The issues to be addressed
Users in large organisations have to remember
multiple passwords to log-on to multiple systems. With the transition from centralised
mainframes to distributed systems, and more recently through the use of web sites, there
is a proliferation in the number of services requiring separate passwords. Users are
finding it cumbersome having to remember all their passwords and having to log on
separately to each service they access. Passwords no longer provide the ease of use or the
level of security most organisations require.netproject
members believe that there are two issues to be addressed:
- Providing a simplified way that users can log on to the services for
which they have authority;
- Ensuring the level of security meets the needs of the organisation.
Towards Single Secure Sign On
From the work netproject has done in this area, we
accept that creating Single Secure Sign-On (SSSO) for all systems is not realistic nor,
for security reasons, is it desirable. However we believe it is possible to demonstrate
SSSO for a useful class of computing services. The class of computing being considered
is:- Windows NT, UNIX and web sites (Web technology provides separate authentication
services).
In this scenario each user will have a consistent user name and password for the services
they are authorised to access. This would immediately improve both the usability and
security of such systems.
The netproject demonstrator will also implement a system that
allows the phased transition to an authentication based on the posession of a card and a
secret. The aim would be to implement the best system using currently available
technologies. In this way, an organisation could create a phased transition to a more
secure single sign on system, which ensures that users can legally be held accountable for
their actions.
netproject will evaluate the use of digital certificates,
certificate authoritites, smart cards and revocation processes while building the
demonstrator and will use those technologies that are practicable within the project
timescales.
Technical Details
In the interests of brevity, technical details of the proposed direction of the
demonstrator are explored in a companion document: Demonstrator of "Single Secure
Sign On Technical Issues"
Deliverables
Presentation:- Slide presentation
explaining the architecture and technical details.
HOWTO:- A
detailed technical document describing the set-up of the demonstrator, the technologies
that have been used and the design and implementation issues that had to be addressed.
Web Site:- The above documentation will
be published to netproject members on the Internet.
Workshop:- A one day workshop where the above
presentation will be given to netproject members with hands on
experience working with the Single Secure Sign On demonstrator. A round table discussion
will be held on the way forward.
|