5.5.3 Centralized vs. Decentralized
In a centralized single sign-on, data is held at a certain location where authorization takes place. Today, Microsoft Passport is the most talked about centralized single sign-on service. The Liberty Alliance approach is that a company implements its own account service, conforming to the Liberty Alliance specifications for interoperability with other companies444. Note: VeriSign supports both Passport and Liberty.
In addition to Single sign-on being centralized or decentralized, privilege management can be centralized or decentralized. For example, all privilege management can be controlled by a central group of administrators. Alternately, privilege assignment can be delegated to the group specifically responsible for each server. For example, the Accounting Applications team might manage user privileges on the servers used for accounting functions. The SQL Server team might manage user privileges on the servers used to run the SQL Server database. Etc. Phase 2 adds ID specifications to web services. ID-SIS (IDentity Service Interface Specifications) are part of phase 3. The truce between Sun and Microsoft for 10 years (2004-2014445) should make it easier to have Passport and Liberty authentication interoperate.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.