As a frequent
traveler, I can't imagine my life without one piece of plastic in my wallet- my
Texas Driver's License.
On the day of
travel, I use it to get past the airport security, get into my rental car,
check into the hotel, get cash from my bank (I do not carry any debit cards as
a safety measure), get past the paranoid girl at the check out counter who
insist on seeing my id before she can swipe the credit card for that bottle of
water, and prove that I am of legal drinking age as I sit down at the hotel bar after a long day.
In all of these
transactions, I whip out my trusted Texas DL and authenticate myself as Mr.
Sachin Jain. Some people look at the id, some run it under devices
that pop up the various security features embedded within the card, and almost
all of them look up to match the photo on the card with my face and confirm that I am who
I am saying I am.
I was authenticated by the system using a token(my Texas Driver's License) issued by a central/trusted token provider (Texas Department of Motor Vehicles).
Once the authentication is done, my identification is confirmed. There is almost always a second piece of token which then authorizes my access to the service I am seeking- my boarding pass, notations on the boarding pass giving me premium access, TSA pre-check privileges, my reservation confirmation to a particular car for certain period of time, a hotel booking, my credit card, or my date of birth on the DL itself, .
Imagine if I had to carry a separate piece of identification for each of these interaction! My wallet would be bursting at the seams. I would have to go through the hassle of bringing the right id that will work for a particular encounter. i would have missed opportunities because I don't have the ID for the most popular joint that yelp suggested, or for that hotel I bid for on Priceline as I am walking out of the office on Monday afternoon.
Once the authentication is done, my identification is confirmed. There is almost always a second piece of token which then authorizes my access to the service I am seeking- my boarding pass, notations on the boarding pass giving me premium access, TSA pre-check privileges, my reservation confirmation to a particular car for certain period of time, a hotel booking, my credit card, or my date of birth on the DL itself, .
Imagine if I had to carry a separate piece of identification for each of these interaction! My wallet would be bursting at the seams. I would have to go through the hassle of bringing the right id that will work for a particular encounter. i would have missed opportunities because I don't have the ID for the most popular joint that yelp suggested, or for that hotel I bid for on Priceline as I am walking out of the office on Monday afternoon.
 |
| Driver License - SSO |
Similarly in
computer security, SSO is a way of
authenticating a user based on a Central Directory. When a user requests access
to a resource, a certain web site, their HR records, email, etc. the provider
redirects the user to a login page hosted by the SSO authority which presents a
challenge-response, mostly in the form of a id/password combination or
additional mechanisms. Once the user
gets past this screen, the SSO authority confirms the user authentication and
passes a token identifying the user to the servicing application. The
application can then bounce this token against its provisioning store and give
access to the user to the appropriate resources based on the authorization.
Several applications
can subscribe to the SSO server, thus eliminating the need for the user to
maintain multiple authentication tokens (id/password) to get access. Most of
the time, if the user has already been authenticated once to an application, the SSO
provider can leave a token on the browser session user tries to
access another application with the same SSO provider, no log-in is necessary. This provides seamless access to multiple applications
This is a very
simplistic, 10,000-mile high description of how an SSO echo-system works, I hope this
helps you grasp the basic concept and find similarities/differences between a
real-life and virtual SSO implementations.
Tech Term of the Day
SSO:- Single Sign On
SSO:- Single Sign On
Further Reading
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC
BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.
No comments:
Post a Comment