Access Management
deals with controlling users' access
to organization resources. It involves enforcing various
access privileges from coarse to fine grain entitlements.
In the simplest form, this consists of authentication and
authorization, whereby the user's identity is verified
and then allowed access to those resources that the user
has been authorized to. Access Management and Identity
Management strategies are closely related and complement
each other. The following functions are part of the Access
Management.
Web SSO
Web
SSO enables users to access all enterprise web resources
through a single login. Web SSO architecture is typically
based on a secure proxy or web agents installed on web/application
servers. The access to these web resources is managed centrally
and the same user credentials/session allows them access
to these resources. Such architectures could be extended
to cover cross-company services through use of standards
like SAML, Liberty Alliance, Microsoft Passport, etc. Increasingly,
customers are also looking to leverage Kerberos credentials
on Windows XP to seamlessly bridge to Web SSO credentials
and thus have integrated Windows and web single sign-on.
InfoRender practitioners have expertise in most leading Web SSO
products including following:
- CA SiteMinder
- Entrust getAccess
- IBM Access Manager
- RSA Access Manager
Application
SSO
Application
or desktop SSO (usually referred to as the
SSO holy-grail) enables a user to access all enterprise
applications and resources through single seamless login.
In this, typically the same credentials are not leveraged
by all applications; hence it requires management of several
user credentials. Such architectures usually rely on password
escrow, synchronization, and scripting techniques to make
the user experience seamless, but are typically hard to
maintain and scale. InfoRender practitioners have knowledge of
most leading SSO products including following:
- PassLogix v-GO
SSO
- BNX SSO
Authorization
In
general, business applications require access at various
levels including at the front-end (web or desktop client),
at the method level (J2EE resource, etc.) or at the business
rule/data level. Access control at the web resource
level is usually handled by Web SSO solutions, whereas
the application method or business rule/data level access
control is handled at the individual application level.
Some enterprises have been looking at centralizing
these fine grain entitlements management scenarios at the
business group level or at the enterprise level. InfoRender practitioners have deployed fine grained entitlement
products in high performance mission critical environments
such as trading applications. We partner with key vendors
in this arena and our team is well trained in the leading
authorization products including following:
Portal
Security
Corporate portals are critical information
gateways that enable the growth of strong relationships
with customers, employees, and business partners. Providing
adequate information security while ensuring a pleasant
user experience is a continual challenge, solving which
requires the right experience, business knowledge and
technical expertise. InfoRender Security provides portal
security solutions for sites ranging from small intranets
to large scale multiparty extranets. Portal security
integrates some of the access management solutions
described earlier including Web Single sign-on, authorization,
session management, SSO to 3 rd parties, content
aggregation, etc. InfoRender practitioners have experience
with vendor as well as custom built Portal Servers
including following:
- IBM WebSphere Portal
Server
- BEA WebLogic Portal
Server
We provide
the following services in the Access Management domain:
- Requirements
Gathering - working with the business and
technology groups to document and analyze
access control, session management and single
sign-on requirements
- Project
Management - working
with business, security, application
development and operations groups to manage
expectations and manage overall solution
delivery.
- Proof-of-concept - to evaluate
products against customer requirements, including
benchmarking for performance, examining failover,
load balancing and fault tolerance.
- Development
- Policy Design - for each application, to
provide the required security and
performance. Involves definition of user roles, development
of business rules.
- Custom Development - plug-in extensions,
SPNEGO bridge, SAML assertions,
management tools, reporting, etc. to extend
the product functionality
- Application Integration - integration
and end-to-end testing
- Deployment
- User Repository - schema
design and feeds
- Deployment architecture - optimal configurations
for performance, failover,
load balancing, accommodating future growth.
- Implementation - installation, configuration,
testing of product, deployment
of policies in production environment.
- Global Support
- 24x7 outsourced engineering support for the Web SSO and Authorization
infrastructure
|