Tuesday, 13 February 2007
SSO via SAML becoming Agentless
« CardSpace / OpenID Demo | Main | Internet-Scale Identity »
Ping Identity's Patrick Harding and I have been discussing the natural evolution towards SAML for conveying user identity and session cross domain. With it's rise in popularity, it's inevitable that packaged enterprise applications will begin to embed native SAML SP capabilities in future releases of their products. This will likely take 3 years or so, but in the end, the N-state will likely see the the demise of the 'one big proprietary cookie domain' concepts of today's WAM products. Patrick developed these graphics which do a good job at displaying the evolution.
The Trends
Today
The Trends
- Enterprises are asking for Web SSO support from their ISV’s
- ISV’s reluctant to implement proprietary WAM cookie schemes
- ISV’s looking at standards-based SAML as answer
- ‘SAML is to User SSO’ as ‘LDAP was to User Auth’
Today
- •Mix of WAM agent based SSO and Microsoft Kerberos SSO•
- AD becoming single directory and employee identity store•
- SAML for SSO between disparate security domains or to ESP’s•
- ISV applications support LDAP for single password user authentication
- •Agent-less SSO – Kerberos, ADFS and SAML•
- AD is employee identity store•
- SAML for SSO between disparate security domains and to ESP’s•
- ISV applications support SAML for agentless SSO
[Trackback URL for this entry]
