Your SlideShare is downloading. ×
THE COMPLETE
BUYER’S GUIDE
 for IDENTITY MANAGEMENT
 October 2008




Abstract
If you are currently evaluating identity ma...
Sun Microsystems, Inc.




Table of Contents

Executive Overview ............................................................
3         Executive Overview                                        Sun Microsystems, Inc.




A New Business Paradigm    ...
4         Executive Overview                                           Sun Microsystems, Inc.




What’s Included in this ...
5       Business Primer                                                              Sun Microsystems, Inc.




Priorities...
6         Business Primer                                             Sun Microsystems, Inc.




A secure, sustainable ide...
7         Business Primer                                               Sun Microsystems, Inc.




The 4 A’s of Identity M...
8         Business Primer                                            Sun Microsystems, Inc.




What Analysts and Communit...
9         Business Primer                                             Sun Microsystems, Inc.




Advantages of Working wit...
10        Business Primer                                            Sun Microsystems, Inc.




Identity Management Offeri...
11        Business Primer                                            Sun Microsystems, Inc.




Key Business Benefits     ...
12        Business Primer                                           Sun Microsystems, Inc.




Delivering Measurable Resul...
13        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
14        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
15        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
16        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
17        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
18        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
19        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
20        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
21        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
22        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
23        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
24        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
25        Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist...
26      Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist C...
27      Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist C...
28      Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist C...
29      Key Considerations for Evaluating Identity Management Solutions     Sun Microsystems, Inc.




Buyer’s Checklist C...
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Sun Gerenciamento de Identidade com Segurança
Upcoming SlideShare
Loading in...5
×

Sun Gerenciamento de Identidade com Segurança

830

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
830
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Sun Gerenciamento de Identidade com Segurança"

  1. 1. THE COMPLETE BUYER’S GUIDE for IDENTITY MANAGEMENT October 2008 Abstract If you are currently evaluating identity management solutions, this guide will provide the information and tools to help you make the right decision. In the first section of the guide, you will find a business primer that exam- ines the role of identity management in addressing today’s business opportunies and challenges as well as discusses the characteristics of an effective solution. In the second section of the guide, you will find helpful decision-making tools you can use to ensure that your selection is best suited to your business needs and technology environment.
  2. 2. Sun Microsystems, Inc. Table of Contents Executive Overview ........................................................................................ 3 What’s Included.................................................................................................. 4 Business Primer: Identity Management Trends, Opportunities and Solutions ....... 5 Increasing Business Value While Reducing Costs and Risks..................................... 5 Improve Access and Service ............................................................................. 5 Become More Secure and Compliant ................................................................ 6 Reduce Costs and Complexity........................................................................... 6 Building Value on a Secure, Sustainable Identity Infrastructure ............................. 7 Assessing Sun Identity Management .................................................................... 8 Exploring Sun’s Identity Management Offerings ................................................... 9 Key Business Benefits of Sun Identity Management......................................... 11 Improving Real-World Results with Sun Identity Management ......................... 12 Key Considerations for Evaluating Identity Management Solutions.................... 13 Buyer’s Checklist for Identity Management ........................................................ 13 Identity Lifecycle Management and Auditing .................................................. 13 Role Management ........................................................................................ 26 Access Management ..................................................................................... 27 Federation Services ....................................................................................... 28 Directory Services ......................................................................................... 29 Sun’s Commitment to Industry Standards ...................................................... 38 Sun’s Commitment to Open Source Communities ............................................ 40 End-to-End Identity Management from Sun ..................................................... 42 Take the Next Step ............................................................................................ 42 Glossary of Terms ......................................................................................... 43
  3. 3. 3 Executive Overview Sun Microsystems, Inc. A New Business Paradigm Chapter 1 For more and more users, the network is the nexus of engagement. As the hunger for Executive Overview online services grows, a new set of require- ments emerges for users and businesses alike: The network is ushering in a new era of business growth and opportunity. All around us—in the enterprise, in the developer community, between businesses and con- • Users’ expectations for more choices, along with better content and ser- sumers, and in the public sector—people are using network communications to vices, will only continue to increase. interact and collaborate in ways that were impossible just a few years ago. These • Businesses are eager to meet those new capabilities have quickly created new expectations for today’s enterprise. expectations by extending their reach and making more new applica- tions and services available—while still controlling business risk. • Competitive pressures are pushing enterprises to generate new lines of revenue and new customers through rapid delivery of new services. • Meanwhile, businesses must also focus on keeping the current customer base happy and loyal by enhancing exist- ing service offerings and delivering an outstanding customer experience. For more and more users, the network is the nexus of engagement. As the hunger for online services grows, a new set of requirements emerges for users and businesses alike: • Users’ expectations for more choices, along with better content and services, will only continue to increase • Businesses are eager to meet those expectations by extending their reach and mak- ing more new applications and services available—while still controlling business risk • Competitive pressures are pushing enterprises to generate new lines of revenue and new customers through rapid delivery of new services • Meanwhile, businesses must also focus on keeping the current customer base happy and loyal by enhancing existing service offerings and delivering an outstand- ing customer experience http://www.sun.com/identity/
  4. 4. 4 Executive Overview Sun Microsystems, Inc. What’s Included in this Guide All together, this presents a new paradigm for the way people deploy, access, and use networked information, applications, and resources. Barriers to access are falling • Business Primer away, freeing users and businesses to take the online experience to the known limits • Buyer’s Checklist • Industry Standards Fact Sheet and beyond. • Open Source Projects • Glossary This shift brings about a tremendous opportunity for businesses, yet it also requires ubiquitous access in which user identity is an essential enabler. Extending the en- terprise’s reach to more users than ever, after all, requires trust. And trust requires identity. Today, there is an undeniable, urgent need for businesses and individuals to know who’s on the other end of their transactions, to trust that entity, and to be confident that the information they share is safe with them. Identity management holds the answers to these needs. By providing everything required to effectively manage identities across traditional business boundaries, identity management makes it possible to securely deliver the right resources to the right people at the right time and in the right context. In this way, it can enable businesses to dramatically accelerate growth while leaving com- petitors far behind—and to do so safely and securely. What’s Included Business Primer —A look at identity management trends, opportunities and solutions. Buyers Checklist —What to look for when evaluating solutions. Industry Standards Fact Sheet —Reference information for key initiatives. Open Source Projects —Reference information for key projects. Glossary —Definitions of industry terms. http://www.sun.com/identity/
  5. 5. 5 Business Primer Sun Microsystems, Inc. Priorities of Today’s Executives Chapter 2 • How do we improve the customer Business Primer: Identity Management Trends, experience by providing secure access Opportunities and Solutions to information and services while also expanding our selling opportunities? • How do we enforce company security policies and comply with legal man- Increasing Business Value While Reducing Costs and Risks dates, yet still provide open access to information, applications, and systems Today’s identity management solutions must address multiple business goals and for growing numbers of custom- serve competing, changing requirements. Consider the priorities of today’s ers, partners, and employees? executives: • How do we reduce IT costs and complex- • How do we improve the customer experience by providing secure access to infor- ity while at the same time have all the re- sources we need to get to market quickly? mation and services while also expanding our selling opportunities? • How do we enforce company security policies and comply with legal mandates, yet still provide open access to information, applications, and systems for growing numbers of customers, partners, and employees? • How do we reduce IT costs and complexity while at the same time have all the resources we need to get to market quickly? These are just a few of the conflicting demands that companies must meet today. Effective identity management can help meet them. Improve Access and Service Doing business electronically is a requirement for competing in today’s business environment. The result is dramatic expansion in the number and variety of users who require access to critical information resources, and in the ways in which they gain access. Figure 2. IT must address multiple, conflicting business goals
  6. 6. 6 Business Primer Sun Microsystems, Inc. A secure, sustainable identity Access takes many forms. It can mean providing customers with readily available, infrastructure can help your Web-based access to self-help, information, and online services to improve the business to: experience and to create new revenue opportunities for the enterprise. It can mean • Create new revenue opportunities by creating secure online environments where employees and partners work together securely sharing resources beyond bound- across traditional business boundaries to get new products and services to market aries in collaborative business networks, faster. Whatever the circumstances, the challenge is to open up the enterprise to and by using those networks to efficiently new ways of conducting business while at the same time ensuring that information and securely deliver services online assets remain secure and privacy is protected. • Ensure regulatory compliance through a sustainable approach that makes Become More Secure and Compliant security and compliance a simple part One of the most powerful drivers for identity management is to ensure that corpo- of everyday business, rather than a resource-intensive, audit-driven event rate information assets and privacy remain well protected as access expands for both internal and extranet-based users. The key is to balance the level of acceptable risk • Reduce time and costs associated to the enterprise with its reach into new and expanded markets. with everyday identity-related tasks by automating relevant activities and Part of managing risk is complying with numerous laws and regulations stemming processes and making them easily repeat- from the growing worldwide concern about the security and privacy of information. able as enterprise requirements grow Businesses are challenged to comply with the requirements of these regulations while staying competitive by speeding time to market, improving quality of service, and increasing profit. To meet all of these demands, businesses need a unified iden- tity management infrastructure that: • Supports effective governance, risk, and compliance (GRC) initiatives in the enterprise • Handles the everyday identity management tasks that enable effective GRC on an ongoing basis Reduce Costs and Complexity Cost reduction has become a fact of life for business, but it cannot be achieved at the expense of business results. Enterprises are looking for technology solutions that bring a higher degree of efficiency, leading to faster time-to-market, while also help- ing to reduce ever-increasing demands on help desks and IT staffs. The online business requires a flexible identity infrastructure that meets the growing and changing needs of employees, partners, and customers, on a day-to-day basis over time—without requiring costly investment and complex reinvention to accom- modate growth and change. This infrastructure must support “anytime, anywhere” access with security, dynamic assembly and disassembly of teams, single sign-on, and easy integration with existing enterprise applications. And most importantly, it must be easily adaptable and scalable so the business can quickly take advantage of new opportunities. http://www.sun.com/identity/
  7. 7. 7 Business Primer Sun Microsystems, Inc. The 4 A’s of Identity Management Building Value on a Secure, • Authentication Sustainable Identity Infrastructure Quickly verify user identities A secure, sustainable identity infrastructure can help your business to: • Create new revenue opportunities by securely sharing resources beyond boundaries • Authorization Control user access in collaborative business networks, and by using those networks to efficiently and securely deliver services online • Administration • Ensure regulatory compliance through a sustainable approach that makes security Manage users and assets and compliance a simple part of everyday business, rather than a resource-inten- • Auditing sive, audit-driven event Automatically document what • Reduce time and costs associated with everyday identity-related tasks by auto- happened mating relevant activities and processes and making them easily repeatable as enterprise requirements grow A comprehensive identity management solution provides everything required to create a secure, sustainable identity infrastructure by addressing the 4 A’s of identity management: Authentication—Quickly verify user identities • Authenticate and authorize all user requests for secure applications and services with one integrated solution, regardless of where the requests come from or where the applications and services reside Authorization—Control user access • Ensure that only authorized users may access protected resources based on specific conditions, and that they are granted access only after proper authentication • Provide role- and rule-based authorization for centralized policy enforcement Administration—Manage users and assets • Provide a highly scalable deployment option for incorporating secure identity administration (e.g., registration, self-service, delegated administration) and feder- ated provisioning capabilities into extranet-facing applications and portals • Accelerate the introduction of new, revenue-generating applications and services without having to compromise on security or compliance controls Auditing—Automatically document what happened • Audit identities across enterprise applications and systems • Eliminate manual effort and enable continuous compliance by automatically scan- ning for, identifying, and fixing policy violations • Provide a clear trail of access requests so auditors can identify and correct potential regulatory violations • Include packaged policies as a starting point to help achieve compliance faster http://www.sun.com/identity/
  8. 8. 8 Business Primer Sun Microsystems, Inc. What Analysts and Community Leaders Assessing Sun Identity Management Say about Sun Identity Management Sun identity management solutions are designed to meet the complex, demanding • Forrester ranked Sun as a Strong requirements of today’s enterprise with capabilities for provisioning and auditing, Performer in the Forrester Wave for role management, access management, and directory services—both within and Identity and Access Management beyond the enterprise. • Gartner positioned Sun in the Lead- ers Quadrant of its “Magic Quadrant for Web Access Management”. Recognition from Analysts and Identity Community Leaders • Gartner positioned Sun in the Lead- ers Quadrant of its “Magic Quad- Forrester ranked Sun as a Strong Performer in the Forrester Wave for Identity rant for User Provisioning”. and Access Management. • Forrester ranked Sun as #1 in both cur- Forrester Wave for Identity Access Management, rent offering and market presence. • SC Magazine gave Sun Identity Manager Q1 2008 Andras Cser, 14 March 2008 five out of five stars for its large-scale performance and emphasis on compli- Gartner positioned Sun in the Leaders Quadrant of its “Magic Quadrant for Web Ac- ance and auditing, and praised its ease cess Management.” Gartner places companies in the “Leaders quadrant” based on of use. strong products and strong year over year growth. • Information Security Magazine prod- Magic Quadrant for Web Access Management, uct reviews named Sun a HotPick. 2H07—Ray Wagner, Earl Perkins, 29 October 2007 Gartner positioned Sun in the Leaders Quadrant of its “Magic Quadrant for User Provisioning.” Those in the Leaders Quadrant demonstrate balanced progress and effort in all execution and vision categories. “Sun’s actions raise the competitive bar for all products in the market, and they change the course of the industry.” Magic Quadrant for User Provisioning, 1H06—Roberta Witty, Ant Allan, Ray Wagner, 25 April 2006; 2H07—Earl Perkins, Roberta Witty, 23 August 2007 Forrester ranked Sun as #1 in both current offering and market presence. “Sun stands out as functionally superior and sets the gold standard for user account provisioning...Sun Microsystems is a market leader for a reason—its product delivers superior provisioning functionality with the highest ease of use.” Forrester Wave: User Account Provisioning, Q1 2006 SC Magazine gave Sun Identity Manager five out of five stars for its large-scale performance and emphasis on compliance and auditing, and praised its ease of use. Sun’s solution was said to focus on “creating and managing provisioning work- flows quickly and easily, as well as auditing and compliance.” SC Magazine, 01 January 2008 Information Security Magazine product reviews named Sun a HotPick. “Sun Java System Identity Manger excels with agentless connectors, scalability, and amazing auditing.” Information Security Magazine, March 2007 http://www.sun.com/identity/
  9. 9. 9 Business Primer Sun Microsystems, Inc. Advantages of Working with Sun Specific Advantages of Working with Sun • Industry leadership Industry leadership • Freedom of choice Sun manages billions of user identities worldwide for more than 5000 organizations. • Freedom to grow • Technology innovations Freedom of choice • Return on investment Sun’s partnerships with leading system integrators means that organizations can work with the deployment specialists of their choice to roll out Sun identity manage- ment solutions. Sun’s commitment to open-source software means that software integrators and their customers have complete access to Sun software for develop- ment. In addition, Sun offers product and suite pricing models to optimally match license pricing with specific needs. Freedom to grow As business relationships and customers proliferate, Sun identity management products are designed to provide a high level of scalability that can enable organiza- tions to accommodate more users and resources without requiring an entirely new investment in identity management capabilities. Technology innovations Sun identity management solutions are based on open standards, making them easy to integrate with existing technology infrastructures, and demonstrating Sun’s leadership in developing and promoting technology standards. Sun was the first to introduce an integrated provisioning and identity auditing solution and a complete and comprehensive solution for identity-based compliance. Return on investment (ROI) The open architecture that characterizes Sun identity management makes the process of applying identity management to numerous networked resources faster and simpler. With deployment time reduced from months to weeks, ROI payback can be measured in months instead of years. Sun identity management solutions also deliver continuing financial improvement by reducing ongoing administration costs up to 30%. Exploring Sun’s Identity Management Offerings Sun’s comprehensive set of identity management solutions enables organizations to securely manage, protect, store, verify, and share data both internally and across extranets. For organizations seeking to improve access, become more secure and compliant, and reduce costs and complexity, Sun offers the only complete identity management portfolio that provides the open access, open source, and open stan- dards to support business growth—without sacrificing the security and integrity of sensitive data and resources. http://www.sun.com/identity/
  10. 10. 10 Business Primer Sun Microsystems, Inc. Identity Management Offerings Sun Java™ System Identity Manager: Identity lifecycle management and identity auditing • Sun Java™ System Identity Manager Sun Identity Manager provides the comprehensive functions to apply and enforce • Sun Role Manager • Sun Identity Compliance Manager security policy and meet compliance and audit requirements. The solution’s non- • Sun OpenSSO Enterprise invasive architecture enables easy, fast implementation, with simplified connections • Sun Directory Server Enterprise Edition that use agentless adapters to speed deployment across platforms, applications, • Sun OpenDS Standard Edition databases, and directories. Key features include: • Streamlined, integrated provisioning and auditing capabilities, including industry- leading user provisioning and synchronization • Auditing that goes beyond simple reporting to provide automated reviews, proactive scanning, and consistent enforcement • Preventative and detective compliance, including policy violation tracking and expiration capabilities to handle exceptions Sun Role Manager: Role generation and role management Sun Role Manager dramatically simplifies exceptions control by applying enterprise access policies based on user roles rather than on individual access privileges. It is the most complete solution for companies to address role management and identity- based compliance challenges by simplifying existing manual processes and bringing greater business alignment between business and IT. • Robust role management including role engineering and ongoing role maintenance as well as role certification by business unit managers or role owners • Enterprise-level monitoring of access at the role level to detect and address policy conflicts for enhanced audit effectiveness • Dashboard view of certification status and policy exceptions to simplify administration Sun Identity Compliance Manager: Access control compliance Sun Identity Compliance Manager reduces the risk associated with access control and facilitates successful identity audits by continually monitoring actual access against defined security policies and by automating existing manual access certifica- tion processes. • Most deployed identity compliance solution in the market • Delivers proven, repeatable deployment execution and promised ROI • Provides seamless integration with the Sun Identity Management Suite, other IAM products, and leading SEIM and IT GRC vendors Sun OpenSSO Enterprise: Web access management, federation, and secure Web services Sun OpenSSO Enterprise was designed to help today’s enterprise address every aspect of the SSO challenge—both internal and external, both immediately and as the organization’s needs evolve. Based on technologies developed in the open- http://www.sun.com/identity/
  11. 11. 11 Business Primer Sun Microsystems, Inc. Key Business Benefits source OpenSSO community, it is the only solution that provides Web access man- Sun identity management enables busi- agement, federated single sign-on and Web services security in a single, self-con- nesses to extend reach while reducing risk tained Java application. by: • Optimized for both internal Web access management and extranet authentication • Empowering them to deliver open, • Fast, lightweight federation capability that allows identity providers and service secure access to customers, suppliers, providers to be connected in minutes and partners, through broad support for • The only standards-based solution to provide an end-to-end secure Web services secure, sustainable identity processes • Protecting sensitive information and solution with no plug-ins or special tooling required resources from internal and external • Designed with repeatable, scalable tasks for rapid deployment of multiple threats in the online global economy instances • Making it easier to tackle today’s tremendous compliance challenges with robust auditing and reporting capabilities Sun Directory Server Enterprise Edition: Enterprise-class directory services and strong support for GRC initiatives Sun Directory Server Enterprise Edition is the only high-performance directory server with essential data services—including proxy, virtual directory, and data distribution—to provide highly available directory services all in one solution. • High performance, highly scalable directory for enterprise and carrier-grade environments • Robust security controls, including complete visibility into access requests • Flexible replication capabilities for availability in distributed environments • Integrated data services, including virtualization and distribution Sun OpenDS Standard Edition: Open source-based commercial directory offering Sun OpenDS Standard Edition is the world’s first commercially available pure Java- based directory server that is based on the technologies developed in the open source OpenDS community. Sun OpenDS Standard Edition brings to market in one product a standalone and embeddable LDAP v3 compliant directory that is easy to install, use, manage, and extend. • Simple installation with intuitive administration • Advanced security and password policies to protect sensitive identity data • Advanced backup and restore capabilities to help ensure data availability and reliability • Small footprint for easy installation and embedding into other applications and solutions Key Business Benefits of Sun Identity Management Sun identity management enables businesses to extend reach while reducing risk by: • Empowering them to deliver open, secure access to customers, suppliers, and part- ners, through broad support for secure, sustainable identity processes • Protecting sensitive information and resources from internal and external threats in the online global economy • Making it easier to tackle today’s tremendous compliance challenges with robust auditing and reporting capabilities and strong support for GRC initiatives http://www.sun.com/identity/
  12. 12. 12 Business Primer Sun Microsystems, Inc. Delivering Measurable Results Improving Real-World Results with Sun Identity Management Sun identity management has delivered measurable results in key areas to a broad • Improve Access and Service • Become More Secure and Compliant range of organizations in both the private and public sectors. Here are just a few • Reduce Cost and Complexity examples: Improve Access and Service • Athens International Airport: Immediate access to secure applications • GM: Simplified information access for 321,000 employees worldwide • RouteOne: Acceleration of loan process for 40 million transactions annually • T-Mobile: Rapid access to new services for 20 million subscribers • Lake Superior State University: Instant access to campus systems • Swisscom Mobile AG: Significantly improved the efficiency of their customer service at their points of sales Become More Secure and Compliant • ADP: Integration of processes to streamline regulatory compliance efforts • DaimlerChrysler: Centralized directory to help meet requirements of privacy laws • Mobile TeleSystems (MTS) Ukraine: Cut the time required for compliance audits from one week to 8 hours Reduce Cost and Complexity • Caremark: 80% reduction in administrative staff • GE: Automation of accounts to make over 300,000 employees and contractors more productive • Western Michigan University: Accelerated provisioning of new students • Henkel: New technology implementation in months instead of years http://www.sun.com/identity/
  13. 13. 13 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents Chapter 3 Identity Lifecycle Management and Auditing Key Considerations for Evaluating • Automated Provisioning Identity Management Solutions • Password Management • Identity Synchronization Services • Enterprise Architecture Considerations • Extranet Architecture Considerations Buyer’s Checklist for Identity Management • Identity Audit As you evaluate various identity management solutions, use this checklist to com- Role Management pare key architecture components and designs as well as features and functions. • Role Management Access Management Identity Lifecycle Management and Auditing • Access Management AUTOMATED PROVISIONING YES NO Federation Services Does the solution create, update, and delete user accounts • Federation Services across the enterprise environment, including Web-based and legacy systems and apps? Directory Services • Directory Services Is the solution Web-based and available to administrators • LDAP Directory Services from any Web browser? • Directory Proxy Services • Active Directory Synchronization • Web-based Viewer/Editor Is the solution designed to support users both inside • Directory Server Resource Kit (employees) and outside (partners, suppliers, contractors) • Open Directory Services the enterprise? Can you easily and quickly find a user (or a group of users) and view their access privileges? Does the solution allow you to instantly revoke all of a user’s access privileges? Does the solution leverage existing infrastructure (e-mail, browsers) to facilitate automated approvals for account creation? Does the solution offer an automated approval mechanism with zero-client footprint? Does the solution provide the flexibility to map to your existing business processes? http://www.sun.com/identity/
  14. 14. 14 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents AUTOMATED PROVISIONING YES NO Identity Lifecycle Management and Auditing If you answered yes to the previous question: • Automated Provisioning Are serial approval processes supported? • Password Management • Identity Synchronization Services Are parallel approval processes supported? • Enterprise Architecture Considerations • Extranet Architecture Considerations Does the solution provide automatic approval routing to per- • Identity Audit sons appropriate to the system access requested (e.g., system owners) and organizational structure (e.g., managers)? Role Management • Role Management Can the solution dynamically determine routing of approvals Access Management based on defined organizational information (for example, • Access Management Microsoft Active Directory—to determine who the user’s manager is and route approval to that manager)? Federation Services • Federation Services Does the solution allow delegation of approval authority to Directory Services another approver (or multiple approvers)? • Directory Services • LDAP Directory Services Can the solution automatically escalate a request to an • Directory Proxy Services alternative approver if allotted time elapses? • Active Directory Synchronization • Web-based Viewer/Editor Can the solution request information from applications or • Directory Server Resource Kit • Open Directory Services data stores during the approval process? Can the solution support rule-based routing of approvals? Can the solution require automated approvals for deleting or disabling accounts? Can the solution require automated approvals for changing account values? Does the solution provide the ability to request information from approval participants to define account-specific information during the process? Does the solution support creating custom approval screens and keeping them compatible in the upgrade process? Can the solution fully automate the routine identity management processes in your environment? http://www.sun.com/identity/
  15. 15. 15 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents AUTOMATED PROVISIONING YES NO Identity Lifecycle Management and Auditing Can added accounts for new users in an authoritative source • Automated Provisioning (e.g., HR database, directory) drive automated approvals and • Password Management • Identity Synchronization Services account creation? • Enterprise Architecture Considerations • Extranet Architecture Considerations Can changes in user status (e.g., job promotion captured in • Identity Audit HR system) automatically drive changes in user access privileges? Role Management • Role Management Can information in an HR database on employees departing Access Management the organization be used to completely and automatically • Access Management delete all access privileges on the day of departure? Federation Services Can the above processes be fully automated for large groups • Federation Services of users in addition to individuals (e.g., when an acquisition closes or a layoff occurs and a large group of users require Directory Services • Directory Services automated action)? • LDAP Directory Services • Directory Proxy Services Will the solution detect manual changes made in managed • Active Directory Synchronization systems and automatically respond? • Web-based Viewer/Editor • Directory Server Resource Kit When changes are detected, can the solution alert/notify • Open Directory Services designated personnel of access rights changes made outside the provisioning system to verify if changes are legitimate? Once detected changes are approved, will the solution automatically update itself to include those changes? Can the solution filter manual changes made on target sys- tems so that only relevant identity changes trigger alerts? If a detected account is not legitimate, can the solution auto- matically suspend the account? Can the solution be used to enforce privacy policy? Does the solution support role-based access control? Does the solution support assignment of users to multiple roles? Does the solution support the assignment of users to hierarchical or inherited roles? http://www.sun.com/identity/
  16. 16. 16 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents AUTOMATED PROVISIONING YES NO Identity Lifecycle Management and Auditing Does the solution provide the ability to specify exclusionary • Automated Provisioning roles that prevent certain roles from being assigned a • Password Management • Identity Synchronization Services conflicting role? • Enterprise Architecture Considerations • Extranet Architecture Considerations Can the solution assign resource account attribute values with • Identity Audit the role? Role Management Does the solution allow roles to be defined at any time, or not • Role Management at all, rather than requiring role definitions prior to Access Management implementation? • Access Management Does the solution enable you to leverage key information sys- Federation Services tems in your environment as a source of authority on identity • Federation Services information to drive automated provisioning (e.g., detect new employees added to PeopleSoft and automate provisioning Directory Services • Directory Services based on that change)? • LDAP Directory Services • Directory Proxy Services Can the solution assign users to more than one role? • Active Directory Synchronization • Web-based Viewer/Editor Can the solution assign users’ individual access rights in • Directory Server Resource Kit addition to a role? • Open Directory Services Does the solution dynamically and automatically change access rights based on changes in user roles? Can the solution generate unique user IDs consistent with corporate policies? Does the solution support rule-based access control that allows provisioning rules to be set and enforced on roles, users, organizations, and resources as needed in order to align with business needs? Is the solution easy to use for both end-users and administrators? Is the solution highly scalable to adapt to growth in users, applications, and access methods? Does the solution work securely over WANs and across firewalls? http://www.sun.com/identity/
  17. 17. 17 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents AUTOMATED PROVISIONING YES NO Identity Lifecycle Management and Auditing Does the solution provide an interface to third-party workflow • Automated Provisioning management applications? • Password Management • Identity Synchronization Services Does the solution allow resource groups (such as an NT group) • Enterprise Architecture Considerations • Extranet Architecture Considerations to be created from the interface? • Identity Audit Does the solution provide directory management capabilities, Role Management specifically the ability to create, update, and delete • Role Management organizational units and directory groups? Access Management Does the solution support pass-through authentication where • Access Management a user can be validated by a managed user account? Federation Services • Federation Services Does the solution support all of the leading database servers and application servers? Directory Services • Directory Services Does the solution support provisioning to mainframe security • LDAP Directory Services • Directory Proxy Services managers such as Top Secret, RACF, and ACF2? • Active Directory Synchronization • Web-based Viewer/Editor Does the solution support provisioning to heterogeneous ERP • Directory Server Resource Kit environments including SAP and Oracle Applications? • Open Directory Services Does the solution support provisioning to non-digital assets (e.g., mobile phones, badges, etc.)? PASSWORD MANAGEMENT YES NO Does the solution provide password strength enforcement? If you answered yes to the previous question: Does the solution provide a password exclusion dictionary? Does the solution provide a password history store to prevent re-use of old passwords? Does the solution allow users to manage their own passwords, including resetting passwords? If you provide an automated process for users managing passwords, does the solution include a challenge/response? http://www.sun.com/identity/
  18. 18. 18 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents PASSWORD MANAGEMENT YES NO Identity Lifecycle Management and Auditing Can policy be set on challenge authentication questions (e.g., • Automated Provisioning how many responses are required based on a user’s • Password Management • Identity Synchronization Services organization)? • Enterprise Architecture Considerations • Extranet Architecture Considerations Does the solution support customers providing their own self- • Identity Audit service challenge authentication questions? Role Management Does the solution allow end users to synchronize their • Role Management passwords across multiple accounts? Access Management When users change or synchronize passwords, does the • Access Management solution enforce password strength policy? Federation Services • Federation Services Does the solution include a success/failure notification for password reset and synchronization? Directory Services • Directory Services Does the solution allow end users to access new accounts • LDAP Directory Services • Directory Proxy Services or access new services or applications? • Active Directory Synchronization • Web-based Viewer/Editor If you answered yes to the previous question: • Directory Server Resource Kit Are required approvals enforced when users request new • Open Directory Services accounts or access to new resources? Can users update personal attribute information (address, cell phone number, etc.) and have that information automatically propagated to the appropriate resources? Can the solution support accessing the Web-based user self- service functions without requiring network log-in? Does the solution integrate with interactive voice response (IVR) for password reset functions? Can the user view the status of the request from a Web interface? Does the solution support a kiosk mode to be configured for users to change passwords from any terminal? http://www.sun.com/identity/
  19. 19. 19 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents IDENTITY SYNChRONIzATION SERVICES YES NO Identity Lifecycle Management and Auditing Does the solution provide a Web-based interface for individu- • Automated Provisioning als to view and edit their personal profile information (such • Password Management • Identity Synchronization Services as legal name, mailing address, cell phone, and emergency • Enterprise Architecture Considerations contact)? • Extranet Architecture Considerations • Identity Audit Does the solution provide integration with authoritative sys- tems to detect profile changes and synchronize them where Role Management needed (for example, detect title and salary change in the • Role Management payroll system and update those attributes in the CRM system Access Management and LDAP directory)? • Access Management Does the solution provide enterprise-wide identity data Federation Services synchronization, ensuring that profiles are accurate and • Federation Services consistent? Directory Services • Directory Services Does the solution provide one interface to view all identity • LDAP Directory Services profile data? • Directory Proxy Services • Active Directory Synchronization If you answered yes to the previous question: • Web-based Viewer/Editor • Directory Server Resource Kit Does the ability to view all identity profile data in one inter- • Open Directory Services face require the building of another identity repository? Does the solution provide a fast scheduling capability to execute time-sensitive actions? Is the solution agentless, or does it require installing software on each managed resource? Does the solution provide an incremental synch capability to increase performance? Does the solution provide data transformation and validation rules during synchronization? Does the solution support business rules by automatically completing access privilege or profile data changes according to corporate policies? Does the solution support a large number of connectors to synch between many systems? Does the solution have an attribute mapping interface? http://www.sun.com/identity/
  20. 20. 20 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents IDENTITY SYNChRONIzATION SERVICES YES NO Identity Lifecycle Management and Auditing Can the solution accommodate bi-directional synchronization • Automated Provisioning via any method as determined by target resource capabilities • Password Management • Identity Synchronization Services (e.g., event-driven, polling, and reconciliation)? • Enterprise Architecture Considerations • Extranet Architecture Considerations Can you completely configure data flow into and out of the • Identity Audit provisioning system (including attribute mapping, transforma- tions, etc.) via a Web-based interface (for example, the ability Role Management to configure detection of a telephone attribute change on • Role Management Directory A, transformation of telephone attribute, propaga- Access Management tion of telephone attribute to Directory B and Directory C • Access Management without having to resort to coding or scripting)? Federation Services • Federation Services ENTERPRISE ARChITECTURE CONSIDERATIONS YES NO Directory Services Is the solution specifically architected for rapid deployment? • Directory Services • LDAP Directory Services Does the solution have a proven track record of rapid • Directory Proxy Services deployments? • Active Directory Synchronization • Web-based Viewer/Editor Does the solution offer agentless connections to managed • Directory Server Resource Kit • Open Directory Services resources in order to reduce deployment time and simplify operations and maintenance? Does the solution leverage an intelligent indexing system to manage user identities and access privileges, leaving account information with the information owner and thus avoiding the time-consuming effort of building and maintaining another user repository? Does the solution provide an automated way to discover and correlate all accounts associated with an individual to speed the account mapping process? If you answered yes to the previous question: Does the solution provide a way to engage end-users in the discovery process for their own accounts? Does the solution support managing accounts for a user who has multiple accounts on the same resource (for example, a user who has an administrative account and a development account both on “Resource A”)? http://www.sun.com/identity/
  21. 21. 21 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents ENTERPRISE ARChITECTURE CONSIDERATIONS YES NO Identity Lifecycle Management and Auditing Does the vendor offer a wizard-style toolkit to extend coverage • Automated Provisioning of managed platforms to custom and proprietary • Password Management • Identity Synchronization Services applications? • Enterprise Architecture Considerations • Extranet Architecture Considerations Does the solution include the ability to connect to resources • Identity Audit using existing custom UNIX or Windows scripts? Can custom- ers create new resource adapters by only using operating Role Management system scripts? • Role Management Access Management Does the solution include an Integrated Development • Access Management Environment (IDE) and debugger built on an industry-accepted standard such as NetBeans? Federation Services • Federation Services Does the solution support SPML 2.0? Directory Services Does the solution support deploying on all the major database • Directory Services • LDAP Directory Services products, including Oracle, UDB DB2, Microsoft SQL Server, • Directory Proxy Services and MySQL? • Active Directory Synchronization • Web-based Viewer/Editor Can the solution be deployed in heterogeneous Web applica- • Directory Server Resource Kit tion servers, including BEA Weblogic, IBM Websphere, Apache • Open Directory Services Tomcat, and Sun Java System Application Server? Does the solution run on all the major operating systems including: Solaris, AIX, Microsoft Windows, and Linux? ExTRANET ARChITECTURE CONSIDERATIONS YES NO Can the solution scale to meet the needs of the extranet, in- cluding peak load registration and self-service (e.g., thousands of updates per minute)? Does the solution provide built-in transactional integrity for extranet use cases that require guaranteed delivery of high volumes of provisioning transactions? Does the solution enable non-invasive integration with extranet infrastructure components (e.g., no requirement for directory schema or tree changes; provides agentless connec- tivity to back-end systems)? http://www.sun.com/identity/
  22. 22. 22 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents ExTRANET ARChITECTURE CONSIDERATIONS YES NO Identity Lifecycle Management and Auditing Does the solution deliver service-level visibility into the perfor- • Automated Provisioning mance and throughput characteristics of the extranet identity • Password Management • Identity Synchronization Services administration system? • Enterprise Architecture Considerations • Extranet Architecture Considerations Can the solution facilitate automated account linking and • Identity Audit correlation across multiple back-end repositories to provide a single view of an external customer? Role Management • Role Management Does the solution include pluggable auditing for integrating Access Management with different auditing data formats, storage locations, and • Access Management reporting facilities that may already exist in the extranet envi- ronment (e.g., merging with existing access logs and report- Federation Services ing systems)? • Federation Services Directory Services IDENTITY AUDIT YES NO • Directory Services • LDAP Directory Services Does the solution provide object-level security and auditing to • Directory Proxy Services track system change configuration? • Active Directory Synchronization • Web-based Viewer/Editor Does the solution provide a comprehensive set of predefined • Directory Server Resource Kit • Open Directory Services reports? Can the solution be configured to audit and report any and every provisioning action that occurs (e.g., new accounts created, provisioning requests by approver, account changes, failed administrator access attempts, failed user access attempts, password changes, password resets, accounts dis- abled, accounts deleted, rejected provisioning requests, etc.)? Does the solution provide a comprehensive view into who has access to which resources? Does the solution report on who had access to what on a given date? Does the solution provide the ability to quickly find and report on a user’s (or a user group’s) access privileges? Can reports be run on demand? Can reports be scheduled to run on a regular basis? http://www.sun.com/identity/
  23. 23. 23 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents IDENTITY AUDIT YES NO Identity Lifecycle Management and Auditing Does the solution report by administrator (accounts created, • Automated Provisioning accounts modified, accounts deleted, password changes, com- • Password Management • Identity Synchronization Services plete audit history per administrator, administrative capabili- • Enterprise Architecture Considerations ties per administrator)? • Extranet Architecture Considerations • Identity Audit Does the solution report by platform or application (users per platform, provisioning history per platform, who performed Role Management the provisioning actions on target platform)? • Role Management Access Management Does the solution report on workflow (requests made by user, • Access Management requests approved by approver, requests denied by approver, requests escalated, delegation of approvals including to Federation Services whom and for what period of time)? • Federation Services Does the solution report on roles (users per role, resources per Directory Services • Directory Services role, approvers per role, changes to roles)? • LDAP Directory Services • Directory Proxy Services Does the solution report on delegated administration (dele- • Active Directory Synchronization gated administrators, what their administrative privileges are, • Web-based Viewer/Editor and over what user groups and what managed platforms)? • Directory Server Resource Kit • Open Directory Services Does the solution provide a comprehensive audit log of all actions/modifications carried out through the system? Does the solution easily integrate with corporate reporting tools (e.g., Crystal Reports, Actuate)? Can the reports be easily exported into Microsoft Excel, Micro- soft Word, or databases directly from the user interface? Does the solution report by user (audit history per user, accounts/privileges by user, self-service activity by user, role membership)? Can the solution proactively detect risks such as dormant accounts across all managed platforms? If you answered yes to the previous question: Can automated action be taken when certain results are found (e.g., automatically disable dormant accounts, send alert to administrator)? http://www.sun.com/identity/
  24. 24. 24 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents IDENTITY AUDIT YES NO Identity Lifecycle Management and Auditing Can the solution easily report on account-related security risks • Automated Provisioning in the environment? • Password Management • Identity Synchronization Services Can the solution check for these risks on demand? • Enterprise Architecture Considerations • Extranet Architecture Considerations • Identity Audit Can the solution check for account risks on a regularly scheduled basis? Role Management • Role Management Does the solution provide performance tracking and perfor- mance tools like provisioning-time metrics, and tracing? Access Management • Access Management Does the solution provide a graphical interface for creating Federation Services and managing provisioning workflows, rules, and interface • Federation Services screens? Directory Services Does the solution provide the ability for a user to certify that • Directory Services a given set of users has the correct entitlements? • LDAP Directory Services • Directory Proxy Services Can the approval process be done through a custom workflow • Active Directory Synchronization • Web-based Viewer/Editor with multiple approvers? • Directory Server Resource Kit • Open Directory Services Are the approvals logged in an audit log that satisfies the requirements of external auditors? Does the solution support the creation and enforcement of policies? Does the solution support scanning for policy violations? Does the solution provide a compliance dashboard listing policy violations? Does the solution reconcile logical and actual access across applications? Does the solution allow multiple approvers and dynamic approvers? Does the solution allow multiple levels of remediators? Does the solution allow remediations with escalation and configurable timeout? http://www.sun.com/identity/
  25. 25. 25 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents IDENTITY AUDIT YES NO Identity Lifecycle Management and Auditing Does the solution provide for flexibility to mature the access • Automated Provisioning review process? • Password Management • Identity Synchronization Services Does the solution scan, detect, and fix violations on a regular • Enterprise Architecture Considerations • Extranet Architecture Considerations schedule? • Identity Audit Does the solution allow access review based on exception? Role Management • Role Management Does the solution allow access review to be done by multiple indices, orgs, managers, and applications? Access Management • Access Management Does the solution allow creation of audit rules that are cross- Federation Services platform? • Federation Services Can the solution allow entitlements to be changed during the Directory Services review process? • Directory Services • LDAP Directory Services Does the solution provide for manager attestation? • Directory Proxy Services • Active Directory Synchronization Does the solution provide for policy-based periodic access • Web-based Viewer/Editor • Directory Server Resource Kit review? • Open Directory Services Does the solution address erroneous aggregation of privileges? Does the solution provide for automated remediation or “Actionable Audits”? Does the solution reconcile logical and physical access? Does the solution allow preventive compliance whenever a user is changed? Does the solution allow you to capture separation-of-duties conflicts? Does the solution capture policy exceptions and revoke them on expiration? Does the solution allow audit policies to be imported from a spreadsheet or file formats? http://www.sun.com/identity/
  26. 26. 26 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents Role Management ROLE MANAGEMENT YES NO Identity Lifecycle Management and Auditing • Automated Provisioning Does the solution allow access to be assigned based on a • Password Management user’s business roles? • Identity Synchronization Services • Enterprise Architecture Considerations • Extranet Architecture Considerations Does the solution allow approving managers to attest to • Identity Audit access described in terms of a user’s business roles? Role Management Does the solution provide role mining and role definition • Role Management capabilities? Access Management Can the solution derive business roles from users’ existing • Access Management entitlements? Federation Services • Federation Services Can end users request optional entitlements or access based on their business roles? Directory Services • Directory Services Can users be deprovisioned from systems and applications by • LDAP Directory Services removing the appropriate business roles? • Directory Proxy Services • Active Directory Synchronization • Web-based Viewer/Editor Can rules be defined that allow automatic role assignments • Directory Server Resource Kit based on the assignment of another role? • Open Directory Services Does the solution provide the ability to easily see who has access to what, described in terms that a business user can understand? Does the solution provide a glossary that defines which entitlements and access are associated with a particular business role? Does the solution provide the ability to manage the entire life- cycle of a role? Does the solution allow run-time enforcement of identity based controls that are easily understood by the average business user? Does the solution provide seamless integration between the processes for provisioning, auditing, and role management?
  27. 27. 27 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents Access Management ACCESS MANAGEMENT YES NO Identity Lifecycle Management and Auditing • Automated Provisioning Does the solution include federation and support for open • Password Management standards? • Identity Synchronization Services • Enterprise Architecture Considerations • Extranet Architecture Considerations Does the solution provide off-the-shelf agents for Web servers/ • Identity Audit app servers, Web apps, and portals at no additional cost? Role Management Is the solution based on the J2EE architecture for high levels of • Role Management scalability, integration, and customization? Access Management Does the solution provide centralized security policy enforce- • Access Management ment of user entitlements by leveraging role- and rule-based Federation Services access control? • Federation Services Does the solution provide high availability and failover capa- Directory Services bilities to eliminate any single point of failure? • Directory Services • LDAP Directory Services Does the solution use multiple load-balanced policy servers, • Directory Proxy Services • Active Directory Synchronization policy agents, and directory instances to do so? • Web-based Viewer/Editor • Directory Server Resource Kit Does the solution provide up-to-the-minute auditing of all • Open Directory Services authentication attempts, authorizations, and changes made to access activity and privileges? Is the solution able to offer true single sign-on (SSO) in Micro- soft Windows environments beginning with the sign-on event at a Windows user’s desktop? Does the solution allow enterprise applications and platforms to integrate into the centralized authentication/authorization framework seamlessly? Does the solution integrate easily with other SSO products? Does the solution require a specific directory be used as the repository? Is that directory ubiquitous? Can the solution integrate with applications without requiring products to speak the same protocol? Does the solution include at no additional cost a Security Token Service to monitor and enable Web services security?
  28. 28. 28 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents ACCESS MANAGEMENT YES NO Identity Lifecycle Management and Auditing Does the solution include access management, federation, • Automated Provisioning and Web services security? • Password Management • Identity Synchronization Services Can the solution integrate with applications without requiring • Enterprise Architecture Considerations • Extranet Architecture Considerations products to speak the same protocol? • Identity Audit Does the solution provide centralized security policy enforce- Role Management ment of user entitlements by leveraging role and rule-based • Role Management access control? Access Management Does the solution embed a directory to manage policy and • Access Management configuration or do you have to purchase a separate direc- Federation Services tory? • Federation Services Does the solution provide access to critical identity services Directory Services via a Web services interface? • Directory Services • LDAP Directory Services • Directory Proxy Services Does the solution provide unlimited partner connections? • Active Directory Synchronization • Web-based Viewer/Editor Does the solution require that partners have a federation • Directory Server Resource Kit solution to establish a federated relationship? • Open Directory Services Does the solution provide a way to test the connection to federated partners to reduce the cost of support calls with partners? Federation Services FEDERATION SERVICES YES NO Has the solution been proven to be interoperable with other products based on SAML? Has the solution been certified as “Liberty Interoperable”? Does the solution support the latest specifications (ID-FF 1.2. ID-WSF)? Does the solution enable you to deploy standards-based Liberty Web services? Does the solution allow partners to enable federation and manage their own user information?
  29. 29. 29 Key Considerations for Evaluating Identity Management Solutions Sun Microsystems, Inc. Buyer’s Checklist Contents FEDERATION SERVICES YES NO Identity Lifecycle Management and Auditing Do you need to limit sharing of identity and attributes to • Automated Provisioning partners on a need-to-know basis? • Password Management • Identity Synchronization Services • Enterprise Architecture Considerations Directory Services • Extranet Architecture Considerations DIRECTORY SERVICES YES NO • Identity Audit Is the solution a complete directory service solution (e.g., Role Management also includes directory proxy, distribution and virtualization • Role Management capabilities, synchronization with Microsoft Active Directory, Access Management and Web-based access to directory data)? • Access Management Does the solution provide proxy services for high-availability, Federation Services load balancing, enhanced security, and client • Federation Services interoperability? Directory Services • Directory Services Does the solution provide Microsoft Active Directory • LDAP Directory Services synchronization? • Directory Proxy Services • Active Directory Synchronization Does the solution provide a Web-based viewer/editor for the • Web-based Viewer/Editor directory data? • Directory Server Resource Kit • Open Directory Services Does the solution provide a set of tools to tune and optimize directory service deployments? Does the solution provide a comprehensive Web-based administration framework for the service? Does the solution provide a white pages-like application? LDAP DIRECTORY SERVICES YES NO Does the solution install easily? Does the solution allow bulk loading? If you answered yes to the previous question: Can the solution load more than 1,000 entries per second? Does the solution’s bulk load ensure data conformance and schema compliance?

×