Skip Links

Network World

Alan Shimel

Chocolate In My Peanut Butter: Open Source Single Sign On Meets Open Source Two-Factor Authentication

WiKID Systems partners with Atricore to bring secure open identity management to everyone

By Alan Shimel on Tue, 05/24/11 - 3:39pm.

Back in November I wrote about WiKID Systems and how they were bringing open source two-factor authentication to the market since 2001. I used the WiKID story to explain what two-factor authentication works and why it is a far superior method for security access then passwords alone. Now WiKID is teaming up with Atricore, the open source identity management company, to combine open source single sign on with open source two factor authentication.

Atricore are the developers of the JOSSO (Java Single Sign On) project which with support for SAML and other standards has become a widely used technology in the identity management space.

SAML works with Federated Identity to allow disparate business applications both within and across corporate boundaries to work seamlessly.

Atricore offers several versions of JOSSO. A free and open community version and several commercial versions. The integration with WiKID’s two factor authentication works only with the JOSSO commercial versions. You can use either WiKID’s community or commercial version with the JOSSO.

In speaking with Nick Owen, CEO of WiKID he thinks the important thing to remember is that “in a firm with 250 users, the combined SSO/two-factor authentication solution would cost approximately $7,500 per year, a price a fraction of the cost of either solution alone from the market leading providers.” The open source solutions really make this affordable. Before this, only large banks and other enterprises could afford this. 

Both WiKID and Atricore offer free community versions and commercial versions of their products. Both of the community versions are fully featured and not crippleware by any means. 

Some of you reading this may not be familiar with single sign on and two-factor authentication. But combined they are a powerful tool to allow access to resources either in the cloud or on premises. With single sing on capability you can sign on one site and have that allow you to access other sites that participate in that sign on. Sort of like when you use your Facebook credentials to sign on to other sites.  

Single sign on is really convenient but fraught with security problems. Combining it with two-factor authentication is a big improvement. Owens says “We've always believed that SSO needed two-factor authentication to minimize the 'keys to the kingdom' risk”. 

It is good to see two open source companies working together to bring great solutions to market at price points unheard of before!

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
About Open Source Fact and Fiction

As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.

Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.

Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.

Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.

 

Most Discussed Posts

On The Web
Twitter
Facebook
Blog Roll
Podcast
http://www.securityexe.com
Personal blog
http://www.ashimmy.com
Work blog
http:///www.securityexe.com
Sports Blog
http://bleacherreport.com/users/205594-alan-shimel