Internet Single Sign-On & Federated Identity
With employees accessing many different resources over the Internet to do their daily jobs, organizations need to maintain a secure working environment while ensuring users remain productive. Single Sign-On (SSO) is ideal for achieving both objectives. However, traditional SSO products were never designed to be used over the Internet with one organization managing user’s identities and a different, independent organizations providing the user’s applications.
Cloud Security, SaaS and SSO
Many companies are turning to cloud-based Software-as-a-Service (SaaS) applications such as sales management, human resource management and customer relations management to cut costs and save time. SaaS and Cloud adopters can benefit further with the deployment of Internet Single Sign-On (SSO). In fact, providing enterprise employees with SSO to SaaS and Cloud-based applications has become the number one use case for SAML-based federated identity.
SAML (Security Assertion Markup Language) enjoys the dominant position in terms of industry acceptance and production federated identity deployments. SAML is deployed in tens of thousands of Internet SSO connections, and thousands of large enterprises, government agencies and service providers have selected it as their standard protocol for communicating identities across the Internet.
OpenID, OAuth & CardSpace
While SAML has become the de facto federated identity standard for enterprises and government organizations worldwide, several newer initiatives are applying similar concepts to so-called “user-centric” or “consumer” identity management. Three of the most interesting such initiates are OpenID, Information Cards and OAuth.
Security Token Service and Universal Token Translation
The concept of Universal Token Translation and Security Token Services (STSs) originated with Web Services. Early on, the lack of a standard method for communicating user identities hindered Web Services applications from gaining widespread business acceptance. Standards such as WS- Security and WS-Trust emerged in the SOAP world to allow Web Services to share user identities by incorporating standard security tokens into SOAP message headers.