Netegrity Beefs Up Security

Company adds identity management, user authentication applications.

Netegrity Inc.s namesake application security platform continues to take shape with the companys announcement this week that it will have the identity management and Web services security pieces in place by October.

The IdentityMinder and TransactionMinder software will enable companies to manage user roles and access rights, as well as secure applications delivered to their customers and partners as Web services, according to Netegrity officials.

The new products join the Waltham, Mass., companys flagship SiteMinder software for managing user authentication and authorization and its Interaction Server for managing applications and content delivered via portals.

IdentityMinder 5.5 will allow administrators to manage user identities by organization, roles and tasks. It also includes a workflow system that can support companies existing business processes and extends self-registration and password management to users.

"You set up roles or groups in SiteMinder, then assign users to those groups or roles and give them the permissions they need to perform their work in IdentityMinder," said Steven Mansfield, manager of enterprise security integration at SLM Corp., more commonly known as Sallie Mae, in Indianapolis.

Sallie Mae uses SiteMinder now and is planning to deploy IdentityMinder and TransactionMinder when they be-

come available. Mansfield said the workflow capabilities in IdentityMinder are the key improvement over Netegritys existing identity management application, Delegation Management System, which Sallie Mae uses.

"With the new workflow capabilities, well be able to route requests and get approvals a lot faster," Mansfield said. "Historically, its taken up to five days to set up a new user account. With the workflow engine, we should be able to identify roles and members in a lot less time and assure that everythings done in a uniform fashion."

Netegrity licensed the WorkPoint software from Insession Technologies Inc., a division of TSA Inc., to provide the workflow capabilities in IdentityMinder.

TransactionMinder provides access control for applications delivered as Web services. It supports content-based authentication and has a policy server that includes authentication, authorization and auditing capabilities. It also provides SAML (Security Assertion Markup Language) assertions generation in a Simple Object Access Protocol envelope or an HTTP header.

Netegrity will add more provisioning capabilities to IdentityMinder next April, including auditing and connectors to enterprise applications, officials said. Provisioning is the process of managing user attributes and accounts across all the applications and resources in the enterprise.

The only thing Netegrity needs now for its platform is a name. The company dropped the former moniker, Secure Relationship Management, since the acronym for that moniker, SRM, caused customers to confuse it with supplier relationship management products. The Netegrity platform is now known by the generic Application Infrastructure Platform.