Tuesday, February 1, 2011

A coherent article on SaaS security issues

In a follow up to the earlier post, I found a great article on the pros and cons of federated identity versus other ID models for a SaaS application.

http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm

In the Windows realm, cached authentication for roaming has limitations due to a lack of connection back to the ActiveDirectory. This doesn't have to be the case in a SaaS app. Federation enables a 4g connection to authenticate and update against the security token. But what is the transaction cost of this model for a smart client?