Access Management deals with controlling users' access to organization resources. It involves enforcing various access privileges from coarse to fine grain entitlements. In the simplest form, this consists of authentication and authorization, whereby the user's identity is verified and then allowed access to those resources that the user has been authorized to. Access Management and Identity Management strategies are closely related and complement each other. The following functions are part of the Access Management.

Web SSO
Web SSO enables users to access all enterprise web resources through a single login. Web SSO architecture is typically based on a secure proxy or web agents installed on web/application servers. The access to these web resources is managed centrally and the same user credentials/session allows them access to these resources. Such architectures could be extended to cover cross-company services through use of standards like SAML, Liberty Alliance, Microsoft Passport, etc. Increasingly, customers are also looking to leverage Kerberos credentials on Windows XP to seamlessly bridge to Web SSO credentials and thus have integrated Windows and web single sign-on. InfoRender practitioners have expertise in most leading Web SSO products including following:

• CA SiteMinder
• Entrust getAccess
• IBM Access Manager
• RSA Access Manager

Application SSO
Application or desktop SSO (usually referred to as the SSO holy-grail) enables a user to access all enterprise applications and resources through single seamless login. In this, typically the same credentials are not leveraged by all applications; hence it requires management of several user credentials. Such architectures usually rely on password escrow, synchronization, and scripting techniques to make the user experience seamless, but are typically hard to maintain and scale. InfoRender practitioners have knowledge of most leading SSO products including following:

• PassLogix v-GO SSO
• BNX SSO

Authorization
In general, business applications require access at various levels including at the front-end (web or desktop client), at the method level (J2EE resource, etc.) or at the business rule/data level. Access control at the web resource level is usually handled by Web SSO solutions, whereas the application method or business rule/data level access control is handled at the individual application level. Some enterprises have been looking at centralizing these fine grain entitlements management scenarios at the business group level or at the enterprise level.

InfoRender practitioners have deployed fine grained entitlement products in high performance mission critical environments such as trading applications. We partner with key vendors in this arena and our team is well trained in the leading authorization products including following:

• BEA WLES

Portal Security
Corporate portals are critical information gateways that enable the growth of strong relationships with customers, employees, and business partners. Providing adequate information security while ensuring a pleasant user experience is a continual challenge, solving which requires the right experience, business knowledge and technical expertise. InfoRender Security provides portal security solutions for sites ranging from small intranets to large scale multiparty extranets. Portal security integrates some of the access management solutions described earlier including Web Single sign-on, authorization, session management, SSO to 3 rd parties, content aggregation, etc. InfoRender practitioners have experience with vendor as well as custom built Portal Servers including following:

• IBM WebSphere Portal Server
• BEA WebLogic Portal Server