Today at Facebook’s event in Palo Alto, CA the company wanted to talk about mobile. First, CEO Mark Zuckerberg unveiled a few updates to both Facebook’s Android and iPhone apps. But the real key to all of this is the platform, he said.
Zuckerberg invited the head of Facebook’s mobile platform team, Erick Tseng, on stage to talk a bit more about that. Tseng said that Facebook’s vision is to create “a true horiztonal platform“. And the first major component of that is a single sign-on, he said.
This is a button that third-party developers can use to give users a one-click way to sign on. “It removes the need to ever have to type a username or password again,” Tseng noted. This is all about “saving you time from things you have to do, to the stuff you want to do,” he continued.
This is something that Zuckerberg has been talking about for a while now. And back in August, CTO Bret Taylor noted that they have a team called “Platmobile” working on this very thing.
Tseng noted that implementing this is just a few lines of code. In fact, it’s the same permission system that over a half million games and apps use today on facebook.com, he said. And with that, he invited people from Groupon and Zynga to talk about their experience implementing this.
Other partners launching this shortly include Yelp, Loopt, Flixster, Booyah, and SCVNGR.
But it’s important to note that single sign-on is just the first part of the mobile equation. This is also all about some new APIs — such as location ones, with write and search access. And a new Deals element.
You might ask How does single sign-on work? Do I have to create the privileges and roles for each application, or do I create the roles and privileges only once?
The definition for single sign-on from The Open Group is, "Single sign-on (SSO) is a mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error, a major component of systems failure, and is therefore highly desirable but difficult to implement."
How single sign-on systems work is implementation dependent. For example, in a Windows NT (or 2000) network, applications can use integrated Windows NT authentication mechanisms. If set up to require particular users or groups of users, anyone who is allowed access that has already been authenticated to that domain will be granted access. They do not need to sign on again.
Novell takes a different approach. All applications still have their own usernames and passwords, but they are stored in what they call SecretStore. According to their Web site, "Once you authenticate to NDS, SecretStore automatically collects and encrypts your application passwords the first time you use them. When you next attempt to use an application, the application's client will try to verify that you are authenticated to NDS.
If NDS responds that you are authenticated, the client requests your application password from the SecretStore. NDS retrieves your encrypted password from the SecretStore and sends it to your workstation, where it is decrypted and used to give you access to the desired application. This entire process takes only seconds and is completely transparent: Once you authenticate to NDS, Single Sign-on manages the rest of your logon processes."
There are other methods of implementing single sign-on as well.
What this means in any case, is that you need to define who has access to each application and to what level, on a per application basis. However, if you define standard groups or roles, it should be easy use the same definitions from application to application.
Implementing single sign-on in a secure way is not trivial and needs to be well thought out before beginning implementation.
To know more about (SSO) :
No comments:
Post a Comment