CrossNodes Briefing: Authentication - Page 2

By  Gerald Williams | Sep 25, 2001
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

The Importance Grows
The emergence of e-commerce systems and the acceptance of digital signatures as legally binding consent also pushed developments in authentication. The World Wide Web provides a flexible platform, but that flexibility comes at a loss of privacy and security. Still, financial institutions, retail sites, and companies seeking to create electronic links with customers and suppliers, see the appeal of a convenient, easy to use, and pervasive network. The full growth of e-commerce, however, remains limited by security concerns.

Vendors are addressing the problem. Microsoft, for example, included the Security Support Provider Interface (SSPI) in Windows 2000. SSPI supports a range of APIs that can perform authentication, context management, and message security. The developer also released a digital certificate and electronic signature system called Passport. Through this system, registered users can submit payment, and the authentication system assures companies that the transaction is legitimate.

In addition to Microsoft, such vendors as IBM, Hewlett-Packard, Oblix, Securant Technologies, and Tivoli systems, offer security suites that include authentication utilities.

A Search for Standards
The market needs standards, and these will emerge. Several committees exist to look at creating secure network connections and transactions. An XML standard, called Security Assertion Markup Language (SAML) focus on securely transferring authentication and authorization information. Under SAML, security can be built into the XML code based on the content being transferred. This shifts control to the content provider.

Obviously, implementing an authentication system can be complex. The network manager must register each user and the associated systems. This information generally resides in a database, but the database must be secure. As a result, many companies turn to third-party providers to establish an authentication and encryption system. This implies some loss of control. Therefore, network managers must carefully assess the risk to their networks and the ability of in-house personnel to support an on-going authentication system before they select an approach.

Gerald Williams serves as director of quality assurance for dolphin inc., a software development company. williams has extensive background in technology and testing, previously serving as editorial director with national software testing labs (nstl), executive editor with datapro research, and managing editor of datapro's pc communications reference service.

advancedinfo@home.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >