>
>> You might want to take a look at http://a-select.surfnet.nl/
>
> Thank you... currently digesting now....
>
> As far as I can see at the moment, all apps need to use A-Select API
> though...
No, the webserver needs to have the A-Select API. It is just an
ISAPI filter for IIS or a module for Apache that gets loaded into
the webserver. For the application it pretty much means "the
A-Select user identifying cookie is present and can be trusted".
> The Oracle version seems to promise that they can do it with any web app
> with a HTML form...
That is not too difficult, but some might consider it a security
risks to have people submit their username and password to a
participating site. It would definitely not qualify for a TTP
implementation, since the web application would 'know' the
username and password of the user, which means that you would
have to trust all web applications.
> I just cannot see the mechanism for this at all... [ see caveat about my
> understanding of the Oracle definition of an 'External App' above ]
With A-Select, it is pretty much:
- user enters website
- websites sees no authentication cookie and no authentication
URL var
- websites redirects to authentication server
* authentication server sees no authorization cookie
* user logs in
* authentication server sets authorization cookie
- authentication server redirects to website
- website sees authentication URL var and asks a webservice on
the authentication server to verify that authentication var
- user is logged in
If the user returns or visits another website that allows this
type of login, the steps marked with * do not have to be repeated
because there is an authorization cookie, so the process is
automatic for the user. He just gets redirected a few times.
The key part that is missing in your description is that the web
application also communicates directly with the authentication
server to verify the credentials the user presents.
I would be interested in anything more detailed you can dig up on
SSO.
Jochem
--
When you don't want to be surprised by the revolution
organize one yourself
- Loesje
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
