Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
Overview
A major driver behind the creation of authentication infrastructures is single sign-on (SSO). In short, SSO is the ability for a user to authenticate once to a single authentication authority and then access other protected resources without reauthenticating. The Open Group defines SSO as the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.
This chapter focuses on the architectural approaches one can take when designing an SSO solution for a large IT infrastructure and on the security technology building blocks that can be used to construct such an SSO infrastructure. This chapter does not address the architecture of every SSO solution that is currently available on the software market. Many of them have a relatively small scope and only span a couple of applications, platforms, or authentication methods.
Remember that SSO is “authentication”-related, not “authorization” related. Too many people confuse authentication and authorization. Authentication is a security process that assures that a user’s identity is authentic, or in other words that another user, application, or service knows who it is talking to. Authorization is a security process that decides what a particular user is allowed or not allowed to do with a resource.
Категории