Security

New single sign-on initiatives announced

Microsoft has signed another patent cross licensing deal with a Linux distributor, Turbolinux. In addition, Microsoft and Turbolinux are working on a system that will allow a single sign-on to authenticate the user on both platforms. Turbolinux, a company with a large market in Japan and China, will also incorporate Microsoft's Live Search Service to Linux desktops that already include Windows Media Player for multimedia playback.

Microsoft, Turbolinux to push single sign-on (InfoWorld)

Single sign-on, one component of "Enterprise 2.0," is an initiative that has been undergone by hundreds of companies and pushed by dozens of vendors, each of whom tout their solutions as the one that can centralize authentication information. Oracle has added new tools to its Identity Management suite with the acquisition of Bharosa, a firm that "claimed more than 25 million online users of its authentication and fraud prevention products." One major single sign-on initiative has been undertaken in England, with the National Health Service and National Library for Health using an offshoot of XML called SAML, or Security Assertion Markup Language.

The state of Enterprise 2.0 (ZDNet)

Oracle adds authentication to access management (CBR)

NHS knowledge base goes for single sign-on (ITPro)

Sometimes, I feel like I am in the dark ages with all of the different login information I have to provide. I have a network ID, a student information system ID, a WebCT ID, and several administrative IDs — and that is just at work. When you throw in the dozens of login accounts I have out there (banks, Passport, Google, Yahoo, at least 10 online forums, etc.), I might end up logging in 20 or more times per day (with many of the actual logins handled by passwords stored in Windows).

I see "single sign-on" as one of those pie-in-the-sky type initiatives, at least if you apply the term strictly. I suspect that I will only have to log on to one or two services each day at work in the next couple of years, as we have a couple of initiatives towards that goal, but I don't see any help on the horizon for all of the login information that nobody wants to centralize except the consumers. What are your experiences with single sign-on? Do you think it is possible that one day you might log on to your computer and not have to authenticate again in that session?

Editor's Picks