Radiant Logic, a provider of identity and context virtualization solutions, has released the Cloud Federation Service (CFS) for its RadiantOne Identity and Context Virtualization platform. The solution federates disparate identity sources, and securely delivers claims to cloud-based applications supporting SAML 1.1 and 2.0. The CFS connects multiple Active Directory domains and forests, as well as other identity sources (LDAP, SQL, web services), with applications such as Sharepoint 2010, Google apps, Salesforce, and Workday.
There are a number of drivers for the new solution, Dieter Schuller, vice president of sales and business development at Radiant Logic, tells 5 Minute Briefing. For one, the borders between the varying constituents that an organization serves are starting to become blurred, Schuller explains. Whereas in the past, an organization might have an application meant just for employees, that company may now find that it has partners as well who need access to it, or an application meant just for customers may need to be accessed now by employees to see what their customers are seeing. "Now, instead of serving a specific set of constituents with an application, you are serving different constituents," says Schuller, explaining that, from a security standpoint, the challenge with that is these constituents' authoritative sources of identities are in different places.
The second thing that is happening is the advent of federation especially with Microsoft Active Directory Services (ADFS), says Schuller, explaining that federation is becoming more prevalent and it is starting to break down the walls of both enterprise and identity silos as well as consumer identity silos and, in fact, is starting to bring them together. And then, finally, another trend is that more and more applications are being outsourced to software as a service and to the cloud.
The RadiantOne Cloud Federation Service includes an Identity Provider (IdP) and Security Token Service (STS). Leveraging WIF (Windows Identity Foundation), it provides enhanced authentication and authorization capabilities in a federated environment, connecting disparate identity sources through a secure layer to applications in the cloud. The CFS allows for authentication and claims generation for users residing in various backend stores, including multiple Active Directory domains in different forests, LDAP directories, SQL databases, and sources accessed through a web service.
According to Readiant Logic, previously, Microsoft's Kerberos and AD could not be extended to web applications beyond specific Microsoft products, but with the RadiantOne Cloud Federation Service, these identities can be easily integrated in the open world, because they can be made available to any claims- or SAML 2.0-enabled application. With CFS, organizations can combine internal AD users from multiple domains and forests with their other identity sources, and build one secure access point for web and cloud-based applications.
In a federated system, the role of an Identity Provider is to authenticate a user against the relevant identity sources, using each system's specific authentication method. In practice, federating identities with their specific representation, formats, and authentication protocols is often a complex integration challenge. By combining the Cloud Federation Service with its identity virtualization layer, RadiantOne reaches "the last mile" into data endpoints, virtualizing the identity data that is crucial for authentication, and even packaging attributes into claims.
Together with the rest of the RadiantOne suite, the Cloud Federation Service aims to deliver heightened security because identities remain stored in their local, back-end sources, yet are easily transported to cloud-based applications through a claims-based system.
The RadiantOne Cloud Federation Service can be implemented in a variety of ways in a federated system. By virtualizing identity data out of disparate identity sources, CFS can support an existing IDP deployment. In addition, CFS can also add the security layer needed to act as a complete IdP right out of the box. In this capacity, the CFS can identify users, route and authenticate against the local sources, and collect attributes from multiple data stores to build security tokens.
For more information, visit www.radiantlogic.com to download a 45-day free trial.