Sun preps cornerstones of identity management

Sun Microsystems Inc. on Tuesday released the final beta of two products that are the cornerstones of its identity management platform.

At The Burton Group Corp.’s Catalyst Conference, Sun said the final beta of Sun One Identity Server 6.0 and Sun One Directory Server 5.2 are now available. The two are paired together as part of the Sun One Platform for Network Identity introduced in March that features software, hardware and services.

Sun’s Identity Server 6.0, a Web access management product that competes with the likes of Netegrity and Oblix, is its first product to support the Security Assertion Markup Language and the Liberty Alliance 1.0 specification that was released on Monday.

The Liberty Alliance is a group of 70 vendors and end-user organizations that created a specification for a single sign-on mechanism for electronic commerce and Web services.

“We are glad to see SAML and the Liberty Alliance technology being integrated with a major identity product like Sun’s,” says Dan Blum, an analyst with the Burton Group. “I think this will help them maintain their edge in the e-business directory and security space.”

Microsoft Corp. has spent the week talking about an upcoming standalone version of its directory to support Web-based applications and about how it will add SAML to its operating system to create a federated identity management infrastructure. Novell Inc. on Monday introduced its Project Saturn, which is an effort to build a federated identity management system around eDirectory and iChain.

In the new version of Identity Server, Sun has added a policy engine to support secure access using a set of rules stored in its directory. Access also can be controlled using a set of conditions, such as IP address, time, date and authentication level. In addition, authentication requirements can be set per resource.

Sun also has added support for more authentication services, including Kerberos, Windows NT and 2000, and the Java Authentication and Authorization Service.

“We are building the Web services stack,” says Don Bowen, technical product manager for Sun.

The company also is creating additional agents, including agents for PeopleSoft and WebSphere, to connect applications to the Identity Server, which comes packaged with the Sun One Directory Server 5.2.

The Identity Server will integrate with other directories and databases that provide authentication data, but policies and rules must be stored in Directory Server 5.2.

The Directory Server now includes support for DSML 2.0, which provides developers working with XML an easy way to add directory support into their applications.

Plus, Sun has begun to answer availability questions that have dogged its server. With version 5.2, the server supports four-way multi-master replication across a WAN. That means users can have a master and a failover linked over a WAN to another master/failover setup. Sun also has added support for 64-bit caching, which will allow more directory information to be stored in memory.

In addition, the directory now has password synchronization with Windows NT and 2000, password policy controls, encrypted attributes and selective replication down to individual attributes.

Directory Server 5.2 pricing starts at US$2 per entry, and the software is scheduled to ship in December. It runs on all flavours of Unix, Linux and Windows NT and 2000. Identity Server 6.0 runs on Solaris, Linux and Windows NT and 2000, and pricing starts at US$10 per entry. The software is expected to be available in October.