We are looking for the most secure method of creating a single sign on that provides access to websites that although appearing to be a single entity are actually being run and supported by separate entities. So for example:
www.imanidiot.co.uk (my site) - sign in here username and password, goes to
www.imanidiot.co.uk/welcome page - offers news and links to places you can buy idiot products such as:
www.imanidiot.co.uk/sweatershop - site run by "sweaters'r'us", a third party
and
www.imanidiot.co.uk/eejitconferences - site run by "conference'r'us", also a third party
the idea is that once logged on through my site, the same credentials will be shared with the other entities, providing a seamless user journey. The latest idea is to store both username and pwd in a cookie that can be exchanged between the sites. I believe this is because the use of a session id would not be meaningful between the sites (?)
Any thoughts or ideas would be gratefully received. Need to ensure that security is not compromised, but also keep life as simple as possible!
thanks in advance for any assistance