[thelist] FW: B2B Seamless login
Luther, Ron
ron.luther at hp.com
Thu Dec 2 09:07:48 CST 2004
Les Lytollis asked an interesting question:
>>I develop and maintain a uniform ordering application for
>>business-to-business use.
>>One question we have been asked a number of times by customers is
>>"can our users log in using the name and password they are
>>given to use our intranet".
Hi Les,
Neat question ... and I hope you get some neat answers from folks that
understand this stuff better than me. ;-)
However, I think you mean something slightly different than what you
asked:
(A) Can a user log into a company intranet with a name and password
and then use that same name and password when they log in (again) to
your app? ... Sure ... I think it's a "bad idea" ... but I would guess
that you current app would offer this functionality now.
(B) I think what you're looking for is having a user log into a company
intranet with a name and password and then NOT have to enter any userid
or password when they access your site from their favorites menu in
their browser.
I don't think so. (Sure, you could turn off all of your security
validation - but I doubt that would make folks happy.) I also doubt
that either your company lawyers or the client company lawyers would
be happy with you having a (potentially hackable) list of client
company internal access login ids and passwords ... Tell you what ...
You get a lot of people to put up apps like that and *I* will go back
to school for a degree in litigating web liability issues!
<smells easy money and rubs hands gleefully /> ;-)
What I think you *might* be able to do is have the client company put
a desktop icon on their users machines ... that icon could run an app
to verify their internal NT authentication type stuff and match that
to a separate db table (located at the client company) that contained
a userid and password to allow _that_ employee to access your service.
After validation, this app should be able to launch a browser window
and send you an encrypted, SSL, moo, baa, whatever 'get' request with
the login information to your service - which you could then validate
on your end. My guess is that is as close as you are going to get ...
it wouldn't work from their 'favorites' menu ... but it would get around
having them type in a separate login for your service.
Good Luck and HTH,
RonL.
<side question /> What do you do today about a company that lays off
an employee that has authority to place orders with you on their
behalf? What prevents that disgruntled now ex-employee from placing a
few million dollars worth of orders with you after they stop off at
the pub on their way home that evening? Does your service agreement
cover order cancellation and restocking fees for those situations?
More information about the thelist
mailing list