Identity Future

Marc Canter leapt to OpenID’s defense against Michal Migurski’s criticism.

…there are those who think we DON’T need anything more than simple single sign-on. In fact I had lunch with the CEO of SixApart (Barak Berkowitz) who said Brad Fitzpatrick is fairly skeptical of anything beyond his original simple scenario.

But, says Canter, “we need the attribute exchange to make this thing really take off.”

Then all the skeptics will realize that the authentication layer HAD to come first - but was just a first step. Along the way we’ll figure out standards for user intrerface and usage flow.

But for now - the critics are right - OpenID as it stands right now is just authentication and that ain’t gonna rock nobodies world - except for Bard Fitzpatrick’s world - I guess.

attribute exchange, authentication, evolution, marc canter, openid, single sign-on, sso

Oracle announced on December 6, 2006, the release of their new Identity Management Suite providing Single Sign-on. This suite will help to incorporate many of Oracle’s applications to help with access control and passwords.

“The availability of Oracle Enterprise Single Sign-On Suite further enables customers to improve security throughout their entire organizations and to more easily meet compliance mandates while reducing costs,” Hasan Rizvi, vice president of security and identity management products at Oracle, said in a statement.

The five elements that comprise this suite are:

• Logon Manager: Allows users to access their Web-based and legacy applications with a user name and password but without having to constantly change and update passwords
• Password Reset: Enables users to set or recover lost passwords through a protected self-service interface in Windows environments
• Authentication Manager: Lets businesses use a combination of tokens, smart cards, biometrics and passwords to manage access to applications throughout the network
• Provisioning Gateway: Allows businesses to control their identity administration software, such as Oracle Identity Manager, to provision application accounts that can be accessed through Single Sign-On Manager
• Kiosk Manager: Enables users to access applications in a secure manner at multi-user kiosks and workstations, so that users can work from several locations throughout the day

[tags]oracle, single sign-on, identity management suite[/tags]

Educause is hosting CAMP Shibboleth: Enabling Campus and Federated Single Sign-On on June 26–28, 2006 in at the Wyndham Burlington, in Burlington, Vermont.

Unsure about what the Shibboleth System is about and how it can be used in production on your campus? Looking for a Web single sign-on package that can be used both for local applications and in federated environments?

Internet2’s Shibboleth is being deployed nationally and internationally to solve real-world problems associated with intra- and interinstitutional authentication and authorization. For Web-based access control, it leverages campus identity and access management infrastructures to authenticate individuals and then sends information about them to the resource site, enabling the resource provider to make an informed authorization decision.

Many consider the Shibboleth System to be federating software, which it is; however, more and more campuses are asking what value they get, if any, from deploying separate intra- and intercampus single sign-on systems. Increasingly, these campuses are deploying Shibboleth for both purposes. It’s a tool that enables Web authentication and provides authorization information for applications and services, independent of who’s offering them.

This CAMP will offer concrete practice and real-world experience from institutions running Shibboleth in production for controlling access to both on and off-campus services. Featured in this workshop will be an Application Showcase where campuses and vendors will demonstrate the Shibboleth System in action.

Both IT management and technical staff will find sessions of interest on the program and guidance for running Shibboleth in production. Participants will:

CAMP Shibboleth: Enabling Campus and Federated Single Sign-On, June 26-28 in Burlington, Vermont, will give you the opportunity to:

• Learn strategies for managing identity and privilege information used by the Shibboleth System
• Understand the management issues involved in running a Shibboleth-enabled learning management system
• Discover Shibboleth’s value as a campus Web sign-on package
• Learn about SAML 2.0, the mechanism that carries the identity information
• Find out the questions you should ask your information/library vendors about SAML and Shibboleth System support
• Hear practical advice for running the Shibboleth System on server clusters

Participants are encouraged to have a sound knowledge of IdM to learn the most from the sessions. Those interested in knowing more about IdM can review the Enterprise Directory and Authentication Implementation roadmaps.

camp, educause, identity, identity management, idm, middleware, nmi-edit, saml, shibboleth, single-sign on, sso

A concise Single Sign-On definition from NoSheep.net:

Single Sign-On:
One userid, one password, entered one time, with passage allowed from one system to another without interruption

Sometimes there is debate over the meaning of the term, I accept this definition as true, and all further references I make henceforth will be based off this.

definition, identity management, integration, single sign on, sso