The Race for Internet Single Sign On
Posted by Bob Warfield on December 9, 2008
Single Sign On is a facility common in Enterprise Software that let’s you sign in once (or at least use the same userid and credentials) to gain access to every piece of software, even though they may come from many different vendors. It’s a nice time saving convenience. There is currently a big move afoot to provide SiSO (the usual abbreviation for Single Sign On) for the web itself. Google has OpenID, Facebook has recently delivered Facebook Connect, and now there is MySpaceID.
Who will be next? The browser owners such as Mozilla? SalesforceID? Why not? SFDC is cozying up to Google in various ways and it isn’t hard to implement SSO with the Salesforce platform. My own company, Helpstream, supports Salesforce and OpenID (e.g. Google) SSO. It’s a great convenience to our customers, and more importantly to our customers customer’s who use our application for Customer Service. When it comes to security issues, why should credit card issuers or some such get into the fray?
In the end, I can’t think of a good reason for any of these to be the dominant winner in the near future, so application vendors should support as many of them as they can. Eventually businesses will insist on SSO. They already have it for on-premises applications. Who knows, maybe business will insist on it for security reasons. That’s another factor in Enterprise use where businesses want an API that lets them rapidly shut off all the accounts for a particular user, for example, a terminated employee. None of the current Internet SSO options support that, but we saw such functionality added to the iPhone not long ago.
Dave Weiner, as channelled by Dare Obasanjo, says these standards are too complex and that points the way to a new generation. I disagree. It’s been easy to implement OpenID and Salesforce credentials at Helpstream, and we’re going to do Facebook next. This is just wishful thinking from Weiner and Obasanjo who abhor the idea that SSO might be locked up by one of these big players. The lockup isn’t going to happen precisely because it is pretty easy to support more than one. Dare also points out some good examples where you may not want a single ID identifying who you are in every web situation lest things become embarrassingly co mingled. OTOH, advertisers will love having yet another way to see whose footprints on various web pages are whose.
Keep watching the drama, and ask you software vendors to support the standards you want to use. It’s all part of the growth and maturation process for Cloud Computing. And be careful if you think your online presence is anonymous!
Related Articles
GigaOm: MySpace launches MySpaceID
5 Responses to “The Race for Internet Single Sign On”
You must log in to post a comment.
botchagalupe said
Why no mention of OpenSSO?
smoothspan said
Sure why not OpenSSO? That’s the beautiful thing about standards, there are so many to choose from!
From my perspective, it’s all about who has the mindshare when I look at what SSO standards I would want to commit dev resources to support. For me, this is largely a question of what kind of application you are offering and which standard your audience likely already has credentials on.
Looking at OpenSSO, I can imagine audiences where it makes sense, but I’m not sure it is anywhere close to the influence level of a Google or Facebook.
Cheers,
BW
natel2 said
Why no mention of industry standards like SAML and the best-in-class SSO provider, Ping Identity?
smoothspan said
SAML is too far under the covers–plumbing, not a solution.
Ping Identity? Same category as OpenSSO–not a broad enough installed base to be in the same category as these others.
Seriously. There are a ton of standards. Most of them just don’t matter. It’s all about who has your login TODAY, because developers aren’t spending time on some standard that might get your login SOMEDAY.
Why am I going to do Ping Identity until long after I’ve done Google, Facebook, MySpace, and whomever the other 800lb gorillas are in my space?
Cheers,
BW
webhat said
This is actually what I am working on as of yesterday for my employer, creating a Single-Sign-On for Google Friend Connect, FaceBook Connect, Hyves, OpenID, Yahoo! 360 and other OpenSocial services using OpenID as out outwardly facing SSO service.