OpenID family grows – How it can transform Identity Federation between enteprises

Andras Cser

With Google, IBM, Microsoft, VeriSign, and Yahoo! joining the OpenID Foundation, we may actually feel that something in federated access management is going to change. It is finally not the case of a vendor proposing a new standard – and adding to the cacophony of federation standards – but a set of moves towards a simple technology that today can alleviate password management woes at service providers.

Technology aside, OpenID will greatly help with reducing and removing the legal obstacles in the way of  identity federation’s proliferation. When payment-grade, commercial, and trusted identity provider service becomes a reality – VeriSign’s joining the OpenID camp clearly points in that direction – and software-as-a-service companies (like salesforce.com),  accept OpenID authentication from these trusted identity providers, then enterprises can truly start thinking about outsourcing password management identity management processes. When required, strong authentication integration with OpenID can rely on VerSign’s VIP or other vendors’ strong authentication acceptance network.

Read more

Role Management and eSSO vendors - a call for action

Andras Cser

Part of a successful Identity Management (IdM) project is a successful role discovery and mapping phase. Many organizations -- after having mapped and optimized their business processes -- turn to role design and management solutions (VAUU RBACx, BHOLD, Oracle's BridgeStream, and others). While these solutions give a great initial insight into the existing role structure, they are not the only source of role interrelationship information. Role design can build

on

many other sources: demographics mined from helpdesk tickets from users requesting access, job descriptions, quality management systems (it certain cases this is wishful thinking...), and increasingly from Enterprise or Desktop eSSO solutions (PassLogix, ActivIdentity, CA). eSSO solutions store multiple login credentials for users to multiple applications. As such, extracting account linkage, mapping and correlating user IDs between user repositories based

on

access information built by end-users is much more reliable than any artificial role mining logic, usually based

on

Read more

CIOs Entitlement Management Worries

Andras Cser

While I was looking through current offerings in Entitlement Management (EM), I was struck with the questions that will likely be the next logical thoughts in the CIO’s mind after they are sold on the obvious ROI of an EM solution.

Read more