Related Topics: Java EE Journal, Apache Web Server Journal, SOA & WOA Magazine

J2EE Journal: Article

SSO, Open Source and the 'Modern' Enterprise

The benefits of single sign-on

Efforts to modernize enterprise infrastructure have never been more complex. While the need is certainly there on multiple fronts – competitive edge, cost savings and new business initiatives, to name just a few – new hurdles seem to pop up no matter where an IT administrator might look. That includes not just management issues such as cap/ex costs and user resistance, but also an increasing pancake stack of integration layers within and among applications. New-generation software tools, legacy development tools, back-end data resources, hardware infrastructure – all elements need to play nicely, but few really do.

Enter single sign-on – and open source software – as a way to facilitate the interoperability required.

The benefits of single sign-on (SSO) – often viewed as a security-specific solution – go far beyond simple IT modernization. Certainly, anything that eases the integration burden of new additions to the enterprise software portfolio or SOA stack is a good thing.

But SSO can also yield direct bottom-line savings in reduced support costs. Users ringing help-desk phones about lost passwords to a dozen or more local and Web-based applications will certainly consume IT personnel less if they only have to worry about a single credential. With industry estimates putting the cost of one help-desk password problem request at about $30 per incident, many organizations can completely cost-justify an SSO project right there.

IT management will also have an easier time enforcing more stringent security measures, including strong passwords and session encryption, if users know they only need to imprint a single such credential in their heads. IT administrators will also run into far fewer broad security exposure situations, such as the lost laptop that contained Word documents with executive-level passwords to half-a-dozen critical applications mixed in with the user’s online IDs, including the one for the bank.

The idea of single sign-on (SSO) has been around for years. It’s the central part of any identity management solution. The idea is simple – user authentication across multiple systems with a single set of credentials. But until recently, actual reports of full-on enterprise-wide single sign-on solutions have been as frequent – and reliable – as Yeti sightings.

More Stories By Anthony Gold

Anthony Gold is vice president and general manager, Open Source Business, Unisys Corporation. He is also a board member on the Open Solutions Alliance (OSA). He serves as a business consultant for several startups in the Philadelphia region and is writing a book on how businesses can transform themselves leveraging open standards and services-oriented architectures. Anthony graduated from Drexel University with a bachelor of science in electrical engineering.

More Stories By Mike Anderson

Mike Anderson is chief architect of the Unisys Strategic Program Office for Open Source. He is responsible for providing thought leadership and strategy globally for the entire Unisys open source offering. Previously at Unisys he had established worldwide application architecture strategy for the telecommunications industry. He was the chief architect with overall design authority for the Unisys Next Generation Messaging solution for major services providers worldwide. NGM is based entirely on open source components.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.