Sun ONE Has ID Management Advantage

By Jim Rapoza  |  Posted 2003-02-03

Sun ONE Has ID Management Advantage

Sun Microsystems Inc.s Sun ONE Identity Server 6.0 is the first commercial product to include support for the new Liberty Alliance specification for ID management, meaning that the server may have a leg up on the competition when it comes to integrating Web services and partner authentication with a companys internal access control and ID authentication systems.

But although the Liberty Alliance support is interesting, eWEEK Labs found the real value of Sun ONE (Open Net Environment) Identity Server 6.0, which was released last month, is in its excellent and extensive Web access control and single-sign-on capabilities. In addition to the Liberty Alliance support—which is no surprise, given that Sun is a driving force behind the specification—Identity Server also includes support for SAML (Security Assertion Markup Language), broad XML support and strong Java capabilities, making it possible to integrate its authentication capabilities with almost anything.

Sun ONE Identity Server 6.0 is also priced competitively, at $10 per user, with high-volume discounts.

Like all Sun ONE servers, Identity Server leverages the solid legacy of Netscape Communications Corp. and iPlanet servers, which shows strongly in Identity Servers complete, powerful and intuitive browser-based administration interface. This interface makes Identity Server one of the most manageable and configurable access control applications weve seen. In tests, it proved to be much more intuitive than competing products such as those from Netegrity Inc. and Oblix Inc.

Agents for Control

Agents for Control

Like most access control systems, Sun ONE Identity Server uses agents that sit on Web servers and other external application servers to enable Web access control on these systems. Sun provides agents for pretty much every server out there and also has an API for developing custom agents.

We found quite a bit of flexibility in Identity Servers options for defining user roles and rights. The product has broad support for a number of authentication mechanisms, from LDAP and RADIUS, or Remote Authentication Dial-In User Service, to tokens and operating-system-based authentications.

The new federation features in the server make it possible to enable single sign-on within a company or with external applications and partners. To provide broad single-sign-on capabilities, Identity Server makes it possible to build them using SAML or the Liberty Alliance specification.

Because both are based on XML, and the Liberty Alliance specification also leverages SAML, companies should be able to easily develop single sign-on that will work with almost any business partner. Although competing products such as those from Netegrity and Oblix also support SAML for single sign-on, Sun ONE Identity Server is the only one weve seen that supports the Liberty Alliance specification. However, some of these competing products support Microsoft Corp.s Passport for single sign-on—something a server from Sun is unlikely to do any time soon.

Sun ONE Identity Server runs on Solaris and on Windows 2000 Server. The product uses only Sun ONE Directory Server as its main data store, although for authentication purposes, it can work with any LDAP directory server.

East Coast Technical Director Jim Rapoza is at

Executive Summary

: Sun One Identity Server 6.0">

Executive Summary: Sun One Identity Server 6.0

Usability Good
Capability Good
Performance Good
Interoperability Fair
Manageability Excellent
Scalability Excellent
Security Good

Companies that are looking to build identity management and access control systems that leverage SAML and the Liberty Alliance specification—especially organizations that are already Sun-centric—should take a close look at Sun ONEs Identity Server upgrade.


Pricing for Sun ONE Identity Server starts at $10 per user with lower prices for very high volumes. This puts it below many of its competitors pricewise.

(+) Excellent administration interface; supports a variety of authentication mechanisms; supports XML, SAML and the Liberty Alliance specification.

(-) No support for Passport; requires Sun ONE Directory Server.


  • Microsofts Passport
  • Netegritys access control and identity applications
  • Oblixs access control and identity applications

  • Rocket Fuel