Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fortifying Your Network-Access Control: Page 7 of 11

Policy management plays a role as well, because devices authenticate themselves to the network or applications just as users do. In the environments described by Cisco's NAC (Network Admission Control) and Microsoft's NAP (Network Access Protection), for instance, devices that access network services must authenticate and develop a level of trust similar to that attained by users (for a rundown of NAC and NAP, see "What's on the Horizon?" at www.secureenterprisemag. com/0202/0202rd1.jhtml).

There is, as yet, no significant proposal to merge device and user authentication on the network. But that hasn't stopped architects from looking at the next level of authentication unification--identity federation.

SSO Without Borders

What if your business partner's network accepted the SSO information from your network login? What if your supplier's order-entry screens accepted your identity from your network as you connected over the intranet? These scenarios are examples of identity federation, a plan in which one enterprise trusts another to properly authenticate and authorize users. The issues here are philosophical and legal, in addition to technical. The benefits, however, are significant, as critical passwords and user information are stored only once and not communicated across possibly insecure links. Instead, networks accept authentication-verification tokens from one another as proof that the user's identity has been established to a satisfactory level.

Microsoft has pushed identity federation at the consumer level, with its .Net framework and Passport services. The difficulty in establishing the relationships has been demonstrated by companies such as eBay, which backed out of the Passport alliance after Microsoft made changes to the technology framework. Competing identity federations, such as the Liberty Alliance (founded by Sun and including financial services providers American Express and Fidelity), have their own standards that don't recognize or interoperate with Passport. Just as users have become comfortable with smart-card forms and technologies, it's possible the consumer-oriented identity federations will provide frameworks that can be used by businesses.