[WEB SECURITY] Multiple Application Authentication- Best Practices

mike smith hellkyng at gmail.com
Thu Jul 16 17:32:53 EDT 2009

Hoping for some recommendations or best practices for an application
authentication issue. The issue is this:

We have two primary applications using two seperate methods for
authentication. These are accessed and used by clients/customers outside of
the organization. The two primary applications need to access secondary
applications and portions of other applications on an as needed basis.

Are there best practices established for application to application
authentication with client facing applications? Since I haven't tracked
anything down on other mailing lists I am assuming there aren't or they
aren't readily available.

What recommendations would you make to authenticate these applications
securely to one another, and authenticate portions of other applications
called as needed?

SSO has been discussed as a possible solution, but apears challenging when
dealing with seperate authentication mechanisms. Would this still be the
recommended approach? Anyone have experience implementing SSO in a
environment similar to the one detailed?

(apologies if your on the securitybasics mail list and received this as
well, trying to get a wide range of thoughts/experience)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090716/cb5b0ba8/attachment.html>

More information about the websecurity mailing list