By Cameron Sturdevant  |  Posted 2005-05-09 Print this article Print

Small and midsize organizations that are required by a larger partner to automate authentication of users when accessing Web applications should consider Trustgenix Inc.s IdentityBridge Standard Edition.

IdentityBridge Standard Edition—a stripped-down version of IdentityBridge Enterprise Edition—will satisfy any federated identity mandate that requires using either of the two main federation protocols: SAML (Security Assertion Markup Language) or Liberty Alliance.

IdentityBridge Standard Edition costs $5,000 per connection, significantly less than the installation price of most full-fledged access management systems. For example, IdentityBridge Enterprise Edition, which can be used to streamline authenticated sign-on with multiple partners, costs $30,000 per connection.

Support for IdentityBridge Standard Edition is provided at no additional cost for the first year; the cost for basic support after that is $900 per year.

Click here for a sample request for proposal for federated identity systems. IdentityBridge Standard Edition, which started shipping in February, must be installed on a Microsoft Corp. Windows 2000 Server or Windows Server 2003 system.

More onerous for most organizations, though, will be IdentityBridges requirement for Microsofts Internet Information Services. We would like to see Trustgenix broaden the products Web server support to include the widely used Apache Web server, as well as other open-source and commercial Web servers. (Broader Web server platform support is available in IdentityBridge Enterprise Edition.)

However, IdentityBridge Standard Edition can draw on identity data stored in any LDAP Version 3.0-compliant directory store. (We used Windows Active Directory and Novell Inc.s eDirectory.) IdentityBridge also supports Sun Microsystems Inc.s Java System Directory Server.

Despite its Windows-centric requirements on the user side, IdentityBridge enables communication between sites running any SAML- or Liberty Alliance-compliant authentication system, regardless of what platform the partner site is using.

For more on federated identity standards, click here. During tests, we used IdentityBridge Standard Edition to access an application, embedded in a Web portal, from a trusted site. Using test accounts, we logged on to our Windows Active Directory-enabled domain and then clicked on the application URL. In the background, IdentityBridge Standard Edition authenticated the test user account against Active Directory (a split-second operation that was unnoticeable during tests); the user was then authenticated to the trusted test site.

We accessed a variety of test Web resources at the trusted site, including a product inventory list and pricing sheets, without any need to provide a user name or password. In this sense, IdentityBridge Standard Edition acts as a single-sign-on package. IdentityBridge Standard Edition also integrates with several third-party single-sign-on tools.

IdentityBridge Standard Edition will likely lower overall password management costs, which should be figured into the cost of acquiring the product. For example, when we added or changed users in our directory, the users access rights were automatically applied to our partner site. And when one of our test users "left" our company, the change we made to the directory to cut off the users access was reflected at our trusted partner.

The Trustgenix system also enables universal log-out. When we ended a Windows session during tests, IdentityBridge Standard Edition successfully shut down all connections.

Once the product is up and running, end users and IT staff will need almost no training to use the product effectively. The product includes useful wizards, as well as well-written documentation that clearly and accurately describes each implementation step.

During tests, even initial setup—when metadata about the location and trust method of the partner site (SAML or Liberty Alliance) is imported into the system—was a simple process that took us only a few moments. IdentityBridge also handled the entire process of preparing similar information about our site for import into the identity management system at the trusted partner.

It should be noted that a partners use of SAML 1.0 will increase implementation time. With SAML 1.0, IdentityBridge must be directly accessible from the Internet, so significant care should be used to secure all aspects of the IdentityBridge server.

Next page: Sample RFP.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel