Selection of secure single sign-on solutions for heterogeneous computing environments

Abstract

Secure single sign-on (SSSO) is the concept of minimizing the number of different user IDs and passwords required to access various host systems in a distributed computing environment, while providing a consistently secure environment which also provides confidentiality and integrity services. In its purest form, single sign-on allows a user to sign on once to the enterprise computing environment and be granted access to participating host systems across the enterprise. In a wider context, extending the concept to SSSO, it impacts on the enforcement of security policies, security management and administration, security services and overall productivity. Selecting and implementing SSSO solutions may present interesting challenges and may lead to increased risk if not done carefully and properly. This paper discusses the concepts of SSSO and its user requirements, and presents a reference framework for the selection of SSSO solutions in heterogeneous computing environments, which can assist in SSSO requirements specification and product evaluation