Part 1 of 6 on the subjects of authentication and authorization
By Lisa Grady, Product Marketing

In hopes of unraveling some of the complexities surrounding identity and access management, I’ll be writing a six-part blog series that digs into the challenges of authentication and authorization and uncovers solutions that may work for your company. To kick things off, let’s take a look at exactly how authentication works.

You Can’t Check My Credentials Until You Figure Out Who I Am

Authenticating users in today’s distributed, heterogeneous environments can be a complicated process. Put simply, authentication is the process of verifying the claimed identity of a unique user. This process is made up of two very important steps:

1. Identification
2. Credential checking

Both components are essential, yet credential checking often receives the bulk of the attention—which is a little like buying the lock before you have the door. Although it’s often overlooked, identification is the unsung hero of authentication.

Identification is the ability to locate a unique identifier for a user within a distributed system. So when a user logs into a system—say, a portal—the unique identifier for that user must first be located.

The Challenge: Heterogeneous Data Sources, Overlapping Identities

Now, if all your identities are stored in a single repository, finding that unique user is a relatively easy process. Unfortunately, this is almost never the case. Typically, you’ve got many user stores to handle all the different constituents—employees, partners, customers, suppliers—in your enterprise. These data sources come in many flavors, from LDAP to SQL, and even web services. Most companies, both large and small, find themselves managing a variety of disparate data stores, without the means to integrate them. This can be especially challenging if your company has gone through mergers or acquisitions.

So when a user enters a username, it’s no simple matter to return a unique identifier for them. The authenticating application must search through all your diverse data sources, each with its own schemas and protocols, including Microsoft Active Directory, ADAM, Oracle Databases, and many others. And what happens if one identifier is found in multiple sources? Do these multiple identities represent the same user? Or different users? How should applications handle these overlaps?

The Goal: A Unified Infrastructure

So how can you solve these identification challenges? End users want a seamless experience where they type in their username and password and get access. And IT professionals want a way to simplify the identification process, even as the identity landscape grows more complex. A unified infrastructure means a better experience for customers, partners, and employees. And an integrated environment  makes it much easier to recognize and validate a user’s identity efficiently.

We’ll dive deeper into the challenges of identification in my next post, then take a look at how to unify your infrastructure (and yes—it can be done!) in the one after that. So stay tuned for more on this topic—and add us to your RSS feed, so you can follow along.

How does your organization handle user authentication across disparate data sources? Join the conversation here or contact me at blog@radiantlogic.com.

Tags: Authentication, Authorization, Directory Virtualization, ldap, Oracle

This entry was posted on Wednesday, April 21st, 2010 at 8:16 am and is filed under Authentication, Authorization, Provisioning, Virtual Directory Server. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.