Over the past week, we have discussed a few topics in the identity and access management space. Now it's time to talk about some of the players and what their solutions have to offer.
Sun Microsystems continues to be a leader as an identity and access management provider. Sun offers its OpenSSO Enterprise software suite as a next-generation solution that provides centralized control and Single Sign-On (SSO) for internal, external and Web services security. The product is built around a self-contained Java application and supports the SAML and WS-Federation security standards.
Microsoft is fairly new to identity and access management, at least in my mind. Geneva Server is the next generation of Microsoft's Active Directory Federation Services. The product can be used by any identity provider, whether inside or outside the organization, using the SAML 2.0 standard. The product integrates with: CA Federation Manager, CA SiteMinder, Novell Access Manager, SAP NetWeaver and Sun's OpenOSS. The Geneva Framework allows developers to create claims-aware applications. Geneva is available today as a beta 2 download. The GA version is slated to ship in the second half of 2009.
UnboundID markets its Directory Services 2.0 as a framework that enables organizations to meet the demanding needs of Internet-driven and consumer-facing architectures. UnboundID comes with a bi-directional synchronization capability that allows Sun Directory Server users to transition to the UnboundID production seamlessly. In addition, UnboundID combines directory services with a relational database into one identity architecture, allowing it to support a high volume of applications and end users.
Lieberman Software has recently released the latest version of its Account Reset Console (ARC). The new version includes RSA SecureID authentication that ensures that only employees with physical possession of a hardware authenticator and proper credentials can access passwords through the Account Reset Console. Other features in the latest release of ARC include a high-availability Web site, multi-verification notification and user-selected verification.
I could easily list another 20 vendors; there are many solution providers that will take your money. The best place to start when choosing an identity and access management vendor, or any vendor, is to do your homework about the company. Find out how long have they been in business, who some of their key clients are, who some of their top developers are, where they are in the Magic Quadrant (Forrester or Gartner), review their financial statements, and follow general news feeds about the company. Finally, develop a vendor selection criteria. In other words, how will you choose a vendor? Will it be on price, product, support, reputation or something else? I feel that the biggest mistake people make when selecting a vendor is that they don't do their homework - don't fall into that trap.