An important update on the CERN SSO (Single Sign On) service will be deployed in July 2012 enabling new features and targeting IAA concepts.

New services and features will be supported:

- Scripted access to SSO enabled web pages, available centrally on Linux as a RPM package (http://cern.ch/linux/docs/cernssocookie.shtml)

- Introduce Two Factor Authentication systems: CERN Smartcards, SMS validated authentication and Yubikeys.

- Introduce a 'Basic Authorization System' which enables at SSO top level (at authentication time) a basic authorization filtering: CERN Users, CERN Externals, Non CERN

- Introduce the concept of E-Groups filters for authorizations at Application level: each application owner will be able to select which E-groups he will need to manage his authorizations, thus avoiding to receive very large tokens containing hundreds of useless E-groups information.

Extended details are available here:
https://espace.cern.ch/authentication/CERN%20Authentication%20Help/SSO%20Update%20July%202012.aspx