Sun Microsystems Inc. Monday released SunONE Identity Server 6.0, one of the first commercially available products to support two key standards for unifying user identity credentials.
The server features support for both Security Assertion Markup Language (SAML) 1.0 and the Liberty Alliance Project 1.0 specification. Both standards are designed to unify, or federate, disparate authentication software, allowing a user authenticated on Company A's network to be recognized as an authenticated user by Company B's network. Sun plans to support Liberty's new 1.1 specification by March.
While both specifications have generated a lot of interest for single sign-on capabilities across the Web, the specifications are but two pieces of a complex puzzle. For example, a unified authorization technology is still needed, as well as a mechanism to establish trust among companies' authentication systems.
SAML and Liberty - which incorporates the SAML specification and adds a set of usage policies - help create user authentication and authorization information that is portable across corporate networks.
This sharing of user identity is being referred to as federated identity management and is emerging as a key technology for distributed electronic commerce and Web services. It lets companies more efficiently administer access to their networks and determine what resources are available to users. ID information also can be used to personalize services and portal interfaces. The IDs can identify not just users, but also machines that need access to execute Web services in tandem with other machines.
Sun's Identity Server 6.0, which has been in beta testing since last summer, is a Web access management server, much like those from rivals Netegrity and Oblix. The server is part of Sun's platform for identity management that also includes its Directory Server, Meta Directory Server and Certificate Server. Identity Server 6.0 is bundled with SunONE Portal Server.
Sun says it is seeing interest in deploying this bundle of software from an enterprise level and not from a departmental level.
"We are seeing a trend of a top-down view of the business units, with this software used to secure those business units and to cut costs," says John Barco, senior product marketing manager for SunONE. "As companies using Identity Server 6.0 start to gain interest in a federated identity model to use with their partners, they will already have the software deployed."
Identity Server 6.0 ships with a set of 15 agents that control authentication to enterprise systems such as PeopleSoft, Lotus Domino, IBM WebSphere, BEA WebLogic and the Apache Web Server.
The server includes a policy engine to support secure access using a set of rules stored in the directory. Access also can be controlled using a set of conditions including IP address, time, date and authentication level. In addition, authentication requirements can be set per resource. Administration of identities stored in the server can be delegated based on domain, roles, groups, applications, or services.
Sun also has added support for Kerberos, Windows NT and 2000, the Java Authentication and Authorization Service, Lightweight Directory Access Protocol, RADIUS, X.509v3 certificates, SafeWord token cards, and Unix platform authentication services.
Pricing for Identity Server 6.0 starts at US$10 per user.