ?bXc \��}wH�V4�خ;��qV'�t#��9f5r�$
d|$_xƪ~SAxr}HG=��fshx���G&$߀*0p5w<>ZQ[dERb0��yN&n��?�dxE���#bSp.@xٻI֧2R8W
�^)۱Yl��{�d휙l'-r�N(@P�W�9�!�-�y�x��3;���<�v;
sf�&+_4ұE�>�v�/-(G,�yJn�Q.5�7tle"�@�]6�� .maЩ
�`y%K@0�4W���1S[g�hup#��15��VB�ȟa��4AL/1?cum�nJQ�a#�"ö5TM���eщ��oމ�qݼg"ö,�ٿyXlh�FX�3#5c��b@xV��=_q�x��F|�/�Xg8l[t�c)d̄�2 !yyUvҥ�NࢸI,G`a^d++)ؐ�:2���k�0bG���1,�s�Qf7=Na�F*)Au�a%�o�*�[ApNWis�S|"[8.Ƕ3gqȏ:<ԃ2�|@ZUls^c^٠�C�<2:�1m�C�4;QwgP��� h�@j�ɂF4�wEda�NW�>_f�� #3�[¥[f�= �����TM� .e�%7!h��
-{X�ެ5�%�!|i[R9�T\hBфAĊ- A*M~OC(��ً"Pz>貰@@,Y�xH�ݤ-KߨaPg��v>EEf u[a}cH('`:�7�21���x�5;Boa;e�f�(BsqG7{G6Ƙw��cs0QF8GZP1+WmL4"�[Vc|�k� !ȦubZ�8���"�ckcu�=��+Z� �#ю�ٹ~;�.t=�bcv�+ �f�OZ��LR ppv`JE
<< ��GPp�0.$�Oc'�88�O$< *,ၴkLdg-a�'�/)��G"J$4'j[C(o�ol!Y!7F�9\�Ca�0��=i5Mw�hC��!Թ<�g,Px�Z���`yGޭx^r爡w�:\nQRɦ}ZմO6
oyI
]1\���T@CDT�iyo���_�/mD�?,9HHMAe�Wlm&.RQolBa$�=&�,ʱhY.]
�vz�_�"yRon6E
ش�<]/�Z(#بUg?�gI�[�4qN��H��RX)Xq�!c4!��w`fCJȫy��a
N/f��c���1j5`A3
�r2#ǎZv<7�G#_+����<+y҆�=<�#�^.V�)5U?W�|@}�+[#��p@�q`�1�ְ\/�C,�G3+(+0uGF!A/��A/xŕ]�`r�v��z�>��![$tZa�2z>_�v.{i}Pc`Jh^gA\ZTu�*%X"V�[ΣVYpEqs}w��?|<&�ӹ>i%A0�OXI}<#ނ�b̚&z�a,�6��w%^��=���P/+h"$2o5XcL!
p3��kɁR�0nh�! #�C�|}̆uJÁBo?!VnD!f
)}jS9�E: ?fVM8�'��]�͆[l?E�WXh�/x�C(?��
|
Network Security & Hardware 
