The Evolution of Identity and Access Management

Peter Cooke at Bloor Research recently wrote this interesting article on the history and future of IAM.

Single sign-on solutions (SSO) have been developed to help with this issue. SSO systems enable users to log in once only and then be automatically authenticated when they attempt access to other resources. There are a number of technical solutions to this problem, each with its own advantages and disadvantages, including Kerberos, password management and password synchronisation. The reason for the number of solutions is down to the complexity of implementing each and the wide range of run-time environments where some solutions cannot be supported.

Hotmail imposes tracking cookies for logout

According to The Register, Microsoft’s Hotmail has begun requiring the use of third-party cookies in order for its users to successfully log out of their accounts. Third party cookies are most commonly used by advertising networks to track surfers across the web and are often blocked by browsers, by default, due to privacy concerns.

File this one under ‘how not to emplement web authentication’.

SSO for FFIEC Compliance

NetDeposit, a company that enables businesses to streamline their revenue collection and management with proven payment technologies, recently announced they’ve selected a Single Sign-on solution to ensure compliance with Federation Financial Institutions Examination Council (FFIEC) risk mitigation guidelines.

They have selected TriCipher’s myOneLogin service to provide strong customer/client authentication for its Web-based payment solutions.

Read the press release.

Using Single Sign-On to Manage Employee Passwords

Here’s another look at the security aspects of implementing a single sign-on solution behind your company’s firewall.   SSO solutions basically ensure your employee’s password are secure by adding second and third factors to authentication. Then, users are automatically authenticated to their everyday applications (including email and internal applications).

Some programs let companies manage employee passwords for applications inside and outside the firewall for as little as $3 per user per month. Such programs tout their ability to give workers a single sign-on, one login for access to their corporate network, e-mail, and applications.

If you’re concerned that your employee’s passwords may be too weak, here’s a good article to read.

• Categories

  • SSO

• SSO Links

  • Security Assertion Markup Language
  • Web-based Single Sign-on
  • Wikipedia entry for SSO

• Archives

  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• Recent Posts

  • Dr. Dobb’s: User Authentication: It Doesn’t Belong In Your Application
  • The Evolution of Identity and Access Management
  • Hotmail imposes tracking cookies for logout
  • SSO for FFIEC Compliance
  • Using Single Sign-On to Manage Employee Passwords

• Sponsors

  

Recently Written

• Dr. Dobb’s: User Authentication: It Doesn’t Belong In Your Application
• The Evolution of Identity and Access Management
• Hotmail imposes tracking cookies for logout
• SSO for FFIEC Compliance
• Using Single Sign-On to Manage Employee Passwords
• Using Single Sign-on to Protect Your Company’s Data
• Two-factor authentication for Google Apps
• MavenWire Choose TriCipher’s myOneLogin for Secure Web Single Sign-On
• Strategic Security: Web Single Sign-On
• Single Sign-On for the Cloud

Monthly Archives

• December 2009
• November 2009
• October 2009
• September 2009
• August 2009

Blogroll

• Security Assertion Markup Language
• Web-based Single Sign-on
• Wikipedia entry for SSO

Find It

Admin

• Log in
• WordPress
• XHTML