Web Initial Sign-on (WebISO)
March 8, 2006 | 6 Comments
Web initial sign-on or WebISO is a term defined by Internet2 as a system
designed to allow users, with standard web browsers, to authenticate to web-based services across many web servers, using a standard, typically username/password-based central authentication service.
They created the definition, but that doesn’t mean I need to like it… I’d like to propose an alternate working definition:
A single point for web based authentication which provides SSO across multiple systems and services.
I think that could be word-smithed further to really get it nice and concise. Please comment any recommendations you have on this.
What excites me about WebISO solutions is their fantastic ability to deep link systems and services. Users can bookmark or share URLs and when someone accesses these systems and services they will be required to provide credentials and then be directed through to what they need. This also sets up applications in a loosly coupled structure ideal for changing individual services without affecting others.
The drawback of this approach (when compared against a monolithic portal application) is how there is generally not a single welcome screen presented to users after authenticating. This loss of a “funnel” approach can cause weaknesses in communication and a perceived loss of control in your user population. Another potential area for weakness is providing a directory of services and ways for users to find what they need initially.
For those not familiar, a couple examples of real life WebISO tools would be: CAS (now JA-SIG as opposed to Yale), Pubcookie, WebAuth (from Duke), Shibboleth, and more.
Tags: "central authentication service", "web initial sign-on", authentication, cas, definition, duke, federation, identity, identity management, single sign on, sso, webauth, webiso, yale, yale cas