Your SlideShare is downloading. ×
  • Like
Single sign on
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Single sign on


Slide deck for a presentation practice seminar

Slide deck for a presentation practice seminar

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Great presentation. Very well done!
    Are you sure you want to
    Your message goes here
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Single Sign On
  • Single Sign On
  • Danny Kaye – “The Court Jester” – about authentication & security systems – 1956 movie
  • Process that permits a user to enter one name and password ONCE in order to access multiple applications (single action = access to multiple systems)One password instead of multipleMultiple independent systems instead of oneLesser known sibling: Single Sign OffSystem that stores multiple sets of credentials for various internal applicationsOften done with web-portals that interface with multiple systems “on the back end”
  • The Skeleton key
  • Utensil
  • Utopian, Holy grail, HolisticCost - Savings (call centers aren’t dealing with forgotten password tickets)- Reduced IT dev timeUtopian Administration - Centralized, single systemwhich is good for reporting, compliance, maintenance, managing accts, etc.- The “perfect system”ProductivityEasier to remember one password - Reduces human error (password fatigue/identity chaos) Common authentication framework for developersCan be incorporated into Security Everything’s equally protected Reduces phishing success, since users don’t usually see login/password requests and when they do it out of the ordinary and seems suspiciousReduces chance of some types of identity theft (password on sticky note)
  • UtopianPoorly Conceived- Major issues arise if use cases, workflow, infrastructure hasn’t been totally figured outAdministration- Authentication systems become mission-critical; if fail, DOS, no access. Thus some mission critical capabilities may need to be outside of the SSO (e.g. floor access systems)Difficult to implement - Extremely difficult to retrofit- Mission critical nature of components (8 separate mission-critical systems and none can be brought down for any length of time to align with the others)Security issuesAuthentication server is now the single point of attackRisk of giving away “keys to the castle” – protection focus shifts to user credentialsThe “walk away and someone hops on your computer” issueEnterprise Reduced Sign On (purgatory, handles most systems if not the utopian all)- Edsel – the wrong car at the wrong time
  • The Must have featuresAvailable 24/7/365Backup (there are spare copies in the vault if needed)Comprehensive (covers all essential applications in the network, covers all possible use cases)Integral-able (able to be introduced and play well with existing systems)Redundant (if all or part of it fails, there are systems in place that will jump in as needed)Reliable (accurate and doesn’t make mistakes)Scalable (0 to thousands of users)
  • Authentication (from Greek: αυθεντικός ; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true ("authentification" is a French language variant of this word). This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one. Authentication can also be used for identity delegation. Identity Delegation in IT network is an evolving field[1].A process of proving the identity of a computer or computer user. For users, it generally involves a user name and password. Computers usually pass a code that identifies that they are part of a network. - it’s a horizontal systemOften done by an authentication ServerPhysiognomy = idea that facial characteristics are indications of personality/character/psychologyBiometrics =
  • directory service is simply the software system that stores, organizes and provides access to information - corresponding table of names and values (eg login/password. Name, address, etc.)
  • Encryption (greek for “make hidden”)is a form of security that turns information, images, programs or other data into unreadable cipher by applying a set of complex algorithms to the original material. These algorithms transfer the data into streams or blocks of seemingly random alphanumeric characters. The one weakness of symmetric encryption programs is that the single key must necessarily be shared, presenting an opportunity for it to be leaked or stolen. Symmetric types of encryption schemes use a single password to serve as both encryptor and decryptor. Part of key management involves changing the encryption key often to improve security.
  • The process of managing individuals in a system; managing who someone is an what they have access to (technical, legal, security, social)
  • protocol is a set of rules which is used by computers to communicate with each other across a network - a protocol or communications protocol is a formal description of message formats and the rules for exchanging those messages. Protocols may include signaling, authentication and error detection and correction capabilities. In its simplest form, a protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication - protocol (SPNEGO,[ (Simple and Protected GSSAPI Negotiation Mechanism)] Kerberos,(made by MIT) and NTLMSSP (Microsoft’s NT LAN Manager Security Support Provider) authentication protocols with respect to SSPI (A Microsoft Windows security application programming interface
  • communication session, is a semi-permanent interactive information exchange between communicating devices that is established at a certain time and torn down at a later time. Hypertext Transfer Protocol (HTTP) is stateless: a client computer running a web browser must establish a new Transmission Control Protocol (TCP) network connection to the web server with each new HTTP GET or POST request - The Session Layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e. a semi-permanent dialogue. More than 1 party Information is being exchanged- Across a shared meduim
  • The art and skill of developing a plan to achieve a goal
  • Who’s doing what, where – someone, somewhere, doing something for some reason, sometimesWorkflows often instructional (how to make a cup of coffee)David McCaulay – describing the workflow for how to construct something & later came up with a book called “the way things work”
  • Enterprise Single Sign On – that’s where the industry has been heading; SAML = used by GoogleEISA = SSO is just a component of this
  • Everybody loves puppiesEverybody loves the Red SoxWhen in doubt, switch the topic to puppies or the Red Sox & you’ll regain your equilibrium
  • Not just the technical, it’s the human component as well that’s critical


  • 1. SSO PresentationPresentation Practice SessionMay 14, 2010Prepared by: Rob Fitzgibbon
  • 2. What is SSO?
    The Ship’s Security Officer?
    Standards Setting Organization?
    Society of Surgical Oncology?
    Syracuse Symphony Orchestra?
  • 3. Guess!(charades session)
  • 4. I know as much about SSO as I do about
  • 5. But here goes
    Want to sound like
    May end up sounding like
  • 6. SSO, Defined (geekspeak)
    Lots of really important boxes and ovals with acronyms
  • 7. SSO, Defined (again)
    Enterprise Applications
    Email program
    Benefits/HR info
    Your computer
    Corporate intranet
    Your one SSO passcode
    The firewall & SSO authentication system
    Client Extranet
  • 8. SSO, Defined (and again)the key metaphor
    Old School
    SSO Equivalent
  • 9. SSO, Defined (yet again)the backstage pass metaphor
  • 10. SSO, Defined (one last time):the utensil metaphor
  • 11. So Why learn about SSO?
  • 12. Will it help you get the girl?
  • 13. Will it make you seem brilliant at the cocktail party?
  • 14. Will it turn this client
  • 15. Into this client?
  • 16. But it might help you appreciate the complexity of the client’s infrastructure
  • 17. Why am I talking about SSO?
  • 18. The SSO Upside
  • 19. The SSO Downside
  • 20. Key SSO Features
  • 21. With SSO, there’s lots important terminology to remember!
  • 22. Authentication
  • 23. Directory
  • 24. Encryption Key
  • 25. Identity Management
  • 26. Protocol
  • 27. Session
  • 28. Strategy
  • 29. Workflow
  • 30. Feign Knowledge with Important Sounding Acronyms
  • 31. AAA = Authentication, Authorization & Accounting
    AD = Active Directory
    CAS = Central Authentication Service
    EISA = Enterprise Information Security Architecture
    ESSO = Enterprise Single Sign On
    HTTPS = HyperText Transfer Protocol, Secure
    IDM = Identity Management
    LDAP = Lightweight Directory Access Protocol
    OTP = One Time Password
    PII = Personal Identifying Information
    RADIUS = Remote Authentication Dial In User Service
    SAML = Security Assertion Markup Language
    SSL = Secure Socket Layer
    SSOSrv = Microsoft Single-Sign On Service
    TCP/IP = Transmission Control Protocol/Internet Protocol
    VPN = Virtual Private Network
  • 32. In case of emergency, switch subject
  • 33. SSO really challenges interface designers to develop perhaps the most complex customer facing interactions of their entire career:
  • 34. Login
  • 35. Login
    Behind that interface lies an array of network systems…
  • 36. Login
    (Savage, merciless network systems)
  • 37. What types of clients use SSO?
  • 38. Who provides SSO Solutions?
  • 39. Further Reading
  • 40. Thank You!