CMP -- United Business Media

Intelligent Enterprise

Better Insight for Business Decisions

 UBM
Intelligent Enterprise - Better Insight for Business Decisions
Part of the TechWeb Network
Intelligent Enterprise
search Intelligent Enterprise
Advanced Search

RSS
Webcasts
Whitepapers
Subscribe
Home



February 1, 2002

And the Winner Is?

Single sign-on is a goal that several companies are pursuing, but who will become the dominant standard is still up for grabs

By Michael J. Hudson

Isn't what you can do online nowadays wonderful? I can pay my bills, look at my bank account, trade stocks, exchange emails, make airline reservations, and buy or auction almost anything online. But the problem with all these choices is that each one involves a completely different company, which means totally different Web sites that maintain separate user accounts for me. The information in each account is almost identical, yet I have to access each one separately when I go to each Web site.

Now, I could try some of those companies that bundle several services and thus consolidate my efforts into only two or three Web sites. However, I had a reason for choosing E-trade to do my stocks and not act as my bank account as well. In other words, certain companies execute particular services better than other companies, and regardless of how much they want me to do everything at one place, it's not always the smart thing to do. So, instead of consolidating these accounts, I have my little digital black book full of user names and passwords for every Web site or account I use. And because none of these sites talk to each other, whenever I need one service to talk to the other, I have to personally perform the actual transferring and swapping of information. And even if one service could talk to another, shouldn't I be wary of sharing my login information from one account to another?

On the other hand, wouldn't having only one point of contact be a lot easier? I could concentrate on what I need to get done instead of worrying about how to get access to the site that I need. I need a trusted single point of contact that all my services can share but not abuse. And I want it to do things like update my personal calendar application automatically after I purchase an airline flight. And when I visit the airline Web site, all my credit card information should already be there, ready to be used. Is this idea feasible? Can we do it now?

UNIVERSAL EFFECTIVENESS

In many ways, these ideas are already being used in some way or another by Web sites but not necessarily as part of a global single sign-on service. The reason is that in these paranoid times, integrity and trust are just as important as convenience and connectedness. However, the multitude of universal authentication services — the most well known being Microsoft's Passport system — are trying to address these issues. As these services become more prominent, businesses and developers must be familiar with them, because data collaboration, for all the reasons I described, will push the future of effective e-commerce.

But between Microsoft's Passport, Sun Microsystems' Liberty Alliance, AOL TimeWarner Inc.'s Magic Carpet, and Verisign Inc.'s already existing verification infrastructure, the arena is starting to get very crowded. And the irony isn't lost on each of these companies — that the mere presence of other competing services slowly destroys the idea of having only one central place or standard where customers can do all service authorizations. In other words, how effective is a universal sign-on when you still have to figure out which of the several universal sign-on services you're going to need to use?

However, the confusion between authentication services may not be as bad as it first seems. Sun Microsystems and the 32 companies (including the likes of RSA Security and General Motors) that are supporting Liberty Alliance are really only creating interfaces and standards for the interoperation of authorization services; they aren't actually creating or implementing the authorization system themselves, while Microsoft has created its own system. In other words, Liberty's philosophy is that each company or organization holds and implements its own user account services but when it must pass along authorization data or the like to other companies, it then must conform to the Liberty Alliance specifications.

CENTRALIZED VS. DECENTRALIZED

Unlike Microsoft's Passport system, Liberty's scheme has the greatest possibility to decentralize a user's information from one central global server. This feature will then let users explicitly choose which companies can literally share and obtain certain pieces of their information with other companies. On the other hand, Microsoft, which has always had a more centralized mindset, has already implemented its Passport system on a couple of central servers located at Microsoft's headquarters. Thus, all authorization must first go through Microsoft's centralized servers in contrast to Liberty's scheme where all authorization is on a company's server.

A lot of people like and trust Sun's decentralized focus for authorization, but currently it is only in the idea phase and no real specifications have been written up for it yet. On the other hand, Microsoft's Passport system is already up and running in a number of companies. In fact, Microsoft's new operating system, XP, makes signing up for a Microsoft Passport account almost mandatory to use the operating system.


Most Popular This Week
Kimball University: Better Business Skills for BI and Data Warehouse Professionals
Business Process Management 101: The Basics of BPM and How to Choose the Right Suite
Forrester Sees Convergence Trend In BI, Search
A Mashup Gives New Meaning to 'Military Intelligence'

IE Weekly Newsletter
Subscribe to the newsletter
    Email Address