Hello, I am currently working on a Single Sign On project. The project looks to use a single portal as access to several (15) services offered by a financial service body. The users to access this service via the single portal comprise of both internal and external users. This means there is need to define the users groups and also the security access level for the users and the services.
1. How do you go about conducting requirements for this project? What areas to look into? E.g Portal component, Registration component, sign On component , Authentication and Authorisation component and Admin portal Component
2. Can anyone advise on a generic infrastructure design / model which can be used / deployed in a complex organisation? And which will show how the solution works / will work and how data is requested and exchanges.
3. Any sample requirement document for SSO as a guide to what to look for, what component to research and gather information.
4. How to handle Authentication and Authorisation
5. How to go about defining the security access levels for the services and also for the user groups
6. What technical challenges should I be looking out for
7. Any advice / recommendations
Thanks and look forward to your contributions.