header
spacer

Home | Blog

 spacer spacer
OVERVIEW
SOLUTION FOR IDENTITY MANAGEMENT
COMMON USE CASES
USE CASES BY INDUSTRIES
home > solutions > solutions for portals

VIRTUALIZATION FOR PORTALS

Portal Deployment Challenges
Portal deployments focus on aggregating enterprise data under a common web presentation framework. Just building the common presentation framework requires a great deal of design and implementation effort. Underlying that work is another set of challenges that are equally important; how to handle identity for security and personalizing portal services.

For portals, there are several major identity integration challenges:

  • » Authenticating users requires a directory-based set of user names and passwords. However, many organizations find that there is no single directory that has all that information, which forces them to recreate it all over again in a new directory.

  • » Authorization services are based on policy, which usually evaluates a set of conditions and rules tied to the user's profile or memberships. Not having complete profile or membership data means extra administrative effort and complexity.

  • » In order to provide a consistent, integrated portal user experience, portlets and web applications need to reuse the same profile data based on a common definition. Otherwise, users would redundantly enter the same information over and over again.

Virtualization solves all of these challenges by leveraging data where it exists and provides services as needed, all without disrupting the existing data infrastructure.

SOLVING PORTAL AUTHENTICATION CHALLENGES WITH RADIANTONE

For authentication, enterprises may have a variety of directories, such as Microsoft Active Directory, Microsoft ADAM, Novell eDirectory, Sun Java System Directory Server, and OpenLDAP. But portal and web access management software often expects a single authoritative directory for authentication, so enterprises face complex synchronization efforts to bring all of that data into a single directory.

There are also non-standard sources of passwords, such as passwords stored in a database or custom password methods.

Using the RadiantOne Identity and Context Virtualization Platform, it is possible to build a "virtual view" that provides federated LDAP access to all the different data sources as if it was a single directory, including support for bind operations to passwords from non-LDAP data sources. If custom logic is needed for authentication, the LDAP authentication method can be modified (per branch) to handle specific requirements.

SOLVING PORTAL AUTHORIZATION CHALLENGES WITH RADIANTONE

Authorization relies on complete and accurate group or profile data to evaluate policy against. Unfortunately, traditional directory deployments require administrators to recreate this information in the user repository, even though it already exists in other locations. Or it requires heavy synchronization to copy data from place to place, which can be complex, costly, and invasive.

RadiantOne Identity and Context Virtualization Platform makes authorization operate more effectively and intelligently by providing the most up to data available. With RadiantOne, it's easy to handle both group and profiles. Groups can be migrated into a virtual view, so that they can be remapped under the new tree structure and adapted to incorporate all users in the view, not just the ones that originated from that data source.

Policies based on attributes in a user profile have even more stringent requirements. Since evaluating policy is a security decision the data the policy uses has to be up to date. However, synchronized attributes may only be updated occasionally, creating long periods of time before the policy knows about changes that may affect the policy evaluation.

RadiantOne provides real-time access to data sources, so that policy can be evaluated using the most current data.

SOLVING PORTAL PROFILE CHALLENGES WITH RADIANTONE

Complete identity profile information is fundamental to making portlets operate consistently in the portal framework. If a user types his address in one portlet, the updated profile should be available in the other portlets as well without having to re-enter the information.

To get this level of integration, you'll need to be able to
A) assemble complete profile data out of existing application profiles and
B) present the profile in a manner the portlet expects to consume it.

RadiantOne handles the first requirement by examining data from multiple sources and providing integration tools to unify the profile in the virtual view. If there is a common identifier among multiple data sources, RadiantOne can assemble complete identity profiles on the fly through a dynamic join. If there is no common identifier available but one can be computed using business logic, then RadiantOne ICS uses the unified identity process to identify related profile data in different data sources.

In order to enable applications to consume this data, RadiantOne provides the ability to show the same data in different "views", so that application sees what it expects to see. This removes the complexity and excess work normally associated with trying to build a master schema that fits all applications. The tailored view presents data so that the tree matches the application, rather than trying to change the application to fit the tree.

Back to Top ^

HOME  |  SOLUTIONS  |  PRODUCTS  |  RESOURCES  |  CUSTOMERS  |  PARTNERS  |  SUPPORT  |  NEWS  |  COMPANY  |  CONTACT
415.209.6800  |  info@radiantlogic.com  |  sales@radiantlogic.com  |  Copyright © 2008 Radiant Logic, Inc. All rights reserved.