CRM news ran a rather skimpy article today on the benefits of single sign-on (SSO) authentication for retailers looking to comply with the PCI credit card processing standards. a member of our team read the article and although intrigued, was fairly puzzled at the author’s position since there really weren’t any details for the business reader on what exactly SSO is, why it can be so useful, and how companies may go about adopting it. He did what so many of us do when we come across acronym’s and technical ideas that are presented in a less than clear formats these days, he fired up both his search engine and Wikipedia.

Wikipedia’s peice on SSO wasn’t particularly in-depth either, but it did point him towards two more articles, one from the open group and another from Autehntication World. Those of you already well versed in the details of SSO can skip this next part, but for those who are not, I thought this a good opportunity to offer a brief summary of what he found.

Most simply, single sign-on is the introduction of a number of technologies helping to make certain a user only has to supply login credentials once within a secured environment, speeding the user experience while easing the user’s burden towards remembering paswords.

Although the end goal is the same, a single logon for the user, the strategies for SSO implementation vary widly. Initial logon information can be stored and supplied again every time the user opens a new application needing authentication. The first authorization can give the user access to digital certificates or authentication tickets that the system automatically supplies whenever challenged. The specifics of any SSO system are determined by the enviroment in which it is being used – determining which applications require authorization information, how those applications integrate with various authentication systems, how users are managed, etc.

Even after this reading these descriptions, some may still not yet be clear on how SSO might increase security. To some extent it seems like it might even lower security; after all, if now there’s only one point where the user has to play a direct part in the authentication process, isn’t the system easier to hack? In order to provide additional references we tried to dig up some case studies about SSO implemenations, finding one from Microsoft about creating a remote logon SSO system for Northwest Airlines. The one line from the study that may catch your eye is this: “Access is simplified because employees no longer have to remember multiple passwords for different system computers but can instead log on once and get access to multiple applications. Because a single password is easier to remember, users are also less likely to write their passwords on notes taped to their computers, where a potential thief can find them.” In this reference point, added security is discussed as coming from making the human element more secure. Another piece, a Novell white paper about SSO offers even further evidence along the same lines, pointing out that “studies found that a user

No related posts.