Zero Sign On at the Office
As I was looking up on ways of doing Single Sign On I discovered Dr. Nic’s article about Zero Sign On. The premise is simple: that users have a digital certificate that they use to authenticate their session instead of a username and password.
Since I work in a corporate environment I was thinking about how this could possibly be implemented and came up with the following:
- New employees would receive both a swipe card and USB key.
- A copy of the employee’s certificate and a copy of Firefox configured to use the certificate.
- The user inserts the key and the Windows or Linux login screen auto-detects its presence, logging the person in in the process.
- When the employee browses to the sites they need to access on the intranet they are also automatically authenticated by the certificate store on the key.
This may not be at all possible and I am also unfamiliar with the components behind Windows or Linux’s login process. Maybe there’s something in Active Directory’s Certificate Services?
Similarly some (music) software already employ a similar scheme in which you need to have a USB key plugged in to authorize your use of it.
You can leave a response, or trackback from your own site.
