Web single sign-on

[Marty <marti () videotron ca>]

Hi,

This was posted at Vuln-Dev, maybe it would be intersting to hear from
your group too.

---

Merci

Marty!

******************************************


> Hi group,
>
>
> We have a big discussion going on at one of my clients as we are about

> to add an Internet portal to several applications. We are looking at 
> implementing a single sign-on (SSO) solution for our web applications.
>
>
> This discussion is as follow:
>
> 1- Should we buy an already made up single sign-on solution or build 
> one in house?
>
> We've met with the people from Tivoli and Computers associates 
> already. Other suggestions?
>
> 2- What if we go for a temporary in-house solution for next year and 
> get stuck with it as the portal and the number of applications starts 
> growing?
>
> My concern here is the potential of risk being blamed by the auditors 
> about an in-house development vs a well known product.
>
> The number of users of the portal will grow in the ten of thousands by

> the end of next year. Robustness of the solution should also be a main

> factor.
>
> The security of the project is taken care of by firewall, access list,

> DMZ etc.
>
> The number of different application is already up to ten and the 
> portal is not even built yet. The deployment of the appliactions (all 
> web
> based) should start as early as march 2003.
>
> Pre-requisites : We have to work with the fact that the environment is

> IBM Websphere servers and the fact that we are already using LDAP for 
> authentication on some applications. No comments on that part please, 
> we have to live with it...
>
>
>
> ---
>
> Thanks!
>
> Marty
>
> ******************************************
>
> Pensée de la semaine :  Comme pour l'esprit, rien n'est trop grand, 
> pour la bonté, rien n'est trop petit.
>
> Martin M Samson
> Chef de projets,