What
are my options for web identity management?
If you are moving sensitive business content and processes to the
web, you must provide web identity management. You really don't
have a choice. Whether the web site is internal or facing the public,
you are faced with business and regulatory requirements that demand
prudent control of the information.
Fortunately you have a number of options for providing web access
management. Some are noted below:
-
Build the access control into the applications. Usually the
application asks for a user name and password before running.
This turns out to be relatively expensive, since each application
requires its own security management. Furthermore, this is not
particularly dependable, since frequent changes to applications
can compromise security.
-
Leverage the access control in the operating system or server.
Operating systems and web servers generally come with some form
of access control - usually password based. There are two issues
to this approach: it makes it difficult to mix operating systems
or servers, and operating systems have a spotty security history.
-
Integrate third-party software into your enterprise web site.
This generally requires establishing significant infrastructures
of support servers and directories. These extensive solutions
tend to be expensive with long, involved integration projects.
Many organizations find that it requires enterprise-wide buy-in
to implement these solutions. Changes to your servers or applications
might require re-integration projects.
-
Install a web identity authentication appliance. These appliances
tend to be quick to install and low cost. Well engineered appliances
provide stronger security than software based solutions. Some
appliances provide optional integration into your enterprise
infrastructures.
|