Part 2 of 6 on the subjects of authentication and authorization

By Lisa Grady, Product Manager

In my previous post, The Overlooked Step in the Authentication Process: Bring Your Security to the Next Level with Improved Identification, I discussed the importance of identification within the realm of authentication. Now let’s take a look at the challenges you face with this process:

1. Identities are often distributed among many heterogeneous data sources. As companies expand services to constituents outside the enterprise, identity integration becomes even more difficult, with an increasing number of disparate data sources to integrate. And that’s not all that’s on the rise; as you move your identities to the web, user bases that once numbered in the low hundred thousands can rapidly increase to millions. It’s very challenging to quickly identify a high volume of users across so many sources.
2. Each identity silo manages schema elements and data structures differently, which further complicates how information is reached. For example, “Name” can be represented as givenName in source A, FNAME in source B, and FirstName in source C.
3. Each data source supports its own access mechanism. LDAP may be used to reach information in a directory, SQL reaches information stored in a database, and web services reach identities within an application. This makes it difficult to reach a designated source without the proper access tool.
4. User overlap is practically guaranteed. While the identifiers for a user—such as logon name—may be different, you’re likely to find duplication across different data sources. One person may be found in several silos, each with its own definition of an identity.
5. Most WAM applications are not equipped to handle multiple identity sources or protocols. When an application searches for a user, it typically expects to find that person within a single repository—but that’s not how today’s heterogeneous identity environments work. While some sophisticated applications may offer some sort of round-robin searching to find the correct sources, they’re not really built to handle high volumes or requests that return more than one result.

So in order to provide a reliable authentication service, you must deal with multiple data sources, different schemas, unique access mechanisms, and duplicated identities—within an environment that features increasingly disparate data sources and a growing number of users.

With the numbers of identities and data sources growing substantially more complex, integration is essential in order to properly handle authentication. The only solution for such a multifaceted infrastructure would be to combine these resources into a unique “logical list” —stay tuned for more on this topic!—that works with existing identity silos. This is part of what we call “Manage Globally, Act Locally,” where you integrate identities to create a clean global list of all your users for the identification phase, while delegating the credential checking aspect of authentication back to the authoritative sources.

In my next post, we’ll look at how identity and context virtualization can help you build that global list, so you can integrate your identities and authenticate more effectively across heterogeneous systems.

Are you currently battling some of the authentication challenges I discuss here? Join the conversation or send me an email at blog@radiantlogic.com.

Tags: Authentication, data schemas, digital identity, heterogeneous data sources, identification, Identity Integration, identity silo, manage globally and act locally, WAM

This entry was posted on Tuesday, May 4th, 2010 at 12:15 am and is filed under Authentication, Identity Integration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.