Home page logo

basics logo Security Basics mailing list archives

Extranet SSO Security
From: aackley () epmgpc com
Date: 17 Aug 2007 14:37:40 -0000

I'm having trouble finding the documentation or studies to make a decision on a project we're starting.

Basically, we've been adding a series of veritcal apps that are accessible via the web.  Each of which uses its own 
authentication system.

What we want to do, is to implement a single authentication system for all of these.

The problem comes in to how to determine the best method of doing this.

We've narrowed it down to 2 possible solutions. (I'm open to others)

1) AD/LDAP - we currently have an AD environment with many users stored here.  But this lacks some of the custome 
roles/properties that are in some of the vertical apps.  So we would have to create these properties for each user and 
pump them in.

2) Pick one of the vertical apps and add all the users to this.  One app has all the roles currently needed but not all 
the users.  On top of that, it uses standard sql tables to store user names and passwords.

If we assume that the internal network communication is secure. (big assumption I know but let's go with it).  So that 
we only need to worry about communication between the client's web browser and the authentication system.  

The authentication form would be SSL encrypted.
Which would you go with and why?  


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]