This article can also be found in the Premium Editorial Download "Information Security magazine: Betting the house on network anomaly detection systems."
Download it now to read this article plus other related content.
Price: Starting at $5,000
|Trustgenix's IdentityBridge Standard Edition|
As more enterprises deploy extensive extranets, the need for each partner to control its local user data while sharing appropriate account information is paramount. But implementing federated identity and single sign-on (SSO) deployments requires significant effort, expertise and expense. Trustgenix's affordable and easy-to-implement IdentityBridge Standard Edition addresses this problem, allowing small organizations to plug in to an enterprise extranet.
The product is aimed at smaller organizations participating in a "hub-and-spoke"-style extranet hosted by a larger enterprise (for example, a small auto parts distributor federating with an auto manufacturer's OEM channel extranet). The product allows the smaller company to use its local directory services for user authentication/account management and selectively publish a user's information to the federated resource. The partners can participate in the extranet without forcing the users to remember a different set of credentials, and can still maintain a firm control over user accounts. The Standard Edition isn't intended to run solo and assumes that the hub organization is running Trustgenix IdentityBridge Enterprise Edition or some other Liberty/SAML-compliant directory services application. But it relieves the cost and effort that would otherwise be required to implement an enterprise-caliber product at a small organization.
IdentityBridge Standard Edition is a more or less "fire-and-forget" solution. The security manager simply navigates the Web-based console to generate and exchange metadata with the core site, create a URL for the federated application and decide which user properties (name, title, etc.) will be published to the federated site. The manager then creates an SSO URL through which users authenticate to federated resources. After users authenticate locally, they have seamless access to all federated resources. Multiple applications can be set up quickly, so it's pretty easy to keep up with new applications as they are developed.
IdentityBridge fully supports SAML 1.x and Liberty 1.x, so the product can implement federation with just about any directory service (AD, Novell eDirectory, etc.).
Installation was relatively straightforward, but needs to be improved, especially since the product is intended for SMB customers. The entire process of setting up the application sites, exchanging metadata and creating an SSO URL isn't terribly intuitive and begs for a setup wizard. Additionally, there are some minor, but annoying, setup bugs that need to be addressed. For example, if the company name used during setup contains a comma, the install fails to generate the cryptographic key store for the site and will prevent successful federation with the extranet.
Even with the relatively minor installation glitches and lack of setup wizards, IdentityBridge Standard Edition is a solid product that delivers what it promises. If you're setting up a large-scale extranet, it's worth considering as an option to tie in smaller partner sites with minimal hassle.
This was first published in July 2005