Security Architecture - Beyond Passwords?

a voice in the crowd asks: "We're investigating different PKI technologies to introduce support for strong authentication, single sign-on and secure messaging. There seems to be a broad range of both companies and approaches out there. I'm looking for success and horror stories from those who have taken point on this issue. Your help is appreciated." Read on for more information on what is being evaluated and the critical questions being asked.

"Some of the pieces currently under review include:

• Verisign's Onsite Lite
• USB Token holders (aladdin, hasp, etc)
• smart cards

Some of our questions include:

• What headaches is key recovery going to be?
• Is there any meaningful long-term competition?
• How reliable is the hardware once deployed?
• How is vendor support?
• Is the integration with Win2k, Notes, etc both functional and seamless?
• What policy administration issues do we need to be aware of?
• What best-practice documents are available?
• How locked in will we be?
• Will our Blackberry 5810's grok the secured messages, and if so do they represent a point of vulnerability for the certificates?
• Can we enforce non-trivial PINS
• What changes to your help desk workload and practices have resulted?

Most importantly, Do the users like it?"

Novell SingleSignOn

[CounterZer0]

Novell's SingleSignOn solutions with iChain, iManage, and dirXML work wonderfully. And yes, users I've seen use it, have loved it (primarily RSA SecureID's).