Posts Tagged ‘Identity Integration’

The Five Challenges of Identification

Tuesday, May 4th, 2010

Part 2 of 6 on the subjects of authentication and authorization

By Lisa Grady, Product Manager

In my previous post, The Overlooked Step in the Authentication Process: Bring Your Security to the Next Level with Improved Identification, I discussed the importance of identification within the realm of authentication. Now let’s take a look at the challenges you face with this process:

    1. Identities are often distributed among many heterogeneous data sources. As companies expand services to constituents outside the enterprise, identity integration becomes even more difficult, with an increasing number of disparate data sources to integrate. And that’s not all that’s on the rise; as you move your identities to the web, user bases that once numbered in the low hundred thousands can rapidly increase to millions. It’s very challenging to quickly identify a high volume of users across so many sources.
    2. Each identity silo manages schema elements and data structures differently, which further complicates how information is reached. For example,Name” can be represented as givenName in source A, FNAME in source B, and FirstName in source C.
    3. Each data source supports its own access mechanism. LDAP may be used to reach information in a directory, SQL reaches information stored in a database, and web services reach identities within an application. This makes it difficult to reach a designated source without the proper access tool.
    4. User overlap is practically guaranteed. While the identifiers for a user—such as logon name—may be different, you’re likely to find duplication across different data sources. One person may be found in several silos, each with its own definition of an identity.
    5. Most WAM applications are not equipped to handle multiple identity sources or protocols. When an application searches for a user, it typically expects to find that person within a single repository—but that’s not how today’s heterogeneous identity environments work. While some sophisticated applications may offer some sort of round-robin searching to find the correct sources, they’re not really built to handle high volumes or requests that return more than one result.

    So in order to provide a reliable authentication service, you must deal with multiple data sources, different schemas, unique access mechanisms, and duplicated identities—within an environment that features increasingly disparate data sources and a growing number of users.

    With the numbers of identities and data sources growing substantially more complex, integration is essential in order to properly handle authentication. The only solution for such a multifaceted infrastructure would be to combine these resources into a unique “logical list” —stay tuned for more on this topic!—that works with existing identity silos. This is part of what we call “Manage Globally, Act Locally,” where you integrate identities to create a clean global list of all your users for the identification phase, while delegating the credential checking aspect of authentication back to the authoritative sources.

    In my next post, we’ll look at how identity and context virtualization can help you build that global list, so you can integrate your identities and authenticate more effectively across heterogeneous systems.

    Are you currently battling some of the authentication challenges I discuss here? Join the conversation or send me an email at blog@radiantlogic.com.

    Tags: , , , , , , , ,
    Posted in Authentication, Identity Integration | No Comments »

    Webinar: Three Building Blocks for Managing Cloud Applications

    Friday, April 2nd, 2010

    By Elle Fredericks, Marketing Communications

    Cloud computing offers companies a world of new business and cost saving opportunities. Growth of this market continues at a rapid pace, with demand for the cloud growing at an annual rate of 40% per year (Market Research Media). But as companies add cloud-based services to their repertoire, many are discovering a slew of new security and identity integration challenges.

    Using identity virtualization and federation to enable the cloud

    In order to address some of these challenges, Radiant Logic teamed with Coreblox and Ping Identity. Our recent webinar features a demo showing how you can use the combination of identity virtualization and federation to successfully leverage information in an enterprise directory, Salesforce, and an internal company portal. Using these tools, we were able to:

    • Automate the provisioning and de-provisioning of users within the cloud, based on membership in an LDAP group.
    • Create a centralized view of internal user and customer information from LDAP, Salesforce, and accounts payable database sources.
    • Provide single sign-on into Salesforce through an internal portal.

    To find out more about the challenges of working in the cloud, check out this article from InfoWorld: http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853.

    To learn more about how these products can help you in your move toward using cloud applications, view the webinar, demo, or contact us at blog@radiantlogic.com.

    Special thanks to our partners Coreblox and Ping Identity for helping to put this webinar and demo together.

    Thanks for reading!

    Tags: , , , , , , , , , ,
    Posted in Federation, Identity Integration, Provisioning, Virtual Directory Server | No Comments »