Single Sign-On (SSO) Single Sign-On (SSO) Strong Authentication.
Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.
-
Upload
wyatt-jackson -
Category
Documents
-
view
215 -
download
0
Transcript of Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.
![Page 1: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/1.jpg)
Single Sign-On 101: Single Sign-On 101: Beyond the HypeBeyond the Hype
What SSO Can and Can’t Do For Your What SSO Can and Can’t Do For Your BusinessBusiness
![Page 2: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/2.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 2
IntroductionsIntroductions
• Diana Kelley, Baroudi Group– [email protected]
• Ian Poynter, Security Consultant– [email protected]
![Page 3: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/3.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 3
OutlineOutline
• Definitions
• Business Requirements
• SSO Technologies
• Authentication Methods
• SSO Case Studies
![Page 4: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/4.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 4
DefinitionDefinition
• Single Sign-On– Fantasy
• One Password For Everything!
– Reality• Most Systems And Applications Already Have
Their Proprietary Login Functionality• Reduced Logins For Discreet Systems
– Corporate Systems– Shared Intranet/Web Applications– Web Logon Aggregators
![Page 5: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/5.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 5
Business RequirementsBusiness Requirements
• Is There A Problem Here?– Mushrooming Passwords– Need For Re-use– “Sticky Note” Password Cache– Unencrypted Text Files On Laptops and PDAs
![Page 6: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/6.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 6
Business RequirementsBusiness Requirements
• Deceptively Intuitive– Reduce Costs– Increase Security– Increase Efficiency– Increase Convenience– My Boss Told Me I Have To
![Page 7: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/7.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 7
Business RequirementsBusiness Requirements
• Be Honest About the Cost / Benefit Analysis– Use Hard Numbers
• What Does it Cost to Reset a Password?• How Much Time is Spent Logging into Multiple
Systems Each Morning?• What is The Real Cost of Integration?• Will Additional Authentication Methods Need to be
Purchased?
![Page 8: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/8.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 8
Business RequirementsBusiness Requirements
• Be Honest About the Cost / Benefit Analysis– Don’t Forget the Ease of Use Factor
• Consider Training for Administrators and All Users
– QA and Versioning Can Increase TCO
![Page 9: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/9.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 9
Business RequirementsBusiness Requirements
• Think About the Inside and the Outside– Multiple User Populations Can Increase Costs– Tiered Authentication Levels– At a Minimum Need Secure Password
Selection Training for Everyone
![Page 10: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/10.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 10
Business RisksBusiness Risks
• Single Point of Failure– Denial of Service/Lack of Availability
• Stolen Credentials via Insecure Implementations
• Overly Ambitious Projects– Physical and Network– Complicated Procedures
• n-factor Authentication
– Square Pegs in Round Holes
![Page 11: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/11.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 11
Business RisksBusiness Risks
• Failure to Consider the Legacy– OS/390, AS/400, Custom Client/Server
Applications, RADIUS
• Failure to Consider Regulatory Requirements– Financial Services and GLBA– Health Care and HIPAA– Content Providers and COPPA– International Businesses and EU DPD
![Page 12: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/12.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 12
Authentication MethodsAuthentication Methods
• Declaring and Proving Who or What You Are
• Sure, Signing on Once, but What With?
• Becomes an Even Larger Question with SSO Because More Systems are Involved
![Page 13: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/13.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 13
Authentication MethodsAuthentication Methods
• Have, Know, Are– Tokens, Passwords, Fingerprints
• Single vs. Multi
![Page 14: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/14.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 14
Authentication MethodsAuthentication Methods
• Passwords
• One Time Passwords
• Tokens and SmartCards
• PKI
• Digital / Machine Fingerprints
• Biometrics
![Page 15: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/15.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 15
Authentication Protocols and Authentication Protocols and TechnologiesTechnologies
• Dial-In Users and Wireless (802.1x)– RADIUS
• S/390 Mainframes– RACF, ACF2, CA Top-Secret
• Unix– PAMs (Pluggable Authentication Modules)
• Windows– GINA, Kerberos, NTLM
![Page 16: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/16.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 16
SSO TechnologiesSSO Technologies
• Traditional Single Sign-On
• Password Synchronization
• Authentication Platforms
• Web Logon Aggregators
• NB: Convergence Between Traditional SSO and Authentication Platforms
![Page 17: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/17.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 17
SSO TechnologiesSSO Technologies
• Traditional Single Sign-On– Allows a User to Login Once, Using a Single
Authentication Method to Gain Access to Multiple Hosts and / or Applications
– May Also Provide Access Control / Authorization Features
• Authorization policies restrict which applications or systems a user has access
• And what the user can and can’t do on these applications and systems
![Page 18: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/18.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 18
SSO TechnologiesSSO Technologies
• Traditional Single Sign-On
• Not an Entirely New Concept– Kerberos and Kerberized– RADIUS and Radiized
![Page 19: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/19.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 19
Traditional SSO: How It WorksTraditional SSO: How It Works
• Authenticate Once To Access Many
• Login Credentials (ID And Authentication) Usually Stored Locally
• Transparently Presented to the System or Application When Needed
![Page 20: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/20.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 20
Traditional SSO: How It WorksTraditional SSO: How It Works
• Single Credential for All Systems– Kerberos Model
• Multiple Credentials– Required for Most Heterogeneous
Environments
![Page 21: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/21.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 21
Traditional SSO: How It WorksTraditional SSO: How It Works
• APIs And DLLs– Write the SSO Authentication into Each
Application or System (compare to: Radiized)– Or Use Replacement DLLs
• Scripts– Pieces of Code on the Client That Manage the
Login Procedure to Multiple Systems
• Cookies– For Web Applications Only
![Page 22: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/22.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 22
Traditional SSO: Pros and ConsTraditional SSO: Pros and Cons
• Pros– Very Easy to Use– Reduces Support Costs– Reduces Logon Cycles
• Cons– Integration of Legacy Can Be Expensive and
Time Consuming– Single Point of Attack– Scripting Solutions Often Lead to Storage of
Passwords And IDs on the Client
![Page 23: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/23.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 23
Traditional SSO: Business FitTraditional SSO: Business Fit
• Good Business Fit for– Companies That Want to Simplify the User
Experience– Companies That Need to Reduce the Login
Cycle
![Page 24: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/24.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 24
Traditional SSO: Traditional SSO: Brand ExamplesBrand Examples
• IBM/Tivoli Global Sign-On
• Netegrity SiteMinder
• RSA ClearTrust (formerly Securant)
![Page 25: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/25.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 25
SSO TechnologiesSSO Technologies
• Password Synchronization– Manage Passwords Across Platforms and
Systems– Keeps Same Password So User Only Needs
to Remember One– When User Changes Her Password,
Synchronization Server Automatically Updates User Password on All Available Systems or in the Central Repository Server
![Page 26: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/26.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 26
Password Synchronization: Password Synchronization: How It WorksHow It Works
• Distributed– Agents Automatically Reset Passwords on
Applications and Systems
• Centralized– All Authentication Requests Are Forwarded to
a Central Server
![Page 27: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/27.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 27
Password Synchronization: Password Synchronization: Pros and ConsPros and Cons
• Pros– User Has Only One Password to Remember– Usually Fairly Easy to Implement– Help Desk Can Reset Passwords to All
Systems From Single Console
• Cons– Does Not Reduce the Number of Logons– Only Supports Password Authentication
![Page 28: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/28.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 28
Password Synchronization: Password Synchronization: Business FitBusiness Fit
• Good Business Fit for– Companies That Only Use Password
Authentication– Companies That Don’t Need to Reduce the
Login Cycle
![Page 29: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/29.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 29
Password Synchronization:Password Synchronization:Brand ExamplesBrand Examples
• PassGo, InSync (formerly Axent/Symantec)
• Courion, Password Courier
![Page 30: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/30.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 30
SSO TechnologiesSSO Technologies
• Authentication Platforms– Provide a Central Point of Management for
Multiple Authentication Schemes– Users Authenticate To A Gateway Using Any
Combination of Authentication Methods• Smartcards, PKI, Biometrics etc.
– Supports Multi-layer Authentication Policies
![Page 31: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/31.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 31
Authentication Platforms: Authentication Platforms: How It WorksHow It Works
• Abstracts the Authentication Layer to an Authentication Gateway
• All Users Login to this Gateway
• Gateway Determines Level / Type of Authentication that is Required
![Page 32: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/32.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 32
Authentication Platforms: Authentication Platforms: Pros and ConsPros and Cons
• Pros– Eases Integration With Abstracted Authentication
Layer– Support for Most Authentication Factors
• Cons– Does Not Reduce Number of Logins, Unless SSO is
Embedded in the Authentication Platform– Single Point of Attack / Failure
• Denial of Service
![Page 33: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/33.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 33
Authentication Platforms: Authentication Platforms: Business FitBusiness Fit
• Good Business Fit for– Enterprises with Hierarchical, Complex
Authentication Requirements– Companies using N-factor Authentication
Solutions– Organizations with Regulated
Security / Privacy Requirements• Financial Institutions, HealthCare, Government
Agencies
![Page 34: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/34.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 34
Authentication Platforms:Authentication Platforms:Brand ExamplesBrand Examples
• Bionetrix Authentication Server
• Novell Modular Authentication Service (NMAS)
• ActivCard (formerly Ankari)– Trinity Server with SSO Functionality
![Page 35: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/35.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 35
SSO TechnologiesSSO Technologies
• Web Logon Aggregators– One Login, Access Multiple Sites– User Logs into Aggregator Software or Site at
Beginning of Session– All Subsequent Logins to Web Sites Visited
Are Handled Transparently
![Page 36: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/36.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 36
Web Logon Aggregators:Web Logon Aggregators: How It Works How It Works
• Credentials Are Cached Either – Locally via Cookies– On Server via State Mechanism
• Automatically Presented to Sites as Needed
![Page 37: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/37.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 37
Web Logon Aggregators: Web Logon Aggregators: Pros and ConsPros and Cons
• Pros– Ease of Use– Streamlines Web Experience
• Cons– Web Only– Sites May Need to Opt In– Outsources Trust to 3rd Party– Loss of Control
![Page 38: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/38.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 38
Web Logon Aggregators: Web Logon Aggregators: Business FitBusiness Fit
• Good Business Fit for– Companies Providing Web Interfaces to
Customers or Employees– Home Users Who Want to Streamline Their
Web Experience
![Page 39: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/39.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 39
Web Logon Aggregators:Web Logon Aggregators:Brand ExamplesBrand Examples
• .NET / Passport
• Liberty Alliance (in process)
• Yodlee– Account Aggregator
![Page 40: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/40.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 40
Case StudiesCase Studies
• Example Architectures From the Real World
• Identifying Characteristics Have Been Changed Where Needed to Protect Client Confidentiality
![Page 41: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/41.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 41
Case Study 1Case Study 1
• Large US Insurance Company– Project: Reduce ‘Wake Up’ Time for Internal
Personnel and External Agents by Integrating Login Function to Multiple Back and Front Ends
![Page 42: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/42.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 42
Case Study 1Case Study 1
• Points for the RFP– State Business Requirements (cf. previous
slide)– Provide Hard Numbers
• Example: Time Goal for Reduced Wake-up Time
– Time and Cost Estimates• Don’t Forget QA Before Roll Out• Include Support and Training
![Page 43: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/43.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 43
Case Study 1Case Study 1
• Points for the RFP– Technical Requirements
• All Internal Logins Triggered by NT Login• External Users Credentials Stored in
LDAP Directory• Login Support For
– S/390 with RACF– Oracle Database– RADIUS for Remote Agents– Custom DOS-Based Money Transfers with SecurID– Custom Web Applications
![Page 44: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/44.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 44
Case Study 1Case Study 1
• Proposal from Selected Vendor– Hybrid Technical Solution
• Internal Users– Custom GINA– LDAP Support– Link to Traditional SSO for Web Application Logins– Trigger for Users That Needed to Access SecurID
Protected Solutions
• External Users– Traditional SSO for Web Application Logins
![Page 45: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/45.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 45
Case Study 2Case Study 2
• International Consulting Firm– Project: Link Multiple Intranets, Distributed
Around the World, for Secure Access to Internal-Only Information Sharing And Project Collaboration
![Page 46: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/46.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 46
Case Study 2Case Study 2
• Points for the RFP– State Business Requirements– Provide Hard Numbers
• Example: Define Secure Access– Type of Authentication– Encryption Requirements– Roaming User Needs
– Time and Cost Estimates• Don’t Forget QA Before Roll Out• Include Support and Training
![Page 47: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/47.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 47
Case Study 2Case Study 2
• Points for the RFP– Technical Requirements
• Internationally Distributed Web Servers Across Multiple Domains
• Custom Web Applications• Netscape, ISS, Apache Web Servers• Mac And Windows Clients
![Page 48: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/48.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 48
Case Study 2Case Study 2
• Proposal from Selected Vendor– Netegrity SiteMinder with Installation Services
![Page 49: Single Sign-On 101: Beyond the Hype What SSO Can and Cant Do For Your Business.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55141750550346dd488b53a8/html5/thumbnails/49.jpg)
BlackHat Briefings Diana Kelley & Ian Poynter 49
SummarySummary
• Know the Business Requirements• Complete a Cost-Benefit Analysis• Set Reasonable Goals• Investigate the Available Technologies• Investigate the Vendors• Match Requirements to Technology• Plan: Create an RFP and Architecture• Prototype, Build, Test, Train, and Deploy• Throw Away Those Yellow Sticky Password
Caches!