Sun releases standards-based Identity Server

Network World - Sun Microsystems Inc. today released Sun ONE Identity Server 6.0, one of the first commercially available products to support two key standards for unifying user identity credentials.
The server features support for both Security Assertion Markup Language (SAML) 1.0 and the Liberty Alliance Project 1.0 specification. Both standards are designed to unify, or federate, disparate authentication software, allowing a user who is authenticated on Company A's network to be recognized as an authenticated user by Company B's network. Sun plans to support Liberty's new 1.1 specification by March.
While both specifications have generated a lot of interest for single sign-on capabilities across the Web, they are but two pieces of a complex puzzle. For example, a unified authorization technology is still needed, as well as a mechanism to establish trust among companies' authentication systems.
SAML and the Liberty 1.1 specification -- which incorporates the SAML specification and adds a set of usage policies -- help create user authentication and authorization information that's portable across corporate networks.
This sharing of user identity is referred to as federated identity management and is emerging as a key technology for distributed e-commerce and Web services. It lets companies more efficiently administer access to their networks and determine what resources are available to users. Identification information can also be used to personalize services and portal interfaces. The IDs can identify not just users, but also machines that need access to execute Web services in tandem with other machines.
Sun's Identity Server 6.0, which has been in beta testing since last summer, is a Web access management server, much like those from rivals Netegrity Inc. and Oblix Inc. The server is part of Sun's platform for identity management, which also includes its Directory Server, Meta Directory Server and Certificate Server. Identity Server 6.0 is bundled with Sun ONE Portal Server.
Sun says it's seeing interest in deploying this bundle of software from an enterprise level and not from a departmental level.
"We are seeing a trend of a top-down view of the business units, with this software used to secure those business units and to cut costs," said John Barco, senior product marketing manager for Sun Open Net Environment (ONE). "As companies using Identity Server 6.0 start to gain interest in a federated identity model to use with their partners, they will already have the software deployed."
Identity Server 6.0 ships with a set of 15 agents that control authentication to enterprise systems such as PeopleSoft, Lotus Domino, IBM WebSphere, BEA WebLogic and Apache Web Server.
The server includes a policy engine to support secure access using a set of rules stored in the directory. Access can also be controlled using a set of conditions including IP address, time, date and authentication level. In addition, authentication requirements can be set per resource. Administration of identities stored in the server can be delegated based on domain, roles, groups, applications or services.
Sun has also added support for Kerberos, Windows NT and 2000, the Java Authentication and Authorization Service, Lightweight Directory Access Protocol, Radius, X.509v3 certificates, SafeWord token cards and Unix platform authentication services.
Pricing for Identity Server 6.0 starts at $10 per user.

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2009 Network World, Inc. All rights reserved.