Friday, May 9, 2014

SSO - how does your Driver's License stand up to the challenge

As a frequent traveler, I can't imagine my life without one piece of plastic in my wallet- my Texas Driver's License.

On the day of travel, I use it to get past the airport security, get into my rental car, check into the hotel, get cash from my bank (I do not carry any debit cards as a safety measure), get past the paranoid girl at the check out counter who insist on seeing my id before she can swipe the credit card for that bottle of water, and prove that I am of legal drinking age as I sit down at the hotel bar after a long day.

In all of these transactions, I whip out my trusted Texas DL and authenticate myself as Mr. Sachin Jain. Some people look at the id, some run it under devices that pop up the various security features embedded within the card, and almost all of them look up to match the photo on the card with my face and confirm that I am who I am saying I am.

I was authenticated by the system using a token(my Texas Driver's License) issued by a central/trusted token provider (Texas Department of Motor Vehicles).

Once the authentication is done, my identification is confirmed. There is almost always a second piece of token which then authorizes my access to the service I am seeking- my boarding pass, notations on the boarding pass giving me premium access, TSA pre-check privileges, my reservation confirmation to a particular car for certain period of time, a hotel booking, my credit card, or my date of birth on the DL itself, .

Imagine if I had to carry a separate piece of identification for each of these interaction! My wallet would be bursting at the seams. I would have to go through the hassle of bringing the right id that will work for a particular encounter. i would have missed opportunities because I don't have  the ID for the most popular joint that yelp suggested, or for that hotel I bid for on Priceline as I am walking out of the office on Monday afternoon.

Driver License - SSO
Driver License - SSO

Similarly in computer security, SSO  is a way of authenticating a user based on a Central Directory. When a user requests access to a resource, a certain web site, their HR records, email, etc. the provider redirects the user to a login page hosted by the SSO authority which presents a challenge-response, mostly in the form of a id/password combination or additional mechanisms.  Once the user gets past this screen, the SSO authority confirms the user authentication and passes a token identifying the user to the servicing application. The application can then bounce this token against its provisioning store and give access to the user to the appropriate resources based on the authorization.

Several applications can subscribe to the SSO server, thus eliminating the need for the user to maintain multiple authentication tokens (id/password) to get access. Most of the time, if the user has already been authenticated once to an application, the SSO provider can leave a token on the browser session user tries to access another application with the same SSO provider, no log-in is necessary. This provides seamless access to multiple applications

This is a very simplistic, 10,000-mile high description of how an SSO echo-system works, I hope this helps you grasp the basic concept and find similarities/differences between a real-life and virtual SSO implementations.

Tech Term of the Day
SSO:- Single Sign On

Further Reading




Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

No comments :