IBM Unveils Federated ID Management Tech

The IBM Tivoli Federated Identity Manager allows companies to share user login and password information using open standards for federated identity management.

A new identity management product from IBM allows companies to share user login and password information using open standards for federated identity management such as SAML, the Liberty Alliance or WS-Federation, IBM said.

IBM plans to announce IBM Tivoli Federated Identity Manager on Monday. The new product will extend the reach of Tivolis identity and access management technology, allowing companies to more easily integrate disparate user authentication systems within companies and between business partners, IBM said.

Federated identity technology has been a holy grail for many corporate IT professionals, who see proliferating passwords and logins for network and Web-based applications as a drag on IT support resources.

For example, federated identity systems can allow employees of a company to access a third-party information portal for 401(k) or health benefits with the same user name and password they use to log on to their corporate network account, said Joe Anthony, director of integrated identity management at IBM.

Integrating different authentication schemes can impede growth, especially when companies need to give business partners, customers or other non-employees access to network resources, he said.

"Federated identity technology makes it easier to work with partners on a standardized basis, and lowers the cost to bring a partner on board,"—or to dump one when things go bad, he said.

Demands for new Web-based services and for compliance with data privacy regulation in industries such as finance, health care and telecommunications are driving demand for federated identity technology, Anthony said.

IBM Federated Identity Manager will simplify support of the Liberty Alliance platform, WS-Federation, WS-Security and WS-Trust and SAML (Security Assertion Markup Language) architectures, Anthony said.

The company decided to support the competing architectures after hearing customer demand for standards-based federation and realizing that no federated identity scheme is likely to win out over others, he said.

"Were seeing more RFPs (requests for proposals) from companies that want to make sure that when they interface with other companies that theyre doing it in a standardized way, so its not a one-off thing," he said.

Federated Identity Manager will integrate with IBMs WebSphere middleware, and with third-party portals, XML firewalls and application servers. IBM plans to use its relationships with third-party vendors that integrate with IBM identity management technology to speed deployment of Federated Identity Manager.

The product will work with other leading identity management platforms, such as Computer Associates International Inc.s Netegrity, so long as the platform supports SAML, WS-Federation or the Liberty Alliance, Anthony said.

/zimages/6/28571.gifClick here to read about SAML 2.0 is providing hope for federated ID.

IBM, of Armonk, N.Y., is already working with companies such as XML security appliance vendor Datapower, of Cambridge, Mass., and Layer7 Technologies, of Vancouver, British Columbia, as well as VeriSign Inc., of Mountain View, Calif., and other companies to support the new product.

However, some professional services may be necessary to link Tivoli Federated Identity Manager at first, for customers who dont have expertise with the standards involved, Anthony said.

Tivoli Federated Identity Manager will be available at the end of May and priced on a tiered, per-user basis, Anthony said. He declined to give a per-user price, saying customers who purchase the technology along with IBMs middleware or professional services may receive discounts.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.