…Decouple the authentication process from your application and take advantage of the growing acceptance of standards like SAML andOpenID to let dedicated Identity Providers take on the responsibility of authenticating users.

Whether you use OpenID or SAML, the process is similar. Your application exchanges identity assertions with other applications, typically trusted identity providers or partners. The Identity Provider (IdP) authenticates the user. Your application is a ’service provider’ or identity consumer (the terminology varies with the protocol). It consumes or accepts the identity assertions of the provider. Your application only needs to maintain the list of the providers or partners that you trust when it comes to user identity.

Single sign-on solutions (SSO) have been developed to help with this issue. SSO systems enable users to log in once only and then be automatically authenticated when they attempt access to other resources. There are a number of technical solutions to this problem, each with its own advantages and disadvantages, including Kerberos, password management and password synchronisation. The reason for the number of solutions is down to the complexity of implementing each and the wide range of run-time environments where some solutions cannot be supported.

File this one under ‘how not to emplement web authentication’.

They have selected TriCipher’s myOneLogin service to provide strong customer/client authentication for its Web-based payment solutions.

Read the press release.

Some programs let companies manage employee passwords for applications inside and outside the firewall for as little as $3 per user per month. Such programs tout their ability to give workers a single sign-on, one login for access to their corporate network, e-mail, and applications.

If you’re concerned that your employee’s passwords may be too weak, here’s a good article to read.

Industry analyst Gregg Kreizmann, of Gartner Inc., says small companies are increasingly turning to such “single sign-on” tools, which are also made by TriCipher Inc. and Arcot Systems Inc., to help manage and control access to popular software-as-a-service applications such asSalesforce.com and Google Apps. These single-sign-on tools typically cost $1 to $3 per employee per month, and can make it easier for small companies to move from passwords to stronger access methods, such as one-time codes that are sent to mobile phones, which TriCipher provides using technology from VeriSign Inc.

Here’s the full article on protecting your company’s data using a single sign-on solution.

This particular app provides users with a single sign-on, two-factor authentication portal that is easy to set up and deploy for both internal and external Web and other resources

Read the 10 Google Apps add-ons for the enterprise.

MavenWire is a rapidly-growing business services company that provides consulting, training, Business Process Outsourcing and hosting services for Oracle Transportation Management. Like many small and mid-sized businesses, it has decided to use software-as-a-service (SaaS) applications like Google Apps to run its core operations. MavenWire selected myOneLogin Secure Single Sign-on to support the transition to its new web applications, particularly Google Apps Premier.

TriCipher Press Release

These providers build back-end integrations with a variety of SaaS applications so that companies have to make only one connection–to the provider’s service–to enjoy SSO for multiple Web applications. These providers use SAML, other standards such as WS-Federation, as well as vendors’ proprietary APIs to enable SSO.

The article also describes and various Single sign-on technologies available to pass credentials to applications, including SAML, WS-Federation, and APIs from major SaasS Vendors.You can read the entire article here.