92 lines
6.4 KiB
HTML
92 lines
6.4 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Single signon overview" />
|
|
<meta name="abstract" content="This topic describes the problems that a single signon solution is designed to alleviate and the benefits that you can attain by using single signon in your enterprise." />
|
|
<meta name="description" content="This topic describes the problems that a single signon solution is designed to alleviate and the benefits that you can attain by using single signon in your enterprise." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamzconcepts.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzamzoverview" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Single signon overview</title>
|
|
</head>
|
|
<body id="rzamzoverview"><a name="rzamzoverview"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Single signon overview</h1>
|
|
<div><p>This topic describes the problems that a single signon solution
|
|
is designed to alleviate and the benefits that you can attain by using single
|
|
signon in your enterprise.</p>
|
|
<p>In traditional network environments, a user authenticates to a system or
|
|
application by providing user credentials defined on and by that system or
|
|
application. Traditionally, both <a href="rzamzauthentication.htm#rzamzauthentication">authentication</a> and <a href="rzamzauthorization.htm#rzamzauthorization">authorization</a> mechanisms use the same user registry
|
|
when a user attempts to access a resource managed by the system or application.
|
|
In a single signon environment, authentication and authorization mechanisms
|
|
do not have to use the same user registry to enable users to resources managed
|
|
by the system or application. Single signon environments use network authentication
|
|
service (Kerberos authentication) as their authentication mechanism. In an
|
|
single signon environment, the user registry used for authentication does
|
|
not have to be the registry that the system or application defines. In a traditional
|
|
network environment, this poses a problem for authorization.</p>
|
|
<p>In an single signon network environment, applications use <a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM)</a> to
|
|
solve this problem. EIM is a mechanism for mapping or associating a person
|
|
or entity to the appropriate user identities in various registries throughout
|
|
the enterprise. Application developers for <span class="keyword">i5/OS™</span> use
|
|
EIM to build applications that use one user registry for authentication and
|
|
another for authorization--without requiring the user to provide another set
|
|
of credentials. The benefits of a single signon environment are numerous,
|
|
and not just for users. Administrators and application developers can also
|
|
benefit from the single signon solution.</p>
|
|
<div class="section"><h4 class="sectiontitle">Benefits for users</h4><p>The single signon solution reduces
|
|
the number of sign-ons that a user must perform to access multiple applications
|
|
and servers. With single signon, authentication occurs only once when users
|
|
sign into the network. Using EIM reduces the need for users to keep track
|
|
of and manage multiple user names and passwords to access other systems in
|
|
the network. Once a user is authenticated to the network, the user can access
|
|
services and applications across the enterprise without the need for multiple
|
|
passwords to these different systems.</p>
|
|
</div>
|
|
<div class="section"><h4 class="sectiontitle">Benefits for administrators</h4><p>For an administrator,
|
|
single signon simplifies overall security management of an enterprise. Without
|
|
single signon, users may cache passwords to different systems, which can compromise
|
|
the security of the entire network. Administrators spend their time and money
|
|
on solutions to diminish these security risks. Single signon reduces the administrative
|
|
overhead in managing authentication while helping to keeping the entire network
|
|
secure. Additionally, single signon reduces the administrative costs of resetting
|
|
forgotten passwords. Administrators can set up a single signon environment
|
|
where a Windows<sup>®</sup> (for <span class="keyword">Windows 2000</span> and
|
|
later releases) signon that allows access to the entire network, thus minimizing
|
|
authentication and identification management.</p>
|
|
</div>
|
|
<div class="section"><h4 class="sectiontitle">Benefits for application developers</h4><p>For developers
|
|
of applications that must run in heterogeneous networks, the
|
|
challenge is to create multi-tiered applications where each tier is likely
|
|
to be a different type of platform. By exploiting EIM, application developers
|
|
are free to write applications that use the most appropriate existing user
|
|
registry for authentication while using a different user registry for authorization.
|
|
Not having to implement application specific user registries, associated security
|
|
semantics, and application level security significantly lowers the cost of
|
|
implementing multi-tiered, cross-platform applications.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzconcepts.htm" title="Use this information to learn about the underlying concepts for single signon for a better understanding of how you can plan to use single signon in your enterprise.">Concepts</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |