donderdag 16 april 2009

myOneLogin ad

I just read one big ad (dressed as an article) for the myOneLogin service. It is some kind of identity broker, directed at enterprises and SMB's, facilitating single sign-on for cloud applications. It's a $3/month per user service that might replace the use of OpenID for enterprises users. It also addresses strong authentication needs and can cope with SAML.

Anyway: this has got nothing to do with identity 2.0. It's not the end user that is in control of his identity. This may be fine for enterprise use, but why would a company pay fot sso in the cloud? Enterprise sso (esso) may be considered a security measure (it makes sharing accounts by end users difficult). And if you employed esso, cloud apps should be handled as well.

I'm a little bit concerned about such developments. The problem with services like this (as wel as with OpenID) is that a central authority gets to know my whereabouts. Can these authorities be trusted? How about international regulations? Any clue? How do they handle logging and log analysis? Or log retention (I hope Not).

I'm happy with this kind of development, because it propagates the use of open standards like SAML.

Still, not for me, though. I prefer an internal esso and besides, the password store in firefox and ie is capable enough. It is great, however, that using sso you are into green computing, in pandemic planning and fuel conservation and thus protecting the environment. I don't know how, but it's in their About statement (at least in today's version) :)