We have a few website products that use different sign-on applications with different requirements (account# versus username).
Single sign-on definitely looks like the way to go. What are some of the solutions we should be looking at? I've seen OpenID, and it looks very promising (http://openid.net/).
OpenID is probably your best option, but other SSO options include proprietary ones like Microsoft Passport and open-standards ones like Shibboleth.
OpenID will probably have the most visibility; with many providers of OpenID (AOL notably, but also, LiveJournal, Wordpress, SmugMug, and others...) it is the most likely for users to have. You could go with the approach of OpenID consumers like 37signals.com products which allow users to associate an OpenID with their existing account and use that to login.
However, use of OpenID (or any third-party identity provider) also introduces a dependency that is difficult perhaps for customer support to debug: if a client calls up and says they can't login, is it because their OpenID provider is down, or because of a problem with your own servers? So you would probably want to provide an alternative login mechanism.
I suspect that for the general public, OpenID presents a bit of a usability problem as well; everyone knows how to use an e-mail address or username to login to a site but relatively few are familiar with the idea of using a URL to login to a site.
I'd love to see more sites supporting OpenID login; it's probably the best way to get the infrastructure to improve. Since it is an open process, a large company supporting OpenID would benefit from feedback from the whole community and, at the same time, help the community by discovering problems associated with a large user base and help develop improvements that solve them.
Links:
http://en.wikipedia.org/wiki/Windows_Live_ID
http://shibboleth.internet2.edu/about.html
am a strong believer in Claims based application. Your web sites should rely on claims from a trusted source. SignOn.com has combined both openId and cardspace into one. Instead of just depending on OpenId, you can consolidate your different authentications into one site and can perform authentication in multiple ways (windows Live ID, current username password, etc) and then generate SAML assertions to other web sites.
As you make your web sites trust authentication tokens based on Claims you are also creating flexible architecture to accept multiple formats. As OpenId gets adopted widely, you can then integrate with AOL's of the world.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment