Monday, July 11, 2005

FIM and IP Based Authorization

In the world before the FIM, a lot of technologies were used to implement the federated single sign on. A very common way to allow corporate level access to services, was to allow all the users coming from a specific range of IP (usually the corporate proxy server of client) full access to the service without requiring authentication (though the identification may be implemented for personalization purpose). But with the development of FIM standards, does it make sense to continue to require the IP based authorization in addition to the FIM Sign On or does it give just an additional level of "security" at the cost of sacrificing convinience (people can only access the service from corporate network and not from outside unless VPNed to office)?

No comments: