(Page 2 of 2)
While some U.S. universities have been using Shibboleth since 2003, adoption of the system grew rapidly in 2005. It's now used at 500-plus sites worldwide, including educational systems in Australia, Belgium, England, Finland, Denmark, Germany, Switzerland, and the Netherlands; even institutions in China are signing on. Also in late 2005, Internet2 announced Shibboleth's interoperability with a Microsoft security infrastructure called the Active Directory Federation Service.
Critically, the system is moving into the private sector, too. The science and medical division of research publishing conglomerate Reed Elsevier has begun granting university-based subscribers access to its online resources through Shibboleth, rather than requiring separate, Elsevier-specific logins. And Cantor has forged ties with the Liberty Alliance, a consortium of more than 150 companies and other institutions dedicated to creating shared identity and authentication systems.
With Cantor's help, the alliance, which includes companies such as AOL, Bank of America, IBM, and Fidelity Investments, is basing the design of its authentication systems on a common standard known as SAML. The alliance, Cantor says, was "wrestling with lots of the same hard questions that we were, and we were starting to play in the same kind of territories. Now there is a common foundation....we're trying to make it ubiquitous." With technical barriers overcome, the companies can now roll out systems as their business needs dictate.
Of course, Cantor is not the only researcher, nor Shibboleth the only technology, in the field of Internet authentication. In 1999, for instance, Microsoft launched its Passport system, which let Windows users access any participating website using their e-mail addresses and passwords. Passport, however, encountered a range of security and privacy problems.
But thanks to the efforts of the Shibboleth team and the Liberty Alliance, Web surfers could start accessing multiple sites with a single login in the next year or so, as companies begin rolling out interoperable authentication systems.
OTHER PLAYERS
Universal Authentication
Stefan Brands -- Cryptology, identity management, and authentication technologies
McGill University
Kim Cameron -- "InfoCard" system to manage and employ a range of digital identity information
Microsoft, Redmond, WA
Robert Morgan -- "Person registry" that gathers identity data from source systems; scalable authentication infrastructure
University of Washington
Tony Nadalin -- Personal-identity software platform
IBM, Armonk, NY
Home page image courtesy of Bryan Christie Design.
Guest (farang)
When I log in to a commercial account -- for example a brokerage account or my mortgage records -- they need to know a lot more than that I am registered at a particular university. How does this system apply outside the academic world?
Guest (Will Norris)
Any number of attributes (name, account numbers, etc) about a user can be sent along to the service provider. You are not limited to simply affiliation-type data.
Guest (threemallards)
Any system that produces a sense of enhanced confidence in its reliability will cause greater difficulties to the person whose identity is compromised. it is human nature. However, since most people only use a few passwords over and over again, single-signing is not inherently more insecure. to believe it can't be hacked is naive. See http://rfidanalysis.org/
Guest (Gurudatt Shenoy)
Universal Identity and NetAlter
NetAlter is developing an Alternative to the Internet and one of the key features is the concept of Universal Identity that will access multiple services and applications. However there is a minor difference in that the user gets to decide if he or she wants one single ID or seperate IDs. And even if the user creates seperate ID, all of these will have reference to the Universal ID that is provided at the time of registration with NetAlter (which ofcourse is free to end users)
"Australia, Belgium, England, Finland" the poor author does not even have basic geographic knowledge that the UK is 4 countries not just England. It is like saying "Ohio" when you mean USA. If he can't get that even right, I would not even bother with the rest of article.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Guest (chuan)
Double-edge sword
"Worse, the diversity of authentication systems increases the chances that somewhere, your privacy will be compromised, or your identity will be stolen."
Single sign-on means that losing your password will have greater implication than before. Is there any way of overcome this problem ?
Reply
Guest (Scott Cantor)
Single sign-on doesn't imply passwords. Stronger authentication is the best way to deal with the single credential problem. Also, note that most non-technical users just reuse the same passwords everywhere, making the exposure very similar with or without SSO.
Reply