In the “old days” of computing, a user would sit down at his or her workstation, login to the desktop, login to their email system, perhaps pull up a thick client or two, login to those as well, and maybe access a couple of internal web pages, and again, login to those. Now take into account that all of these systems are likely handled by different support groups, so the user has to not only remember user IDs for all of these applications, they need to remember the password associated with these systems. All of these security silos eventually become an administrative nightmare and result in a decreased user experience. Costs associated with helpdesk calls for password resets also increase.
With the proliferation of online, or web-based access, users are nowadays using less thick clients and more web-based applications. While this has helped to alleviate some of the problems associated with managing access to thick clients, the application security silo challenge still exists. Some of this was addressed by implementing strategic directories such as LDAP or Active Directory (AD), where the developers could code LDAP lookups to challenge users for credentials that were in a central location. This eliminated the need for multiple user IDs and passwords on web based systems. Pure Microsoft shops could also benefit by using domain authentication to sign users into their desktops, and use IIS as the web server platform that would sign the users in with Integrated Windows Authentication (IWA). While this seems like the way to move forward with web based access, other challenges still linger. What is a company uses AD but isn’t a pure IIS shop? Suppose half of the web platform is Apache, or iPlanet based.
This document is in PDF format. To view it click here.