SSO: Dispelling the Myths, Finding the Fit

1
October 28, 2005. Call in at 1255 p.m. Eastern
Time
2
Theme
There are many flavors of single sign-on, each
with its own set of benefits.
3
Evolving digital architecturesTighter business
relationships and broader application availability
4
We need simplicity

• IT status quo
• Managing services and users in silos
• Losing opportunities to deliver higher customer
  value
• Budgeting for a high degree of support overhead
• Users respond to complexity by
• Writing down their passwords
• Using the same password for many systems
• Forgetting their passwords and calling the help
  desk

5
The many flavors of single sign-on
Web PersonalSSO
Unmanagedusers
Web FederatedSSO
Partnermanagedusers
Class ofuser
EnterpriseSSO
Locally- managed users
LAN Client/serverWeb
Extranet WebWeb Services
InternetWeb
Class of service
6
The many flavors of single sign-on
7
SSO isnt just a user solution

• Security
• Better (stronger) passwords
• Simplified deployment of strong authentication
• Centralized enforcement of security policies
• Compliance
• Better identity assurance
• Lower risk
• Better auditing at the user level, not the user
  ID level
• Business
• Better usability
• Lower cost of operations
• Faster development and delivery of new services
• Greater trust and assurance in business
  relationship

8
Dispelling the myths about E-SSO

• Is E-SSO safe?E-SSO versus the status quo

9
Dispelling the myths about E-SSO

• Is E-SSO safe?E-SSO versus password
  synchronization

10
Dispelling the myths about E-SSO

• Is E-SSO reliable?
• Single point of failure?
• Application support
• Scripting requirements?
• Application integration efforts?
• Comprehensiveness?

11
E-SSO is an enabler for strong authentication
Enterprise SSObenefits
Strong authenticationchallenges

• Usability
• System and application integration
• High cost / indirect business benefit

• Single login
• One password to remember
• Single point of integration
• Quantifiable payback

12
E-SSO adoption linked to strong authentication
How likely is your organization to use E-SSO by
the end of 2005?
Already usingor piloting E-SSO
Very likelyto use E-SSO
Likely touse E-SSO
Base 184 technology decision-makers at North
American companiesSource Forresters IT
Security Survey, January 2005
13
Web single sign-on
Customers
Customer services
eCommerce applications
Web SSO
Suppliers
Intranet
Supply chain management
Employees
Channel management
Partners
14
Web single sign-on more than just SSO

• Off-the-shelf integration
• Single security framework
• Unified user management

Customers
Customer services
eCommerce applications
Web SSO
Suppliers
Intranet

• Personalization
• Self-management
• Delegated administration

Supply chain management
Employees
Channel management

• User profile management
• Authentication
• Access control policies

Partners
15
Federated SSO the next frontier

• What it delivers
• Web SSO across security domains
• An identity context to Web services

Company E
FederationHub
FederationHub
spoke
spoke
Company D
16
Federated SSO early adopters

• Mobile carriers
• Loosely coupled third-party services
• Financial services
• Complex multiparty services, corporate services
• Hosted service providers
• Client portal integration
• Manufacturing
• Outsourced development, catalog access
• Supply chains
• Procurement
• Industry hubs/communities of interest
• Collaborative development, purchase centers,
  regulatory activities
• Healthcare and insurance
• Claims processing

17
Federated SSO benefits

• Separate security from applications for speed and
  cost savings
• Lower user management enhanced compliance,
  security, efficiency
• Operate secure Web services internally and
  externally

Externalapps
Internalapps
Internalusers
Externalusers
18
Muddied waters of federated identity
specifications

• SAML
• Popular XML-based identity assertion / token
• Liberty
• Design philosophy scenario-based
• Farthest along in community, adoption,
  interoperability
• Use model IdPs, SPs, and a model that bridges
  the two
• WS-Federation
• Design philosophy functional building blocks
• Equally focused on SSO and Web Services
  integration
• Use model trust providers, token services, etc.

19
Broad SSO vendors
None
Some
Yes
Partnership
20
Single SSO vendors pure plays and other notables

• Enterprise SSO
• Citrix, Imprivata, Passlogix, Sentillion, Utimaco
• Federated SSO
• Ping ID, Trustgenix

21
Challenges and recommendations

• Understand and limit scope
• Differentiate E-SSO, Web SSO, and Federation
  projects.
• They are each complementary and distinct.
• Prioritize pilots and rollouts by business
  drivers.
• Closely tie SSO to your authentication strategy.
• E-SSO is as much a requirement as an enabler for
  strong passwords or two-factor authentication.
• Web SSO and Federated SSO require authentication
  and user management rethink.
• Manage the risk introduced by Federated SSO.
• Requires assurances of identity management
  integrity.
• Trust but verify as a model

22
Thank you
Jonathan Penn 1 408/327-4343 jpenn_at_forrester.com
www.forrester.com
23
Selected bibliography

• September 21, 2005, Trends Strong Authentication
  And Enterprise SSO Go Hand In Hand
• May 13, 2005, Trends Authentication Remains
  Mixed But Strengthening, and eSSO Picks Up
• March 30, 2005, Quick Take The Standalone Web
  SSO Market Vanishes
• December 13, 2004, Trends Trends 2005 Identity
  Management
• September 9, 2004, Tech Choices Security
  Comparison Single Sign-On Versus Password
  Synchronization