Wednesday, August 13, 2008

Kim doesn't like SSO?

My inbox continues to fill with people asking me about this - or, more accurately, saying that Kim doesn't like single sign-on and what do I think of that?

Kim Cameron, Microsoft’s chief architect of identity, is an enthusiastic advocate of information cards, which are not only vastly more secure than a password-based security system, but are also customizable, permitting users to limit what information is released to particular sites. “I don’t like Single Sign-On,” Mr. Cameron said. “I don’t believe in Single Sign-On.”

I don't want to put words in Kim's mouth but I'm guessing - let me say that again: I'm guessing - he's talking about externally focused personal, or Internet-based single sign-on -versus- internally focused enterprise single sign-on (e.g., Kerberos). There's certainly a difference in my mind from the perspective of disclosure of personal, private information.

In addition, many companies, Quest included, protect their internal networks via two-factor authentication, IPSec encryption, 802.1X, Group Policy enforcement of screen locks, etc., as a means to prevent unauthorized access to data (or sites) from workstations or snooping on-the-wire.

Do I see a day where an enterprise single sign-on (ESSO) product would support InfoCards? Absolutely. The lines continue to blur between what you do at home versus what you do at work, which machine(s) you use at work versus at home and as part of that blur third-party ESSO vendors are going to have to support what customers demand whether it be Kerberos, InfoCards, SAML or even pixie dust (should I ever get that to work)...

Technorati Tags:
, , , , , , , ,

No comments: