Startup Ping Identity on Tuesday unveiled its first commercial product for federating identities across corporate boundaries and announced a deal to integrate the technology with IBM's identity platform.
Ping Identity introduced PingFederate, a server gateway that allows companies to share identities used to control access to network services. The server supports version 1.1 of the Security Assertion Markup Language (SAML), the Lightweight Directory Access Protocol, Secure Sockets Layer, XML Signature and XML Encryption.
Ping Identity plans to add support in the near future for SAML 2.0, the Liberty Alliance's Identity Web Services Framework specification and WS-Federation, which are specifications for federating identities.
Federated identity allows companies to link their identity management systems and to securely share user identities and credentials among one another, which provides users with single sign-on capabilities.
IBM officials said they plan to point smaller customers to Ping Identity's technology, which would allow those customers to federate identities with larger organization running IBM's Tivoli Federated Identity Manager.
"We wanted customers to have the quickest way to deploy federation technology in a hub-and-spoke architecture," says Joe Anthony, program director for integrated identity management for IBM. Anthony said the Tivoli software would serve as the hub with Ping as an option to act as the spoke for smaller companies that do not have IBM infrastructure. "PingFederate will help establish the ecosystem for federation," says Anthony.
Ping Identity has quietly been drawing the attention of larger vendors, including a partnership it inked last December with Hewlett-Packard, and with larger corporate customers including American Express. Both of those deals centered on an open-source toolkit Ping Identity develops called SourceID, which allows companies to enable applications to federate identities across corporate boundaries.
"Federation is not simple; the configuration is difficult," says Andre Durand, CEO of Ping Identity. He says PingFederate will help shield much of that complexity.
PingFederate features a GUI administrative console that links to stores of user data on databases and in directories. The console allows users to build user profiles by pulling together specific user attributes, such as name and title. The server also features management capabilities for certificates, certificate keys and federated connections.
The server also has a rules engine for mapping user attributes between applications, a workflow engine, and logging and auditing capabilities.
PingFederate is slated to ship in January. Pricing has not been announced.