By Identity Writer: J Domenichini on May 30, 2007
Previously, in my So many access managers, so little time entry, I blogged about the Burton Group's, specifically Mark Diodati's, research of five players in the Web Access Managment (WAM) market: CA, IBM, Oracle, RSA & Sun Microsystems. The disclaimer is that I work for Sun Microsystems.
Well, Mark's done it again: only bigger and better than before and with more humor and clarity. If your organization manages or wants to manage access to web resources, this is must-know info. If you're just generally into technology, you might also find this paper useful. If your a lounge singer, a brain surgeon, or a hermit, you might also be amused by this paper. One of the section headings in Mark's paper is "Federation and WAM: Best Friends Forever (BFF)". Now that's just plain funny, no matter what you do for a living. Are you telling me that's not funny? Anyway, there are other humorous section headings. I mean, in a dry (but very funny) kind of way.-----
The Title of the Research Paper
The paper is referred to as a Market Landscape paper. The title is Web Access Management Market 2007: Expanding Boundaries Here's a teaser about the paper: This is just a Teaser.
The following is what I explained in my previous entry about Burton Group, in terms of accessing their research:
Your company has an annual subscription, you get everything. Your company doesn't have an annual subscription, you get a few things here and there. One can do a guest log in. Then you can get something. I have no idea what that will get you, but something free anyway.
The "Expanding Boundaries" part of the title is in reference to how the players in this market are not only improving upon the traditional functionality of WAM products, but they are intruducing new functionality and greater interoperability.-----
Ten Players, Not Just Five
Mark has written five papers about individual WAM products. That's what my previous blog entry on this topic discussed. However, this market landscape paper covers ten companies: the five original and five more. For the five new companies, he provides a synopsis of their WAM product(s).-----
The Expanding Functionality
First, he goes through some of the new functionality being introduced in WAM products outside of the traditional functionality such as single sign (SSO) and authorization. He covers a few areas of new funtionality, this includes the following: provding Web services security, XACML support, and Integration with eSSO. For the expanding functionality, he provides a table that lists the ten players and explains what their product offers in that specific area of functinality.-----
Other Areas Covered
The paper also covers the traditional functionality of WAM products: things like what the basic components are and how such functionality can be achieved in different ways by different products, even how such basic funtionality is improving. In addition, he discusses the many identity management vendor acquisitions.-----
Is the Paper Really So Clear?
Yes, I think it is. It could partially be that I'm getting used to this information and I'm simply starting to get it. But I think that Mark has provided key info in a few areas that allowed me to see the light where I did not see the light before. The following are examples of how things suddenly became clear to me. In the table below, the "Subject" represents an area where my understanding was lacking. The "Quoted Material" represents the exact wording from the paper that helped me understand things better. Of course it's out of context. It would be better to see the entire paper.
|Why does "XACML support" not necessarily mean much?||It is unclear if additional services besides XACML R/R are required to provide true PDP-PEP interoperability.|
|WAM Integration with eSSO||In some respects, WAM systems and eSSO systems both provide SSO functionality to heterogeneous applications. However, eSSO systems work with non-web applications, require a client, and achieve SSO via the replay of user credentials (typically passwords). In contrast, WAM systems require only a browser, generally only work with web applications, and use a cryptographically protected session ticket compartmentalized in an HTTP cookie to provide SSO to heterogeneous applications. While minor overlap exists between the two product classes (i.e., providing SSO to web applications), these products are complementary.|
|Identity Administration Point (IAP)||It's helpful to think of IAPs as lightweight provisioning tools—tools that provision users to a single repository (usually Lightweight Directory Access Protocol [LDAP]), with limited workflow capabilities.|
Furthermore, I found areas that I understood somewhat well before to be even more clear to me after reading his paper. For example he explains how WAM products can usually support both reverse-proxy servers and endpoints, but that each WAM product is "architected toward one mechanism or the other." I don't know, that just makes it so much more clear than it was before. By the way, Sun Java System Access Manager is more endpoint centric.
I'll close with more or less what I said at the close of my previous blog entry on this topic, which was that if you're in the market for a WAM product make each company that's presenting to you do a proof of concept because this stuff is complicated. It's more clear than it was before (or that might just be me), but it's still complicated.Nothing to see hear. No, really!!