SAN MATEO (08/01/2000) - With directories gaining popularity as business-to-business commerce requires more interaction among companies, their partners, suppliers, and buyers, Oblix Inc. and Access360 are beginning to leverage directories in their respective systems for identity-management and provisioning.
Access360's enRole acts as a policy-driven, centralized RPM (resource provisioning management) system. It assigns and changes various access rights for corporate users, and it provides a fast way to unplug access rights when an employee is leaving or a partnership is ending, said Mike New, chief marketing officer at Irvine, Calif.-based Access360.
"Provisioning is about managing who gets what," he explained. "In an exchange, it's a multi-tenant situation, where companies need to provision their own employees as well as those of their business partners, supply chain, and so on.
Our job is to turn things on and turn things off."
Officials said EnRole can "deliver on the promise of directories" by using their stored user information and combining it with various business policies and rules to streamline the process of granting and removing access to corporate systems. Users can manage their own passwords and make new service requests if they have the correct access rights so that only a few administrators need to oversee the system. By implementing a collection of agents, enRole can be connected into whichever systems a company needs for provisioning, eliminating the need for restructuring.
"People used to throw bodies at [provisioning problems], but they would lose because the data entry is just too massive after awhile," said Jeffrey Curie, Access360 director of product management. Curie added that EnRole's workflow component "takes the people out of the loop who don't need to be there" and goes straight to the management level by following the rules and templates pre-assigned to various users and user groups.
The system also creates an audit trail, which tracks activity history to create a "forensic trail," New said. This audit trail is one of the three main reasons companies adopt enRole, along with application access and the ability to quickly turn off access when an employee leaves, New added.
Cliff Reeser, director of system security at Etrade Group Inc., said enRole makes his job "unbelievably easier now that I've got a data feed from HR coming into the Access360 system. When HR adds 40 or 50 new employees a day, that gets sent to the Access360 systems, and they're immediately added to the right applications on the right systems and can be productive the minute they walk in the door. So, what used to take 35 or 45 minutes now takes seconds, and I've got a complete audit record, and I've got control of these people on multiple systems."
Reeser said the security benefits of enRole -- knowing who has access to what and being able to turn on or turn off access quickly -- are crucial for Etrade.
He said he sees the ability to leverage already-present information stored in directories, HR, or other systems will be vital as more Web applications emerge.
"I think things are going in the direction where, [with] all these ASPs [application service providers] and outsourced-HR applications and everything else, there's got to be a way to tie the provisioning together, or it's just going to be a management nightmare," he explained.
Oblix is also making the promise of directories a reality for companies seeking an application that can control Web access and perform identity management through its NetPoint software, launched at The Burton Group Corp.'s Catalyst Conference in San Diego.
Targeted at enterprise customers, NetPoint combines the NetPoint Identity System and Access System and links them to an LDAP directory, which fuels the security and authentication process and adds the Active Automation component for access management.
"The Active Automation layer is a workflow engine combined with a set of policies to allow delegated administration and self-registration over the Web," said Nand Mulchandani, vice president of product management at Oblix. He also said that business-to-business commerce needs both security and self-administra-tion over a uniform infrastructure to run smoothly. "As users get added, or applications get added, you just crank up the back end."
NetPoint combines an identity-management and a policy-based management system into one product and uses the directory to leverage user information to streamline the process, said Shelley Wilson, vice president of marketing for Cupertino, Calif.-based Oblix.
"You can take an identity and someone else's policy management and make it work, but there's a lot of pain there," said Wilson. NetPoint, she said, will serve as an architecture upon which businesses can build management processes.
"The directory is the data store for the user roles, but the enforcement of that role is what NetPoint does."
The identity management piece of NetPoint makes sure users only see the parts of directories that they have access to, a vital concern when conducting business-to-business commerce. With NetPoint, users deleted from one company's systems will also be deleted from the systems of other companies to which they may have access through a synchronization process, Mulchandani said.
NetPoint supports Windows 2000 Active Directory as well as Novell and Netscape directories, and the company will pursue partnerships with PKI and application-server vendors in the future, Wilson said.
"We're finally to a point where companies are starting to see companies making a difference in their bottom line because of what they're doing online in e-business," said Wilson. "A year or two ago, they still had their technology hats on; now, they have business people leading these moves, and those business people are bringing different ways of doing things."