Agents for Control
Agents for Control Like most access control systems, Sun ONE Identity Server uses agents that sit on Web servers and other external application servers to enable Web access control on these systems. Sun provides agents for pretty much every server out there and also has an API for developing custom agents.We found quite a bit of flexibility in Identity Servers options for defining user roles and rights. The product has broad support for a number of authentication mechanisms, from LDAP and RADIUS, or Remote Authentication Dial-In User Service, to tokens and operating-system-based authentications.The new federation features in the server make it possible to enable single sign-on within a company or with external applications and partners. To provide broad single-sign-on capabilities, Identity Server makes it possible to build them using SAML or the Liberty Alliance specification. Because both are based on XML, and the Liberty Alliance specification also leverages SAML, companies should be able to easily develop single sign-on that will work with almost any business partner. Although competing products such as those from Netegrity and Oblix also support SAML for single sign-on, Sun ONE Identity Server is the only one weve seen that supports the Liberty Alliance specification. However, some of these competing products support Microsoft Corp.s Passport for single sign-onsomething a server from Sun is unlikely to do any time soon. Sun ONE Identity Server runs on Solaris and on Windows 2000 Server. The product uses only Sun ONE Directory Server as its main data store, although for authentication purposes, it can work with any LDAP directory server. East Coast Technical Director Jim Rapoza is at firstname.lastname@example.org.