Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. [Wikipedia]
As you can see from the definition the Method helps in the Authentication Level, not in the Authorization Level, which is a completely different level.
The basic occurrence, thus most common, is in one of the following:
- a homogeneous IT infrastructure
- a single user entity authentication scheme exists
- a user database is centralized
In short where a user credentials is stored on a LDAP Database, Like Active Directory, or on a Rational Database, like ASP.NET Membership provider DB, for user authentication and authorization, which in turn means single sign-on has been achieved organization wide.
One of the most common example of SSO in the E-Commerce is Amazon an PayPal , which in both cases centralize consumer financial information on "one" server, not only for the consumer's convenience but also to offer increased security by limiting the number of times credit card numbers or other sensitive information must be entered.
Thus, Single sign-on (SSO) is method with which using a single action the user gets his current session authentication and authorization access permission to all computers and systems where he has access permission, without the need to enter multiple time the authentication token.
Enterprise single sign-on (E-SSO / ENTSSO) systems are designed to minimize the number of times that a user must type their ID and password to sign into multiple applications. The E-SSO solution automatically logs users in, and acts as a password filler where automatic login is not possible. Each client is typically given a token that handles the authentication, on other E-SSO solutions each client has E-SSO software stored on their computer to handle the authentication. On the server side is usually an E-SSO authentication server that is implemented into the enterprise network. [Wikipedia]
Enterprise single sign-on (E-SSO / ENTSSO) is one of the current quests of the major companies - One is Microsoft with it's LiveID for the which is part of the Via Windows Live , and the other is Google within it's realm. The concept of SSO quite useful in large companies, which usually have heterogeneous systems - This is one of the main reasons that Biztalk 2004 has a build-in system which support SSO out-of-the-box. Not only that, but, Sharepoint 2003 was one of the more known Microsoft application which supported SSO out-of-the-box (there were others, but this one is one of the most known ones at the time).
Microsoft has decided that it's about time to integrate two product / technologies together - Windows Live ID adds Beta support for Information Cards with Windows CardSpace!. The last time i've checked the release date was due this November, but due to the fact that even the release date of Visual Studio has moved to the beginning of 2008, I guess this one did as well.
We all know that we have sample of implementations of integration of CardSpace ( which has a new BLOG at MSDN Windows CardSpace Team Blog ) with ASP.NET membership providers
- One which was created by Mike Jones - Microsoft released CardSpace HTML & ASP.NET 2.0 Kits
- and the other one was done by Dominick Baier - ASP.NET CardSpace Control
Benefits of CardSpace are well known from previous post Can CardSpace be Federated? Yes, using WS-Federation. Benefits ? Yes, SSO ! which is possible due to the use of :
- Federation is a new approach, also for web applications, which uses standards-based protocols to enable one application to assert the identity of a user to another, thereby avoiding the need for redundant authentication. Standards to support federation include SAML and WS-Federation . [Wikipedia-Single Sign-On]
- SAML Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee. [Wikipedia-Single Sign-On]
As well as a new post from Vittorio Bertocci - WS-Trust with Chianti that reassures us that Windows CardSpace will work without HTTPS, too - thus simplifying the use of CardSpace.
On the other hand we have LiveID, which BTW has it's own space.
On 15-Aug-2007 the LiveID Team announced Windows Live ID Web Authentication SDK for Developers Is Released which has it's own Web Authentication software development kit (SDK) (or from MSDN) which includes a QuickStart sample as Documentation
This adds Microsoft to the SSO solutions from major internet companies:
For developers and architects, it should be good to develop a SSO wrapper for self use and includes those worldwide SSO providers for applications.
Does it all stop here ? no way - According to Ani Babaian (XAML Chick): Enterprise (E-SSO) with Mobile Devices :
Microsoft, Avaya, Sprint and Ping Identity come together to discuss E-SSO (Enterprise Single Sign-On) over Mobile Devices. In this panel each discussed the importance of having a mobile solution for identity. Frank Chang also demonstrated a scenario of what Microsoft might be looking at as a solution. This was a great panel with over 40 people present it was one question after the next from the audience about how Avaya, Ping, Sprint and Microsoft would solve the mobile identity issue.
In many ways people wanted to know how the multiple devices and one identity problem would be solved? Which really was a great place for Windows CardSpace, but we do Federated CardSpace Cards exist asked Avaya from Microsoft. The notion of being able to have one identity that can be used by many and remote-ing identity is a pain that we all really need to look at more closely was pointed out by the audience.
But then came the question about enterprise. For most enterprises they are the center of their own universe, is what Avaya said.
So how all of this possible ? well hopefully you've heard about the wonders of securely storing configuration data in Enterprise Single Sign-On Server (Ent SSO), but there's never exactly been an easy, convenient way to load SSO with your data. Richard Seroter tackled this issue and came up with his very own SSO Data Storage Tool.
Get it here: http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data-storage-tool/
Hoping that next article will shade some light on SmartCard in SSO.
BTW here's a nice article on Live.com development: The Windows Live SDK and Passport Opens Up
CardSpace: Behind The Code - http://blogs.msdn.com/card/ ( what else could it be ;) )
Well I don't know if WPF / WF / WCF teams have a BLOG outside the netfx3.com domain , but now the CardSpace team has one , and the above is their "space".
Thinking of it, as opposed to the others, CardSpace is almost half product half technology ...
Why ? the concept is based on the use of public WS-* protocols, and the CardSpace was written from scratch, with disregard to the Microsoft "Product", for Linux and Mac by Novell , using plain simple C++ and TK for the GUI while the engine is using MONO ( as far as I know ! )
Ok , so I needed an UPDATE statement that can update an entire column using another SELECT. Well not just any SELECT, an Aggregative SELECT , well here's my sample ( hope you'd understand from it what I was trying to do ;) )
SET ArticleAvgGrade = AUC_ArticleGrade
FROM tblArticle AS A
JOIN ( SELECT ArticleID AS AUC_ArticleID ,
AVG(ArticleGrade) AS AUC_ArticleGrade
WHERE ArticleGrade is not null
GROUP BY ArticleID) as AUC
ON ArticleID = AUC_ArticleID ;
As the windows 2003 R2 ,as such is the Biztalk 2006 R2 - A product which is very similar to the previous one , but with new added "Wizards". relevant links:
- Introducing BizTalk Server 2006 R2
- BizTalk 2006 R2 Datasheet
- BizTalk Server 2006 R2 Installation and Upgrade Guides
- BizTalk 2006 R2 Capabilities posters
- BizTalk Server 2006 R2 Evaluation (!)
Regardless of the size of your organization, you need best-in-class infrastructure. BizTalk Server 2006 R2 delivers enterprise-class infrastructure. Through BizTalk Server 2006 R2, Microsoft delivers the tools to connect both proprietary and standards-based systems. The Server Infrastructure pre-integrates .NET technologies making BizTalk a central part of any SOA strategy. BizTalk Server 2006 R2 is a strong asset to enable visibility into all of your business process data from the core of your enterprise but also to data at the edge. The edge includes devices such as RFID but also extends to customers and partners throughout the supply chain.
Installing Moss2007 , are we ? try to start the Search Index Service or something like that ?
well try adding the domain name like "MyDomain\MyMossAdminUser" to the relevant textBox ;)
This article is by Yaron Niv from migdal.co.il, a good friend from the good old days.
It seems that IE6 does differ from different versions of Windows, as the case shows.
Further more there were problems which were related to CSS style sheets.
Thanks yaron =)
Ok , so you made the mistake and installed Sql2005 Express Client Toolkit BEFORE you have installed another version of SQL on the same machine - Some options :
- Upgrade an existing SQL Server Express! Mount the MS SQL 2005 Server CD. You automatically see a dialog box where you can start the installation. Stop this installation page, and instead click Start Run: <CDROM>:\Setup\Setup SKU- UPDATE=1 directly from the CD
- Install the Microsoft SQL Server 2005 Express Edition Toolkit Download (223.9 MB)
- The Old fashion uninstall of the Express edition , and re-install it if you really need it ;)
Ok , so one of my off time "hobbies" is regEx , this is part of a project which is personal to me and natasha. Any way I needed a display of the key as well as it's value when "debugging" the regular expression text , so here is the relevant code, where "GetGroupNames()" is the part I was looking for.
Regex regex = new Regex(tbxRegEx.Text, GetRegExOptions());
MatchCollection mc = regex.Matches(tbxText.Text);
tbxResult.Text = string.Empty;
StringBuilder sbText = new StringBuilder();
for (int i = 0; i < mc.Count; i++)
sbText.Append("--------- Start Match " + i.ToString() + "---------");
GroupCollection gcl = mc[i].Groups;
string regexNames = regex.GetGroupNames();
for (int j = 1; j < regexNames.Length; j++)
//tbxResult.Text += "--------- Start Group " + j.ToString() + "---------";
//tbxResult.Text += Environment.NewLine;
sbText.Append( regexNames[j] + "\t\t");
if (regexNames[j].Length <= 8)
sbText.Append(gcl[regexNames[j]].Value.Replace(" ", " "));
if (gcl.Count == 0)
tbxResult.Text += mc[i].Value;
tbxResult.Text += Environment.NewLine;
catch (Exception ex)
tbxResult.Text = sbText.ToString();