Tuesday, November 25, 2008

SOA and IAM are growing together

As promised in my previous post I’m introducing a new feature that adds a lot of value to our IDEAS solution: the support of SOA-based integration platform for providing a direct connection to Resource Target systems. This is the starting point for a clear commitment to SOA support, which we hope will continue to grow.
Collaboration between SOA (Service-Oriented Architectures) and Identity Management is an important requirement for many customers that have SOA based applications, and are looking for an application-wide use of identity and authorization data.

What we have done was simply to optimize the synergies with our mother company: Engineering Ingegneria Informatica (EII).
Actually EII is a strategic member and co-founder of the international OW2 Consortium. Within this Consortium, EII is particularly active on the project Spagic that aims at enlarging the OW2 Consortium code-base to support the development of business applications according to the SOA (Service Oriented Architecture) paradigm.
"Spagic is a solution composed by a set of visual tools and back-end applications oriented towards planning, realization, deploy and monitoring of ESB infrastructures adherent to the SOA paradigm. By means of visual tools, Spagic can be easily adopted by different categories of users involved in integration projects, such as: analysts defining the integration processes, developers realising application services, users monitoring and managing the entire system."

Engiweb Security has built specific components of IDEAS integrating SPAGIC (that includes ServiceMIX), in order to be able to directly support a SOA-based integration platform.
The first output is the capability to access JDBC Resource Target directly via a SOAP adapter.
Using its native JMS interface, the IDEAS platform can now exchange events with SPAGIC and on other side targets are connected to the JDBC Communication Layer provided by the SPAGIC SOA/BPM Enterprise Integration Framework.
So a customer is able to centralize the administration of user identities and their associated access privileges to corporate resources using the central IDEAS module, and using the SOA Interface it allows the synchronization of Identity/roles data with external applications that manage such information in a JDBC environment.
As a matter of fact, in this scenario a consistent state of identity information in connected external systems is provided without the need of a “traditional” resource provisioning systems (e.g. Novell’s Identity Manager connectors).

Extending the Scenario
  1. We are working to integrate IDEAS with other SOA Platforms such as JBOSS-ESB and TIBCO.
  2. The integration of SOA Platforms will gather in pace and importance in this coming year with the result that events coming in and out from IDEAS will be processed by an orchestration of different services and data integration oriented services, allowing for complex Business Logic implementations and collaborative activities within several Web services.

Tuesday, November 4, 2008

A pragmatic approach to “Virtualization”

My company, Engiweb Security, is quite small, but I think, has many strengths and is well positioned to play a vital role in the role based identity management and the GRC markets.
One of the innovative aspects that, is worth sharing is our approach to “Virtualization”. Here we don’t want to take sides in the dispute between Meta-Directories versus Virtual Directories: they are both well respected technologies and, looking at our solution IDEAS, I view these technologies as complementary. As a matter of fact we have a hybrid approach.
Most Identity related information is consolidated in the IDEAS master repository (based on a RDBMS) using specific connectors to Target Resources. But there is also an interface to other repositories to provide the required attributes without any need to move information from the existing user repository, thus providing a combined view of all user data.

In other words a sort of “Virtual Directory” or "Identity Virtualization".

The combination of the Master Repository with its strong data model behind (able to manage identity information, policies, business roles, …) and the Virtual data aggregation, allows an external application to have all the needed information to act in a secure way.
For this purpose IDEAS is equipped with API JAVA, API .NET and Web Services which permit an external application to see the required data as one data source, and recover the user security context.
So, applications might require user data that is stored non only in the central IDEAS repositories, but also in scattered different repositories (DB, directories, ..).
This approach makes it possible to keep the central repository lean, no need to fatten it if an application needs some specific data (i.e. external attributes) that are not relevant for other applications.
Furthermore some of these external attributes could also support the internal rule engine processes, where some decisions have to be taken considering specific parameters.

In the next post I’ll introduce another element that, from my point of view, adds a lot of value to our IDEAS solution: the support of SOA-based integration platform for providing a new generation of “Target Resource” connectors.