Vendor Trends in Identity Management
Identity management is a complex issue. It includes password maintenance, provisioning management, and access-control management. This article focuses on a portion of identity management that is greatly facilitated by SAML, specifically role-based access control (RBAC). An increasing number of vendors support RBAC, which allows administrators to manage access-control lists more simply because users are grouped by categories or roles. Managing access-control lists for a few roles is simpler than managing lists for a few hundred users.
This article discusses an implementation with Jericho Systems' EnterSpace. Here's a short list of other prominent vendors:
Entegrity offers the SAML-based product, AssureAccess. This Java-based access management software protects portals and Web services access. The product includes LDAP-based authentication, single sign-on, authorization, audit, user management, and security policy administration out of the box.
Entrust's Secure Identity Management Solution has modular access management and identity management components that can be mixed and replaced to support user requirements. Entrust's SAML-based GetAccess centralizes security management to provide a common infrastructure to manage user identities and enable authentication and authorization across multiple applications.
IBM (along with ActivCard, Bioscrypt, ImageWare, and VeriSign) has announced a new Identity Management Portfolio designed to help organizations protect their information resources by incorporating additional layers of authentication and authorization into everyday business processes. The IBM collaboration simplifies identity management and reduces overall cost by offering a unified system that protects a wider range of identity management systems, from data, computers, and networks to employee badges, door locks, and security cameras.
The Identrus System standardizes digital identity authentication so that financial institutions can provide online services to their customers. The Identrus System enables global financial institutions to build trusted interrelationships that offer third-party services to their business customers.
Intrusic focuses on internal threats from hackers within the firewall. Its product, Zephon, identifies compromises to internal security by using a multilevel analysis architecture, which highlights inconsistencies in internal information flow. The assumption is that internal attacks create exception conditions in normal network operations and that these exceptions can be tracked and shut down. Zephon locates these exceptions by analyzing the environment, host, session, and packets of an information flow interaction.
Netegrity's Siteminder offers access management tools with role-based access control. The company's TransactionMinder is a full identity management and access management package that offers out-of-the-box SAML-based policy management security for Web services. SAML is modeled after Netegrity's work in XML-based security for authentication and authorization, defined in the Security Services Markup Language specification. (Note: In October 2004, Computer Associates announced that it would acquire Netegrity.)
CORE and Netpoint systems from Oblix cover various facets of identity management. COREid supports identity management and policy management with integrated provisioning, access-control, and compliance-reporting packages. COREsv 4 is an enterprisewide Web services security and management deployment package, which includes COREid. The company's NetPoint is a SAML implementation for single sign-on that has been used by Southwest Airlines and the U.S. Navy.
RSA offers a variety of products related to identity management. RSA's ClearTrust is a rules-based platform that provides the capability for Web access management, supported by a centralized policy management function. The use of SAML in ClearTrust provides better identity management, authentication, and single sign-on across organizations. RSA is a strong supporter of SAML. It recently granted royalty-free access to two key patents involved in SAML technology.
Sun ONE Identity Server uses SAML to support an out-of-the-box specification called "Liberty Alliance." This provides identity management and includes access management, identity administration, and enforcement of authentication and access policies. — Hank Simon