[LINK] 'Telstra deploys single sign-on for [400] staff'
Karl Auer
kauer at biplane.com.au
Thu Jul 28 20:22:39 AEST 2011
On Thu, 2011-07-28 at 19:45 +1000, Frank O'Connor wrote:
> Single sign on … a fairy tale, unless you work in an organisation of
> less than a few hundred people … and even then if it can go wrong it
> will go wrong.
At ETHZ in Zurich they implemented SSO seven (eight?) years ago. One
password to access VPN, corporate web sites, email, your own personnel
files, various web applications, access to software repositories,
version control systems, centralised backup systems and so on. I'm not
sure, but I think the Uni libraries stayed out of the system. Nor did it
extend to individual desktops, though it may do now. I doubt it though -
not for technical reasons but because the various departments of the
ETHZ are like little kingdoms, and that level of cooperation on desktop
config and access seems unlikely.
It worked very well, still does. I don't know the technology they
deployed and I don't know how it has performed security-wise, but I do
know that the entire organisation heaved a sigh of relief when it was
implemented. It reduced the number of passwords from many to two or
three, depending on one's job.
I used the ETHZ SSO to access most of the above items. It never missed a
beat for me.
ETHZ has (from memory) about 7000 staff, about 15000 students, about
30000 connected nodes on about 50000 switch ports, and a city-wide WAN
with a couple of outlyers like CERN and EPFL. Not a huge organisation,
but certainly not tiny.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20110728/5cff04e9/attachment.sig>
More information about the Link
mailing list