Explore our New Federated Identity Service at RSA
I’m looking forward to RSA this year, where we’ll announce a major breakthrough in the way companies manage their identity in this increasingly web and cloud-centric world. I’m also proud to see that RSA is integrating our solution into its excellent IdM stack.
I’ll tell you all about it below, but first, I’d like to address a topic that’s been burning up the blogosphere lately.
The Virtual Directory is Dead. Long Live the Virtual Directory!
We all know that it’s not enough to innovate; the success of a new technology is also measured by its degree of integration within the existing ecosystem. I’ve been reflecting on that challenge lately, after reading this piece on Ping Federate’s new authentication chaining capability, which suggests the virtual directory is no longer necessary. Hmm, we know our good friends at Ping Identity are not that radical—just check out the slides from their latest webinar—but I guess you know the old joke: Groucho was a Marxist and Lenin was a Beatle. I will leave it to Nishant Kaushik’s excellent response to explain why authentication chaining is only a very small part of the answer.
Mostly, I’m struck by the fact that the virtual directory—technology my friend Claude and I invented back in the dark ages of last decade—is now such an accepted part of today’s identity infrastructure that people feel free to proclaim its demise. After years of trying to explain what a virtual directory was, that feels like a victory! 
Okay, now let me share some news I’m really excited about.
From Virtual Directory to a Federated Identity Service Powered by Virtualization
Over the years, we’ve advanced virtual directory technology from a proxy-driven routing and remapping engine to a model-driven virtualization solution, which enables you to design the exact identity views required by your applications. Now we’ve taken it a step further, delivering a federated identity service based on virtualization that’s key to the deployment of any secure web application or identity provider (IdP) in a federation—all without disrupting your existing systems. This service hides the heterogeneity of your existing identity sources, and exposes a logical, coherent, secure, and application-friendly view of your users to both internal and external applications. And it drives any business initiative where a global view of identity is essential, including web access management, portal, and cloud integration.
Sounds like a great solution, right? But first, let’s take a look at the problem we’re solving.
Applications, Security Protocols, and Identity Sources—Oh, My!
In any sizeable modern organization, there are many links tying applications, via disparate security and access protocols, to all the different identity sources. I call this the “Star Wars” effect:
For such companies, many internal, external, web, and cloud-based applications (A) must talk to many identity sources (I) using different security protocols (S), with every factor representing some number (N) of links—and every link costing lots of money ($$$) to develop, manage, and maintain.
When you do the math—A x I x S = N links (x $$$)—it’s basically a shoot-out at the Not-OK Corral, where you’re left with a brittle network of links, protocols, and identity representations that require a whole IT team to maintain. And whether your company is revamping its portal, adding a critical cloud-based application, or acquiring a partner, any changes put incredible (and incredibly expensive!) demands on a critical infrastructure.
An Identity Hub to Reduce Complexity and Rationalize your Infrastructure
Fortunately, there is a well-established pattern for solving the problem of too many links. By creating an intermediate layer—a hub—you can reduce the complexity of M x N interactions to more manageable and linear M + N connections. After all, this is why the airlines fly you through Denver or Charlotte or Chicago, instead of offering the chaos of thousands of direct flights between destinations.
Our federated identity service acts as a virtual identity hub, anchoring your identity infrastructure and enabling you to interconnect all the identities across the enterprise, no matter where or how they’re stored, for smarter security, better authentication, and more finely-grained authorization.
Now, this idea of an identity hub is not new—in fact, identity vendors have been trying to develop (or reinvent) some form of an identity hub for years, from the over-centralization of the ”enterprise directory,” to the efficient but inflexible meta-directory, and more recently the flexible but limited “classical” virtual directory based on simple mapping, routing, and proxy. After many years of experience with customer integrations, we know you need to combine the strengths of all these different approaches, and add a little special sauce on top, so let’s take a quick look at the technologies and processes underlying our solution.
Be the First to See the New Federated Identity Service at RSA!
The RSA conference is right around the corner, and we’re looking forward to seeing you! We’d like to offer you a front row seat when we unveil the RadiantOne federated identity service. RadiantOne 6.0 is the first complete on-premise federated identity service based totally on virtualization, and it’s purpose-built to address the security demands of authenticating and authorizing a diverse user base—including internal, external, and mobile—across multiple security protocols, identity stores, and usage patterns. RadiantOne 6.0 includes the brand new VDS+ virtual directory, the Cloud Federation Service (CFS) to connect identities with the cloud, and a powerful identity correlation and synchronization engine.
See RadiantOne in Action: Drop by for a Demo
We’d be happy to set up a demo, so just drop us a line at info@radiantlogic.com, or stop by booth #345. We’ll have virtualization pros on hand to answer any questions, or to walk you through the new RadiantOne platform!
Free Expo Pass! ($100 value)
Pass Code: EC12RLG
XACML Training Workshops
Learn from the Pros at Axiomatics, Sailpoint, Layer 7, and Radiant Logic
Companies today are looking for a comprehensive authorization solution that’s external to applications, resources, and data—and an increasing number of IT organizations are turning to XACML-driven access control. Do you have the knowledge you need to build such dynamic, flexible, and compliant authorization services?
San Francisco, CADate: February 27, 2012 |
Chicago, ILDate: March 5-6, 2012 |
New York, NYDate: March 8-9, 2012 |
Deliver Smarter, Attribute-Based Access Control
Radiant Logic is co-hosting a series of XACML training workshops across the country. These trainings explore how to integrate your existing identity silos with modern and complex architectures. We’ll also look at how virtual directory services, XML gateways, and access governance complement XACML systems. You’ll come away with real insight into how to achieve policy-driven attribute-based access control using real-time enterprise data, regardless of that data’s location, form, or complexity.
Don’t Miss these Opportunities!
These trainings will introduce XACML concepts and complementary technologies and then take a deeper dive into more advanced topics. All your session materials, meals, and wireless Internet access will be provided.
Get a more detailed agenda and register today.
See you at the workshop!
-The Radiant Team
PS: We’ve run this same series in other cities and it has sold out. If you’re interested in attending, be sure to register soon.
Discover the Path to FICAM Success:
Join Us for the FICAM Kick-Off, March 28, Washington, DC
If you work in identity management for a government agency, you can’t afford to miss this free FICAM kick-off.
Join us for an event highlighting the recently-released FICAM roadmap. Take a deep dive into the FICAM guidelines, discuss potential use cases, and gather best practices for implementation. You’ll hear from FICAM gurus Anil John and Deborah Gallagher, and explore how the RadiantOne complete identity service, based on model-driven virtualization, is being used to build the Authoritative Attribute Exchange Service.
Sign Up Now for this Free FICAM Kick-Off
We’ll begin with a breakfast of croissants and coffee and end with lunch. Along with the speakers, there will be ample time for questions and mingling—and every attendee will receive a ticket to tour the spy museum.
If you’re charged with implementing FICAM initiatives, this is one event you won’t want to miss—we look forward to meeting you at the Spy Museum.
Check out the agenda and be sure to sign up today!
See you in DC,
The Radiant Team
Heads Up for Our Workshops, Trainings, and Events
Radiant Logic’s going on tour! We’re thrilled to announce our 2012 event line-up, with a number of great ways for you to put RadiantOne in your hands, and see what our complete identity service is all about. Check our brand new events page for dates, locations, and registration.
- RadiantOne Trainings: Don’t miss your chance to master the new RadiantOne VDS+, and get practical experience in an instructor-led classroom. This year, we’ll offer our totally revamped trainings in ten different cities, so register for one near you!
- XACML Workshops: Learn how to achieve policy-driven attribute-based access control using real-time enterprise data, with industry leaders Radiant Logic, Axiomatics, Layer 7, and Sailpoint.
- FICAM Event: Work in identity management for a government agency? Learn more about the new FICAM guidelines, potential use cases, and best practices for implementation over free breakfast and lunch at the Spy Museum!
Here at Radiant, we believe that the future’s already here— and we’ll prove that this month when we ship the first release of the RadiantOne Cloud Federation Service, so you can turn your RadiantOne VDS into one connector to the cloud, enabling SSO across your enterprise—and even from an outside device like a smartphone or a tablet. Stay tuned in February to download your free trial!
An enterprise’s flexibility is determined by how easy it is to dispatch and regroup users into groups. While many SaaS applications use groups to authorize users, some identity sources, such as Active Directory, do not make it easy to put users into groups—or keep up with changes in group status. Creating and maintaining groups manually is time-consuming and can be complex when multiple data sources are involved.
Instead of defining and maintaining static groups for cloud-based authorization, RadiantOne lets you create new dynamic groups based on existing attribute values, and populate those groups with users coming from multiple sources:
You can also import existing static groups into RadiantOne VDS and remap them to meet application requirements:
RadiantOne can even base your group definition on multiple attribute values—such as department and title—for more finely-grained group definition. Say you want a group for each department in your enterprise. With RadiantOne, all you have to do is create a dynamic group for the attribute “department” and automatically you have groups for your Sales, HR, and Marketing departments, with members coming from across all data stores.
With RadiantOne, it’s easy to leverage your existing data for attribute-based authorization in the cloud and keep those groups up to date automatically.
Filed under: Cloud Security Solutions, Newsletter, Portal Security Solutions
