Before deciding between the Single Sign-on security mechanism and Federated Identity, let’s try to understand what they are.
Single sign-on (SSO) can be defined as a session and user verification service, which authorises the users to use a single set of credentials to log on and gain access to multiple applications. For instance, a user can gain access to Gmail, Hangout and Google Drive with a single username and password.
Federated Identity or Federated Identity Management (FIM), on the other hand, is an arrangement which can be set up to connect multiple enterprises so that the subscribers can use a single identification for gaining access to multiple networks under all the enterprises of a specific group. For instance, once a user logs in to a particular application, the person can switch over to other applications like Facebook, Twitter, and LinkedIn and so on, without having to log in separately.
Choosing one over the other
Now the question is whether it is wise to opt for SSO over FIM or the other way round. Let’s dig deeper:
Of late, we have seen a lot of words being exchanged on this subject of the fraternity of IT professionals and Singapore business circle. There is a school of thought that is of the opinion that the two are synonymous. This is incorrect. The reality is if one looks at the concepts both of them tend to mean, there is enough room for confusion. The fact that there are some authentication products available on the market today has further fanned up the confusion.
Features of Single Sign-on
The concept of Single Sign-On authentication or SAML SSO grants authentication to the user to use all the domains, which are integrated under the mother application. Refer to the definition of SSO that has been mentioned at the start of this chapter. However, the mechanism also revokes other prompts, which may come up as and when the other users are simultaneously running active sessions on that application – something that happens in case of public domains like SingPass, used by thousands of users concurrently at any particular given point in time. That is the reason it uses 2FA SingPass corporate pass setup for optimal security and integrates them.
Features of Federal Identity
Federal Identity, on the other hand, links the electronic identity of an individual by considering them as attributes, which are stored in various identity management setups or systems. Naturally, this needs adherence to a set of certain guidelines for managing the identity of the user and policing on the same. The technology also describes certain standards, which can facilitate the portability of that identity across different domains of security – something that is the backbone of the Corpas integration concept used at present.
This particular setup is supported by another technology, which is known as Security Assertion Markup Language authentication or saml authentication. It is a process that facilitates the exchange of authentication and authorisation of data between multiple parties, for example between a service provider and an identity provider.
Hence, if we take into account all the aspects of this discussion, we can probably conclude that it is not the issue of opting for one security mechanism over the other. It is just opting for the right one, considering the security threat perceptions and taking the perfect decision to counter those threats. Both Single Sign-On and Federal Identity Management are perfect in their ways. It is just the prevailing business scenario and associated issues that determine the perfect authentication process that needs to be chosen.