:: Access Management ::

Access Management deals with controlling users' access to organization resources. It involves enforcing various access privileges from coarse to fine grain entitlements. In the simplest form, this consists of authentication and authorization, whereby the user's identity is verified and then allowed access to those resources that the user has been authorized to. Access Management and Identity Management strategies are closely related and complement each other. The following functions are part of the Access Management.

Entitlement
Entitlements solutions enable fine-grained control over access to information assets.

Assigning user entitlements and applying them to achieve fine-grained control over access to enterprise applications and data can be a complex and costly undertaking. Yet regulatory requirements, as well as the potential financial and reputation impact, continually raise the stakes for failure to adequately manage access to information assets. Our Entitlements practice develops solutions for enterprises to ensure that entitlements can be effectively managed and applied.

Controlling user access to specific functions and data within applications-i.e., fine-grained access control-is often implemented on an application-by-application basis. Each application has its own user classifications, its own access policy model and its own implementation of algorithms for applying the policies to users to permit or deny access. As the number of such applications grows within an enterprise, managing the access rights of individual users across multiple applications becomes an increasingly unwieldy and inefficient process.

While, each client's existing environment has its own business models, a more efficient approach employs a solution for fine-grained access control that is based on standardized roles or other user classifications and which can be leveraged across multiple applications. But introducing such a solution can be a daunting task-not just from a technology implementation standpoint, but also with respect to the development of a robust and flexible policy model and the definition and assignment of standardized user classifications.

InfoRender Security Technologies has extensive experience in designing and deploying solutions for fine-grained entitlements that can be leveraged across multiple applications. Our director of the AM division, who is also the chief solution architect, has been involved in many projects within the financial market segment. His years of experience allow us to provide the solutions that are customized for each client. He is also the sole author of various key patented access management and entitlement technologies, and our organization has licensing agreements with some key industry players within this field.

Under his guidance, his teams have helped a number of clients identify requirements, evaluate products and design, and develop and customize implementations. Besides rigorous trainings, our team members have extensively utilized the products in POC/live deployments for customers and in developing custom solutions in our engineering lab.

Our Entitlements practice is ready to assist you in rolling out fine-grained entitlement services in your enterprise. Our Entitlements consulting offerings include:

To discuss your organization needs for enterprise entitlements services and how our Entitlements practice can help you to meet them, please contact us at:

Web SSO
Web SSO enables users to access all enterprise web resources through a single login. Web SSO architecture is typically based on a secure proxy or web agents installed on web/application servers. The access to these web resources is managed centrally and the same user credentials/session allows them access to these resources. Such architectures could be extended to cover cross-company services through use of standards like SAML, Liberty Alliance, Microsoft Passport, etc. Increasingly, customers are also looking to leverage Kerberos credentials on Windows XP to seamlessly bridge to Web SSO credentials and thus have integrated Windows and web single sign-on. InfoRender practitioners have expertise in most leading Web SSO products including following:

Application SSO
Application or desktop SSO (usually referred to as the SSO holy-grail) enables a user to access all enterprise applications and resources through single seamless login. In this, typically the same credentials are not leveraged by all applications; hence it requires management of several user credentials. Such architectures usually rely on password escrow, synchronization, and scripting techniques to make the user experience seamless, but are typically hard to maintain and scale. InfoRender practitioners have knowledge of most leading SSO products including following:

Authorization
In general, business applications require access at various levels including at the front-end (web or desktop client), at the method level (J2EE resource, etc.) or at the business rule/data level. Access control at the web resource level is usually handled by Web SSO solutions, whereas the application method or business rule/data level access control is handled at the individual application level. Some enterprises have been looking at centralizing these fine grain entitlements management scenarios at the business group level or at the enterprise level.

InfoRender practitioners have deployed fine grained entitlement products in high performance mission critical environments such as trading applications. We partner with key vendors in this arena and our team is well trained in the leading authorization products including following:

Portal Security
Corporate portals are critical information gateways that enable the growth of strong relationships with customers, employees, and business partners. Providing adequate information security while ensuring a pleasant user experience is a continual challenge, solving which requires the right experience, business knowledge and technical expertise. InfoRender Security provides portal security solutions for sites ranging from small intranets to large scale multiparty extranets. Portal security integrates some of the access management solutions described earlier including Web Single sign-on, authorization, session management, SSO to 3 rd parties, content aggregation, etc. InfoRender practitioners have experience with vendor as well as custom built Portal Servers including following:

We provide the following services in the Access Management domain:

Requirements Gathering - working with the business and technology groups to document and analyze access control, session management and single sign-on requirements
Project Management - working with business, security, application development and operations groups to manage expectations and manage overall solution delivery.
Proof-of-concept - to evaluate products against customer requirements, including benchmarking for performance, examining failover, load balancing and fault tolerance.
Development
Policy Design - for each application, to provide the required security and performance. Involves definition of user roles, development of business rules.
Custom Development - plug-in extensions, SPNEGO bridge, SAML assertions, management tools, reporting, etc. to extend the product functionality
Application Integration - integration and end-to-end testing
Deployment
User Repository - schema design and feeds
Deployment architecture - optimal configurations for performance, failover, load balancing, accommodating future growth.
Implementation - installation, configuration, testing of product, deployment of policies in production environment.
Global Support
24x7 outsourced engineering support for the Web SSO and Authorization infrastructure