RealTime IT News

Securing Identity a Novell, Oracle Affair

With interest in secure single sign-on services reaching new heights, Oracle and Novell unveiled new identity management products at the Burton Group Catalyst Conference in San Diego.

Oracle revealed enhancements to its Oracle Identity Management (OIM) product, including security features based on a service-oriented architecture (SOA) model and improved federated identity features from its stealth acquisition of Phaos Technology.

OIM secures user management across multiple applications and environments. It includes the Oracle Internet Directory as well as security components and services provided by Oracle Application Server 10g, including provisioning, authentication and single sign-on. Phaos' Centuris and Liberty Components have become part of OIM.

Upilli Srinivasan, director of Oracle's identity management and security products, said the Phaos acquisition was a natural fit.

For one, Oracle had been closely partnered with the small company for three years. For another, Phaos had the technology Oracle felt it needed to improve Web services security in its application server. It also didn't hurt that Phaos was a leading developer of the ID management standards in the Liberty Alliance, which Oracle joined this week.

Just as Web services and SOAs promote communications among disparate applications or technologies, OIM aims to help companies access their business partners' applications with safe identity credentials.

With such ID management, daily business transactions can be conducted with little fear of security threats. While the Web has been a conduit for ID theft because of its wide open access, federated ID management will make it easier for customers and employees to conduct business electronically with a company and its partners.

In one enterprise scenario, when a new employee account is created in the human resources database, that employee will be able to request access and get authenticated to partner systems by requesting federation of their identity information. Ideally, ID management software will immediately provision the user account and enable single sign-on to the partner system.

ID management software is lucrative business, according to a recent study by the Radicati Group. The research firm said sales in the identity management software market will soar from $738 million worldwide this year to $10.2 billion by 2008.

That's a jump from last year' research, which pegged the 2003 market size at $551 million growing to $5 billion by 2007. The new growth estimates could indicate that the market is growing at a faster clip than users thought, the Radicati said.

The improved OIM solution is the latest step Oracle has taken to raise its profile in the Web services market, a multi-billion-dollar enterprise where security remains one of the biggest obstacles to widespread adoption. Earlier this week, Oracle joined the Liberty Alliance ID management standards group as a sponsor member.

The Redwood Shores, Calif., software maker said it plans to contribute its expertise to propel the consortium's ID-FF and ID-WSF standards for identity federation. ID-FF is important because it does the work of both directory and authentication services, allowing applications to safely to communicate with one another.

Meanwhile, software maker Novell Wednesday also trotted out its ID management software, code-named Odyssey. Like OIM, Odyssey will help businesses share ID information among business partners and systems.

Odyssey will let IT managers provide single sign-on authentication, policies and management based on the Liberty ID-FF spec, allowing users to share sensitive data without compromising privacy. But Novell said that Odyssey is a cut above the rest.

"While current Liberty-enabled federated identity projects focus on sharing identity information and require that users have accounts on each federated system, Odyssey goes a step further by managing and provisioning user accounts across each partner system," the Provo, Utah, company said in a statement.

"When a user accesses a partner site where he does not have an account, he will have the option to automatically provision a new account based on information in the corporate directory that the administrator has deemed relevant to that partner."

Odyssey will provide proxy functionality so that when it is set up in front of another server, it will provide Liberty or SAML support for almost any application or service. As soon as the two servers exchange agreed upon metadata, identity information can be federated between systems. Odyssey is expected to ship in early 2005.

In related news, security software maker Oblix, rolled out Oblix COREid 7, its latest identity management software, with new features for broader employee management and regulatory compliance. So did Courion Corporation, which rolled out version 7.0 of its Identity Management Suite (IMS).

7.0 includes ComplianceCourier, which automates a broad set of processes for organizations to achieve compliance with corporate policies and government and industry requirements.