On September 10, 2012 10:03 , Nick Kew <nick@xxxxxxxxxxxx> wrote:
I need to implement SSO (Single Sign On) for a tool to be launched for people of our organization only.For true SSO solutions, look atAny strong reason to prefer those to worldwide initiatives such as OpenID/OpenAuth?
Mostly because I didn't think of them :) But, now that you've asked:My understanding is that most of the following features offered by cosign/PubCookie/CAS are not offered by OpenID/OpenAuth:
* Centralized Single Log Out.
* Per-site forced reauthentication (e.g., when user's IP address
changes, or when they access a particularly sensitive resource)
* Per-site multi-factor authentication (including hardware tokens,
X.509 client certificates, etc.)
* Idle time outs (require reauthentication after, say, 2 hours of
no pages being requested).
* Hard time outs (require reauthentication, say, every 24 hours or
every week, regardless of activity)
* Credential proxying to back-end services (other web servers,
IMAP, LDAP, databases, etc.)
Regardless of the above, OpenID/OpenAuth may be a fine choice for the original poster, depending on his requirements, particularly if he sets up his own OpenID provider rather than using an external provider such as Google or Yahoo.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|