IBM Tivoli Federated Identity Manager: Centralized authorization, leveraged many ways
One of the great strengths of the IBM Tivoli service management portfolio is its versatility. As new architectures and new service delivery platforms emerge, Tivoli solutions that an organization already trusts and uses every day can often be applied to them as well.
Want an example? Consider IBM Tivoli Federated Identity Manager (TFIM), now at version 6.2.2. This identity management solution provides organizations with a centralized, scalable, and exceptionally flexible way to address authorization tasks across multiple applications, business domains, user bases, and infrastructures.
It is, for instance, a perfect example of SOA (Service Oriented Architecture) ideals at work. Instead of an organization writing customized versions of authentication/verification code, one for each application, they can instead leverage TFIM to do that job in every case.
This means the organization can get new applications into production, and creating business value, not just faster but also with fewer resources of time, energy, and money required. It also means that those applications will be intrinsically more secure, because they will rely on a proven authentication foundation, instead of introducing the possibility of new security shortcomings due to the custom code that would otherwise have been needed.
TFIM and cloud computing are a perfect fit
"Tivoli Federated Identity Manager includes a powerful single sign-on (SSO) capability that can deliver just that desired convenience to cloud users, yet without introducing unwanted new business risks that could compromise the value to the organization."
And above and beyond the value to traditional enterprise architectures, including SOA, TFIM is very well suited to perhaps the hottest new service delivery platform available today: cloud computing.
To see how, consider how clouds are typically used to span organizational walls—offering, very commonly, internal services to external customers and business partners for added value (and sometimes, added revenue). Or, alternately, consider how a private cloud might offer services in new ways, to new team members, by crossing boundaries within an organization. In both cases, it's essential to ensure that cloud services are as secure as possible, and that core data is available only in the right ways, via the right privileges, to the right people.
That's the basic goal of authentication and validation—TFIM's primary purpose. And just as in the case of traditional infrastructures, TFIM can deliver extraordinary value in a cloud as well.
Even though clouds are dynamic by nature, comprised of virtual servers created on demand, to which resources are allocated in proportion to the business need, the basic issues of authentication and user validation remain the same. Users require access to cloud-based services, just as they would in a traditional architecture. To obtain that access, they must demonstrate they are who they say they are. And this process should balance the convenience to the user with the security requirements of the organization.
Ideally, for instance, users would be able to log in only once to obtain access to a given service, even if that service should cross several different systems, each secured in its own way.
TFIM's capabilities apply directly to that task. It includes a powerful single sign-on (SSO) capability that can deliver just that desired convenience to cloud users, yet without introducing unwanted new business risks that could compromise the value to the organization.
And that's only the beginning of the appeal of this solution in a cloud context. Due to the loosely coupled mechanisms through which TFIM allows organizations to map identities across different identity pools, TFIM provides the cloud, and the services hosted by it, with all the power security managers want, with few or none of the unwanted complexities.
As new services are added to the cloud, they, too, will inherit the mature user identity management capabilities TFIM delivers, bolstering both overall security and compliance initiatives. And that value proposition remains true whether TFIM is leveraged by public clouds, private clouds, or any of several variations of hybrid clouds. Regardless of the specific cloud model, the same enhanced, centralized identity management will apply.
New capabilities bolster cloud security and user convenience even more
Furthermore, the latest version of TFIM—version 6.2.2—includes many optimizations and new features specifically requested by IBM clients for cloud deployments, or that were developed to support hot new standards. Collectively, they make the business case for TFIM in a cloud even stronger.
For example, there's the fact that TFIM 6.2.2 now supports the new OAuth standard for authorization. This standard, aimed at Web 2.0-style, business-to-consumer cloud contexts, illustrates very clearly the double win described above: convenience for users without added security risks or complexities.
That's because OAuth is designed to make it very easy to allow users to share resources they may have on one site with another site—in a limited context, and for a limited period of time. Imagine that a user has photographs on site A she'd like to make visible to members on site B.
If both sites support OAuth, this user can grant that access easily—without having to give the full security credentials she uses on site A to site B. Instead, site A issues a temporary token to site B that applies only to those specific photos and only for a period of time.
For Web 2.0, cross-site cloud services of this type, TFIM is—thanks to its OAuth support—an excellent fit.
TFIM 6.2.2 also includes new predefined federations. These help administrators in the initial process of configuring the solution to perform its ongoing authentication tasks, such as defining the relevant identity pools for services, and establishing how those pools' users should (or should not) be mapped. For almost any situation in which two clouds are being connected, or two services within a cloud, these predefinitions mean simpler setup and faster time-to-value.
For even more robust security, TFIM 6.2.2 also now includes support for SHA-2 (Secure Hash Algorithm), a family of hash functions designed by the National Security Agency that are not susceptible to certain mathematical weaknesses that applied to the SHA-1 standard.
The fact that TFIM now also comes bundled with the Tivoli Federated Identity Manager Business Gateway —specifically intended for mid-market growing organizations—means that the solution will be an excellent match for almost any organization, at any point in its growth trajectory.
Powerful new business benefits emerge
Added up, these new capabilities translate directly into numerous wins for IBM Tivoli clients.
Perhaps in the past, they were wary of the security ramifications of clouds; if so, they can now proceed with confidence. They'll know they can expect enterprise-class, proven authentication and validation for all their cloud services—whether public, private, or hybrid models are used—that's capable of scaling in parallel with the cloud itself, and applying in as many ways as they require.
They'll know that those services will be guarded via a broad range of interoperable security standards and protocols like SHA-2, SAML, OAuth, OpenID, and many others—whichever they deem best suited to their goals and strategies, and none of which lock them into proprietary technology.
And they'll know that all of that best-in-class security will even be achieved without compromising employee productivity, courtesy of TFIM 6.2.2's bundled single sign-on capabilities.
Migrate to Passport Advantage
Revised Passport Advantage agreements bring multiple sets of existing terms together and offer Passport Advantage Express clients the option to migrate to Passport Advantage. Now a single agreement covers IBM Appliances, SaaS offerings, new licenses and Software Subscription and Support – with no entry point requirement for Passport Advantage.
Leverage and contribute to the collective wisdom around Tivoli