Throughout the history of the computing industry security has been a significant issue. Most computer systems employ a user id and password type of verification of a user so that the user can access data within a computer while maintaining a secure environment for computing. The growth in the computer industry and in the amount of information accessible through a computer has also created a proliferation of password requirements. A typical business user has several user identifiers and passwords that they are responsible for. For example, a business user might have a user id and password to gain access to their workstation, another user id and password to gain access to a terminal emulator, another pair to gain access to their electronic mail, yet another user id and password to gain access to their calendaring functions and still a different pair for certain applications. In many instances these passwords are set with expiration dates to improve security which means that each of the passwords will have rules for creating the password (such as 5 alphanumeric characters with the second character being numeric) and set expiration dates (such as 30 days, 45 days or 60 days). This configuration of computer networking quickly becomes unmanageable since it is extremely difficult to keep all passwords and user ids synchronized, hence many users resort to writing their user ids and passwords on a piece of paper, somewhat eliminating the security benefit intended by the passwords to begin with. Even a personal user of a computer network may be faced with an excess of user id and password requirements such as the user id and password for their Internet provider, one for their mail, another for their travel agent and yet others for each of the bulletin boards to which they subscribe.
A need has arisen in both business and non-business computer use for single sign-on types of products. These products are becoming available in the marketplace today. Most of the products keep a list of all the Ids and map the user from one "single" sign-on to the appropriate user id/password pair for their destination, so that the user id/password changes in the data stream transparently to the user. However, this approach requires significant administrative effort to prime the database with the correct user id/password pairs and requires synchronization of the password databases as passwords change or expire.
An additional method is to use a trusted third party to authenticate users and to have all of the users authenticated through this trusted third party. Two overviews of the current state of the art for single sign-on products utilizing trusted third parties are HP and Partners Collaborate on Presidium/Single Sign-on: Single Log-in Solution Simplifies and Safeguards User Log-in for UNIX System, NT, MVS and other Platforms; Deloitte & Touche, DunaSoft, Entrust Technologies, Gradient, Sybase and Texis Instruments part of Presidium Solution; Jan. 27, 1997 found on the world wide web at http://www.hp.com/csopress/97jan27b.html and Open Horizon's White Paper entitled Secure Single Sign-On found on the world wide web at http://www.openhorizon.com/html/sssowp.html.
The above solutions allow for a single sign-on for certain applications but require a trusted third party to be connected or a non-public key token which must be handled on the target system.