Re: Web single sign-on

From: Eric Rostetter (eric.rostetterat_private)
Date: Mon Dec 09 2002 - 11:24:07 PST

Next message: Dan Kaminsky: "Re: Web single sign-on"

Previous message: Levenglick, Jeff: "RE: Web single sign-on"
In reply to: Marty: "Web single sign-on"
Next in thread: Nasko Oskov: "Re: Web single sign-on"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Marty <martiat_private>:

> We have a big discussion going on at one of my clients as we are about
> to add an Internet portal to several applications. We are looking at
> implementing a single sign-on (SSO) solution for our web applications.

Good idea.

> 1- Should we buy an already made up single sign-on solution or build one
> in house?

Or use an existing opensource solution.
 
> We've met with the people from Tivoli and Computers associates already.
> Other suggestions?

Nope.  Lots out there.

> 2- What if we go for a temporary in-house solution for next year and get
> stuck with it as the portal and the number of applications starts
> growing?

Then you need to make sure the in-house solution you pick, even if only
meant to be temporary, is flexible and extensible.

> My concern here is the potential of risk being blamed by the auditors
> about an in-house development vs a well known product.

I wouldn't worry about that.  Either cen be secure/insecure, cheap/expensive,
easy/hard to maintain, etc.  No clear advantage either way without knowing
your extact setup (manpower available, skill level, etc).

> The number of users of the portal will grow in the ten of thousands by
> the end of next year. Robustness of the solution should also be a main
> factor.

Yes, but that doesn't affect the choice of in-house/opensource/commercial.

> The security of the project is taken care of by firewall, access list,
> DMZ etc.

Well, I'd sure not depend on only that.  Build security into everything,
including the single-signon.  Security through depth.

> The number of different application is already up to ten and the portal
> is not even built yet. The deployment of the appliactions (all web
> based) should start as early as march 2003.

Normal.

> Pre-requisites : We have to work with the fact that the environment is
> IBM Websphere servers and the fact that we are already using LDAP for
> authentication on some applications. No comments on that part please, we
> have to live with it...

Look at commerical apps and opensource apps (like Horde at www.horde.org)
and see if anything meets your needs.  If not, then go in-house.

> Thanks!
> 
> Marty

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!

Next message: Dan Kaminsky: "Re: Web single sign-on"
Previous message: Levenglick, Jeff: "RE: Web single sign-on"
In reply to: Marty: "Web single sign-on"
Next in thread: Nasko Oskov: "Re: Web single sign-on"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 09 2002 - 14:07:08 PST