Single sign-on (or SSO) is a system which associates the credentials for a number of network resources with a single set of credentials (a username/password pair, smart card, etc), allowing a person to use the single set of credentials to access all of the associated resources.

Single sign-on is becoming more prevalent across the world's networks, as people are trying to manage passwords for dozens or hundreds of separate systems, from computer accounts to website access, from databases to legacy applications.

Proponents of single sign-on claim that the systems reduce the likelihood of a compromised credential since there are less to keep track of, while opponents note that if that one set of credentials falls into the hands of another, that person immediately gains access to everything the victim has, as there are no secondary sets of credentials.

One major challenge confronting single sign-on systems is the difficulty of managing the credentials on widely disparate systems. Many legacy applications can be difficult to integrate with a single sign-on solution, as can websites and resources that are not under the direct control of the organization managing the single sign-on solution.

A large provider of single sign-on services for the Web is Microsoft's Passport system, which allows people to use their Passport credentials instead of a login unique to that site. One big limitation with the Passport network is that it limits the user to Microsoft technologies, so those wishing to create their website using PHP on an Apache webserver could not use Passport for authentication.

The Liberty Alliance Project is working to create and maintain standards for single sign-on and identity federation to allow systems to interoperate more easily.

Single sign-on is often coupled with an Identity Management solution which allows users or administrators to determine access to resources, provide password management capabilities, and information management.

Log in or register to write something here or to contact authors.