True single sign-on: So close, yet so far

* Digital ID World panel debates enterprise single sign-on

It says a lot about people and vendors when you can get five of them together to discuss the area in which they all compete. Mostly, though, it says that there's so much business out there that there's no need to get snarky with each other.

At Digital ID World earlier this month, I moderated a panel about enterprise single sign-on (ESSO). The panelists were Marc Boroditsky, CEO of Passlogix, Patrick Morley, CEO of Imprivata, Slava Kavsan, vice president of engineering at RSA, Rich Moore, vice president of marketing at BNX Systems, and Chris Fleck, senior director of Strategic Alliances at Citrix. Each of their companies offers an ESSO product: V-Go (Passlogix), One-Sign (Imprivata), BNX ESSO (BNX), RSA (Sign-on Manager) and Citrix (Citrix Password Manager). Once in a great while one of them would say something like "our product does..." something, but generally they spoke about how ESSO can benefit the enterprise.

All agreed that a single sign-on project can be a winner provided you present it as a quick-hit "reduced" sign-on with an ongoing commitment to continue reducing the number of sign-ons required until it reaches one. By rolling it out quickly, you not only show a fast ROI but you also make the ESSO project available as a building block for other things - such as regulatory compliance.

Because the ESSO product is the gatekeeper for the network, it can monitor (and audit) all network access - something required by many of the regulations you need to comply with. But beyond that, it can also audit access to all of the applications and services for which it handles authentication. Many a legacy application has no way of logging, monitoring and auditing access on its own, but the ESSO service  - because it's the only way into the app for the users - knows exactly who is accessing the app, when it occurs and even which platform the user is on.

Even when I tried to get a little controversy going with this quintet, they refused to rise to the bait. For example, I said that the goal of having a "single" sign-on reminded me of Zeno's paradox. That's the one that can be summed up as follows:

Suppose I want to walk across the room to the door. First, of course, I must walk halfway to the door. Next I must walk half the remaining distance to the door. Then I must further walk half the remaining distance to the door. I'm still not at the door, though, so I walk half the remaining distance. But this will go on forever and I will never reach the door.

When I said that reducing sign-ons was something like that, each and every one of the panelists said "no!" They all agreed that true single sign-on is within our grasp. Well, who am I to argue. How's your ESSO project going? Have you reached the door yet?

Learn more about this topic

Today's top 5 stories from

1. Novell writes about how it migrated to Linux

NetWare Newsletter, 05/10/05

2. Microsoft sells ID mgmt. plan

Network World, 05/16/05

3. Extortion via DDoS on the rise

Network World, 05/16/05

4. Latest Sober worm sends German spam

IDG News Service, 05/16/05

5. Test: VoIP analysis tools

Network World, 03/28/05

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

IT Salary Survey: The results are in