ForgeRock Spring 2013 Open Identity Stack Enables Easy and Secure App and Access Management

By Peter Bernstein February 19, 2013

One of the hardest nuts to crack has been for the industry to develop a capability for IT professionals that makes identity authentication easy while at the same time making it more secure. Recently, in fact, the FIDO (Fast IDentity Online) Alliance was formed to come up with a framework solve this problem. It turns out that ForgeRock Inc., a leader in the area of open source identity and access management (IAM),  with an update to its Open Identity Stack, has been a solution that can fit the bill as well.

The company says its latest iteration of ForgeRock Open Identity Stack: “Is the only unified, one hundred percent open source stack to secure applications and services across enterprise, cloud, social and mobile environments. The new release builds on ForgeRock’s simple, modular, lightweight architecture that provides developers with a single API across their entire stack.”  They have a great point.

The challenge

Eve Maler, Principal Analyst, Forrester Research, in a Forrester report, Navigate The Future Of Identity and Access Management, sums up the challenge nicely. She states, “IAM in 2012 has become a tool not just for security but also for business agility…Competitive challenges push businesses into the cloud and encourage mobile device use even without full-fledged access controls in place. These trends create pressing provisioning, authentication, and authorization challenges for [Security & Risk] professionals. All the while, security threats and compliance requirements continue to swell.”

As with the FIDO initiative, “OPEN” is the key. History says that with IT and communications solutions, all boats actually do rise when the tide comes in. This is why ForgeRock’s Spring 2013 release is likely to resonate.

Open for business

The platform includes the latest versions of OpenAM for service access management and OpenIDM for identity management. As ForgeRock notes, with OpenAM 10.1, customers now have the complete support of the OAuth 2.0 standard. This translates into allowing end-users the ability to authorize third-party access to their server resources without sharing their credentials. Put simply this means giving the user access to valuable resources without the possibility of exposing invaluable corporate authentication information. The company has also redesigned its session failover to provide high-availability. Using OpenDJ this means easier implementation and deployment.

On the identification side of things, OpenIDM 2.1 is now optimized for Internet scale. High availability and better performance are also improved based on the use of a discovery engine that is multi-threaded and clustered. The discovery engine enables IT managers to synchronize users across different data stores. It also ensures records are accurate and up to date in support of compliance and audit requirements. In addition, OpenIDM 2.1 embeds the Activiti Business Process and Workflow engine, a comprehensive, lightweight and scalable industry standard Business Process Model and Notation (BPMN) Version 2.0 compliant solution to support workflow driven provisioning and identity management.

“As core contributors to the OpenIDM project it has been extremely rewarding to see the growing number of companies that have adopted Open Identity Stack,” said Nathanael Coffing, vice president, business development, Syntegrity Networks. “The latest Open Identity Stack release is focused on further simplifying and streamlining identity and access management for users. We expect this momentum to only continue to build with time, and look forward to continuing to create the features most beneficial to organizations.” 

As the user community continue to look toward open solutions, ForgeRock is thinking about those whose legacy systems are proprietary and are in the process of losing support from their vendor. In fact, in an invitation to SUN IAM customers, facing Oracle’s end-of-life policy for OpenSSO and Waveset, ForeRock says that its solution gives those users, “the opportunity to continue building next-generation features on top of their existing IAM investments…Organizations will have the option to strategically plan for upgrading their Sun IAM deployment. “

“Developers, architects, and users have been asking for a unified stack with these capabilities for the last 10 years,” said Mike Ellis, CEO, ForgeRock. “With the new release of our Open Identity Stack we have strengthened our revolutionary approach to identity and access management, providing developers with a truly integrated, open-source identity platform to tightly control their enterprise, cloud, social, and mobile systems. By providing a high value driven platform for IAM that enables true cloud scale functionality, ForgeRock is allowing enterprises globally to expand their reach to customers, suppliers and consumers through a common cloud technology platform.”

“As core contributors to the OpenIDM project, it has been extremely rewarding to see the growing number of companies that have adopted Open Identity Stack,” said Nathanael Coffing, Vice President, Business Development, Syntegrity Networks. “The new release of Open Identity Stack further simplifies and streamlines identity and access management for users. We expect this momentum to only continue to build with time, and look forward to continuing to create the features most beneficial to organizations.” 

As the annual RSA event draws near, it is not surprising that ID and service access management issues have started grabbing headlines. Industry buzz, as exhibited at TMC’s recent ITEXPO event,  where a featured panel on the future of cloud computing became a fascinating discussion about the future role of IT, is now focused on how IT can regain control over the trend to “shadow IT” where lines of business look to the cloud for fast solutions to their problems rather than wait for an internal fix and thus potentially expose enterprises to significant risks. ID and service access management administered by IT in a robust manner is the path to give IT the control they want while enabling end users the access to services they desire. 

ForgeRock’s pioneering efforts on Open Stack, are a path that is going to gain considerable consideration. If nothing else, RSA sessions on the subject and listening for more detail on all of the solutions emerging to solve the problem of easy but strong authentication and service access are sure to be lively.

Related Articles

Verizon Needs Tough Love on Copper Policies

By: Doug Mohney    1/29/2015

New regulation on broadband and telecommunications providers is at top of mind here at ITEXPO. Jeff Pulver, founder and chief executive of …

Read More

OTT Video Set to Top $6 Billion in 2019

By: Tara Seals    1/29/2015

When it comes to over-the-top (OTT) video, it has grown not only in developed regions but also in emerging markets, both as an alternative and complem…

Read More

Digium CEO: Businesses at Every Level Can Get Started with UCaaS

By: Allison Boccamazzo    1/29/2015

Digium CEO Danny Windham made one thing clear during his keynote presentation at ITEXPO 2015: Businesses of all kinds, at every developmental level, c…

Read More

When Gaming Isn't a Game: 3 Best Practices to Protect Your Hosting Service Against DDoS Attacks

By: Joe Eskew    1/28/2015

The unprecedented number of security breaches, hacks and DDoS attacks on gaming communities, software manufacturers and even Hollywood studios grew to…

Read More

No Hackers Took Down Facebook; Hour's Outage Mostly Internal

By: Steve Anderson    1/28/2015

Facebook released a statement not long after the outage had hit, revealing that the cause of the shutdown was not "...the result of a third-party atta…

Read More