Please Note: This article was originally written in Dutch and appears on the site Automatisering Gids (English: “Automation Guides”). The article has been translated by Google Translate here: http://bit.ly/3Dqc4A. The direct link to the original article is here: http://bit.ly/1cvvwg
October 23rd, 2009 – by Richard Keijzer
Various parties have tried to be a general purpose, secure login system for distributed environments to develop, resulting in a series of such systems. The Kantara Initiative aims to a diversity to that end, to forge one whole of the individual systems.
These are mainly the XML-based SAML, Microsoft and the OpenID Information Cards of the OpenID Foundation.
The latter is particularly recommended by sites like Google and Yahoo!, Info Cards while a major role in the sites that Microsoft holds sway. SAML is used by commercial websites that are ‘single sign-on’-able. “The three techniques allow the user to log on to one point, after which he or she gets access to all related sites,” said Matthew Gardiner of CA in the United States. Gardiner, on behalf of his employer, is involved in the Kantara-project, which is an amalgam of individual techniques. Gardiner: “The three methods seem broadly similar to each other, the differences are in the details. For us, the trick is to make all the difference in mapping to make a joint mechanism. ”
Single sign-on approach is one that arises in distributed ICT systems of large companies. An employee only has a single logging in and has access to all subsystems and applications to which they are authorized. This approach has migrated from the intranet to Internet, with all the dangers that entails. Where in an intranet is not necessary to constantly guard against the interception of communications, the Internet is indeed necessary.
“And do not forget privacy. You’re working on a public network and you must ensure that additional information does not fall into the wrong hands. It’s bad enough when personal information gets to the wrong parties and then we end up not even on liability. Look at the situation that large numbers of login credentials on the street to lie, as recently by Hotmail. Who is to blame and who should be responsible to pay if a lawsuit is brought up. More importantly, how could this have been avoided?” says Gardiner. After determining the liability may have another trial to follow, with regard to the amount of compensation payable.
The security of a complex-making process, can prevent data falling into the wrong hands. The methods mentioned are known as Federated Security, meaning that they work in a combination of environments. “A federation of websites, you may call it. Within this combined environment, the user can do anything, his identity as it were travels with him. The user calls a specific function, then an identity background check can be conducted on the basis of the previous login. How about universal control, the more effectively it works. And that is the purpose of Kantara. We are seeking a security system that is not dependent on a specific platform or a particular technology. The ultimate goal is an electronic door waiting on all systems in the world can run, “said Gardiner.
Kantara sees itself as a standard organization, where the members in control. Gardiner: “It is a peer-to-peer structure consultation, without a firm direction from above. Because the members freedom, new ideas can be quickly submitted and discussed. In practice, that is okay, if we have been able to establish. The start of Kantara was mid year, so actually we are still too short in time operating in this way for definitive statements to be allowed. ”
OpenID, Information Cards and SAML OpenID: This method allows an existing log to provide additional information, so that access can be given to services on other websites. Examples include an email address or other personal information. OpenID was created in 2005 as an open-source system. The technique is already used by sites like Google, Facebook and Yahoo!
Info Cards: As OpenID is an identification with the user. The mechanism is designed for Vista, an end to the situation that people need to remember long strings passwords. “The password is soon past, orakelde Bill Gates at the launch in 2006.” It is the successor to Passport, Microsoft security method that has flopped.
SAML: The Security Assertion Markup Language is the oldest technology. The foundation was laid in 2001, first working version appeared one years later. The technique is based on XML and uses strong encryption thereof. The method takes each IP packet in which information is sent and whether it fits within the prescribed limits. Always be certain to ask permission to send data without the user’s experience these.