SSO / Single Sign-On (read: Simplified Sign-On)

The term “Single Sign-On”, and/or it’s typical acronym “SSO”, is used all over the place — for example in piles of specifications from various SDOs (Standards Developing/Development Organization) and other orgs (eg corporations, .edu world, government, etc). Does anyone — including the authors of said specifications — actually believe that a person would ever have a single set of credentials that they wield everywhere?!#%$^

I don’t believe most folks actually believe that. However, this discussion is decidedly NOT over. I too had thought it was — but then I was recently talking with another security protocol professional who was thinking that we, in the SSTC, were being presumptuous because we employed the “SSO” term, and he thought we were taking it literally, as in “single sign-on”. Which of course we don’t, and are not doing.

Rather, what most everyone appears to acknowledge, including us in the SSTC is that people will end up with some finite set of credentials, or personas, or identities (or whichever word you want to use according to the taxonomy/lexicon to which you subscribe), where the number of credentials is likely > 1 for any given person (but doesn’t have to be of course, it is zero for a lot of people on the planet as yet (in terms of the Internet)).

Note that this is the situation we’re in today, however those of us “in the know” create a new set of creds (eg username & password) for most every Internet site with which we establish a relationship. However, the hope of those of us behind various SSO technologies (e.g. SAMLv2) is that given deployment of these technologies, netizens will gradually have the option to maintain fewer credentials (aka personas) to wield with the sites/services we utilize. Thus our lives will be at least somewhat more simple and thus this interpretation for the “SSO” term. QED, etc.

So where does that leave the term represented by “SSO”? Personally, I subscribe to it’s real-life meaning being:

simplified sign-on

The perspective here being that (hopefully), given the emerging SSO-enabling technology (e.g. SAMLv2, Identity Web Services, etc.), it will begin to be deployed such that most all of us Netizens will have the opportunity to simplify our lists of site login credentials (I have > 80 last time I counted) and (hopefully) arrive at a more manageable number of credentials (aka personas) where n < 20 and hopefully for those who really want to, have n < 10. The foregoing quantities are just my personal off-the-cuff estimates, YMMV.

One Response to “SSO / Single Sign-On (read: Simplified Sign-On)”

  1. Eve M. says:

    More than 80, eh? Amateur! I tried counting mine recently, in alphabetized order, and had 22 of them just in the A’s. Admittedly about 5 of them are dead accounts and I haven’t gone back and figured out how to close them down — that’s a whole ‘nother problem.

    I, too, argued for n

Leave a Reply

You must be logged in to post a comment.