ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzoverview.htm

92 lines
6.4 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Single signon overview" />
<meta name="abstract" content="This topic describes the problems that a single signon solution is designed to alleviate and the benefits that you can attain by using single signon in your enterprise." />
<meta name="description" content="This topic describes the problems that a single signon solution is designed to alleviate and the benefits that you can attain by using single signon in your enterprise." />
<meta name="DC.Relation" scheme="URI" content="rzamzconcepts.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzoverview" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Single signon overview</title>
</head>
<body id="rzamzoverview"><a name="rzamzoverview"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Single signon overview</h1>
<div><p>This topic describes the problems that a single signon solution
is designed to alleviate and the benefits that you can attain by using single
signon in your enterprise.</p>
<p>In traditional network environments, a user authenticates to a system or
application by providing user credentials defined on and by that system or
application. Traditionally, both <a href="rzamzauthentication.htm#rzamzauthentication">authentication</a> and <a href="rzamzauthorization.htm#rzamzauthorization">authorization</a> mechanisms use the same user registry
when a user attempts to access a resource managed by the system or application.
In a single signon environment, authentication and authorization mechanisms
do not have to use the same user registry to enable users to resources managed
by the system or application. Single signon environments use network authentication
service (Kerberos authentication) as their authentication mechanism. In an
single signon environment, the user registry used for authentication does
not have to be the registry that the system or application defines. In a traditional
network environment, this poses a problem for authorization.</p>
<p>In an single signon network environment, applications use <a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM)</a> to
solve this problem. EIM is a mechanism for mapping or associating a person
or entity to the appropriate user identities in various registries throughout
the enterprise. Application developers for <span class="keyword">i5/OS™</span> use
EIM to build applications that use one user registry for authentication and
another for authorization--without requiring the user to provide another set
of credentials. The benefits of a single signon environment are numerous,
and not just for users. Administrators and application developers can also
benefit from the single signon solution.</p>
<div class="section"><h4 class="sectiontitle">Benefits for users</h4><p>The single signon solution reduces
the number of sign-ons that a user must perform to access multiple applications
and servers. With single signon, authentication occurs only once when users
sign into the network. Using EIM reduces the need for users to keep track
of and manage multiple user names and passwords to access other systems in
the network. Once a user is authenticated to the network, the user can access
services and applications across the enterprise without the need for multiple
passwords to these different systems.</p>
</div>
<div class="section"><h4 class="sectiontitle">Benefits for administrators</h4><p>For an administrator,
single signon simplifies overall security management of an enterprise. Without
single signon, users may cache passwords to different systems, which can compromise
the security of the entire network. Administrators spend their time and money
on solutions to diminish these security risks. Single signon reduces the administrative
overhead in managing authentication while helping to keeping the entire network
secure. Additionally, single signon reduces the administrative costs of resetting
forgotten passwords. Administrators can set up a single signon environment
where a Windows<sup>®</sup> (for <span class="keyword">Windows 2000</span> and
later releases) signon that allows access to the entire network, thus minimizing
authentication and identification management.</p>
</div>
<div class="section"><h4 class="sectiontitle">Benefits for application developers</h4><p>For developers
of applications that must run in heterogeneous networks, the
challenge is to create multi-tiered applications where each tier is likely
to be a different type of platform. By exploiting EIM, application developers
are free to write applications that use the most appropriate existing user
registry for authentication while using a different user registry for authorization.
Not having to implement application specific user registries, associated security
semantics, and application level security significantly lowers the cost of
implementing multi-tiered, cross-platform applications.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzconcepts.htm" title="Use this information to learn about the underlying concepts for single signon for a better understanding of how you can plan to use single signon in your enterprise.">Concepts</a></div>
</div>
</div>
</body>
</html>