mailing list archives
Extranet SSO Security
From: aackley () epmgpc com
Date: 17 Aug 2007 14:37:40 -0000
I'm having trouble finding the documentation or studies to make a decision on a project we're starting.
Basically, we've been adding a series of veritcal apps that are accessible via the web. Each of which uses its own
What we want to do, is to implement a single authentication system for all of these.
The problem comes in to how to determine the best method of doing this.
We've narrowed it down to 2 possible solutions. (I'm open to others)
1) AD/LDAP - we currently have an AD environment with many users stored here. But this lacks some of the custome
roles/properties that are in some of the vertical apps. So we would have to create these properties for each user and
pump them in.
2) Pick one of the vertical apps and add all the users to this. One app has all the roles currently needed but not all
the users. On top of that, it uses standard sql tables to store user names and passwords.
If we assume that the internal network communication is secure. (big assumption I know but let's go with it). So that
we only need to worry about communication between the client's web browser and the authentication system.
The authentication form would be SSL encrypted.
Which would you go with and why?
- Extranet SSO Security aackley (Aug 17)