ForgeRock Spring 2013 Open Identity Stack Enables Easy and Secure App and Access Management

By Peter Bernstein February 19, 2013

One of the hardest nuts to crack has been for the industry to develop a capability for IT professionals that makes identity authentication easy while at the same time making it more secure. Recently, in fact, the FIDO (Fast IDentity Online) Alliance was formed to come up with a framework solve this problem. It turns out that ForgeRock Inc., a leader in the area of open source identity and access management (IAM),  with an update to its Open Identity Stack, has been a solution that can fit the bill as well.

The company says its latest iteration of ForgeRock Open Identity Stack: “Is the only unified, one hundred percent open source stack to secure applications and services across enterprise, cloud, social and mobile environments. The new release builds on ForgeRock’s simple, modular, lightweight architecture that provides developers with a single API across their entire stack.”  They have a great point.

The challenge

Eve Maler, Principal Analyst, Forrester Research, in a Forrester report, Navigate The Future Of Identity and Access Management, sums up the challenge nicely. She states, “IAM in 2012 has become a tool not just for security but also for business agility…Competitive challenges push businesses into the cloud and encourage mobile device use even without full-fledged access controls in place. These trends create pressing provisioning, authentication, and authorization challenges for [Security & Risk] professionals. All the while, security threats and compliance requirements continue to swell.”

As with the FIDO initiative, “OPEN” is the key. History says that with IT and communications solutions, all boats actually do rise when the tide comes in. This is why ForgeRock’s Spring 2013 release is likely to resonate.

Open for business

The platform includes the latest versions of OpenAM for service access management and OpenIDM for identity management. As ForgeRock notes, with OpenAM 10.1, customers now have the complete support of the OAuth 2.0 standard. This translates into allowing end-users the ability to authorize third-party access to their server resources without sharing their credentials. Put simply this means giving the user access to valuable resources without the possibility of exposing invaluable corporate authentication information. The company has also redesigned its session failover to provide high-availability. Using OpenDJ this means easier implementation and deployment.

On the identification side of things, OpenIDM 2.1 is now optimized for Internet scale. High availability and better performance are also improved based on the use of a discovery engine that is multi-threaded and clustered. The discovery engine enables IT managers to synchronize users across different data stores. It also ensures records are accurate and up to date in support of compliance and audit requirements. In addition, OpenIDM 2.1 embeds the Activiti Business Process and Workflow engine, a comprehensive, lightweight and scalable industry standard Business Process Model and Notation (BPMN) Version 2.0 compliant solution to support workflow driven provisioning and identity management.

“As core contributors to the OpenIDM project it has been extremely rewarding to see the growing number of companies that have adopted Open Identity Stack,” said Nathanael Coffing, vice president, business development, Syntegrity Networks. “The latest Open Identity Stack release is focused on further simplifying and streamlining identity and access management for users. We expect this momentum to only continue to build with time, and look forward to continuing to create the features most beneficial to organizations.” 

As the user community continue to look toward open solutions, ForgeRock is thinking about those whose legacy systems are proprietary and are in the process of losing support from their vendor. In fact, in an invitation to SUN IAM customers, facing Oracle’s end-of-life policy for OpenSSO and Waveset, ForeRock says that its solution gives those users, “the opportunity to continue building next-generation features on top of their existing IAM investments…Organizations will have the option to strategically plan for upgrading their Sun IAM deployment. “

“Developers, architects, and users have been asking for a unified stack with these capabilities for the last 10 years,” said Mike Ellis, CEO, ForgeRock. “With the new release of our Open Identity Stack we have strengthened our revolutionary approach to identity and access management, providing developers with a truly integrated, open-source identity platform to tightly control their enterprise, cloud, social, and mobile systems. By providing a high value driven platform for IAM that enables true cloud scale functionality, ForgeRock is allowing enterprises globally to expand their reach to customers, suppliers and consumers through a common cloud technology platform.”

“As core contributors to the OpenIDM project, it has been extremely rewarding to see the growing number of companies that have adopted Open Identity Stack,” said Nathanael Coffing, Vice President, Business Development, Syntegrity Networks. “The new release of Open Identity Stack further simplifies and streamlines identity and access management for users. We expect this momentum to only continue to build with time, and look forward to continuing to create the features most beneficial to organizations.” 

As the annual RSA event draws near, it is not surprising that ID and service access management issues have started grabbing headlines. Industry buzz, as exhibited at TMC’s recent ITEXPO event,  where a featured panel on the future of cloud computing became a fascinating discussion about the future role of IT, is now focused on how IT can regain control over the trend to “shadow IT” where lines of business look to the cloud for fast solutions to their problems rather than wait for an internal fix and thus potentially expose enterprises to significant risks. ID and service access management administered by IT in a robust manner is the path to give IT the control they want while enabling end users the access to services they desire. 

ForgeRock’s pioneering efforts on Open Stack, are a path that is going to gain considerable consideration. If nothing else, RSA sessions on the subject and listening for more detail on all of the solutions emerging to solve the problem of easy but strong authentication and service access are sure to be lively.

Related Articles

Jeff Bezos, Elon Musk Square Off on Rocket Firsts

By: Doug Mohney    11/25/2015

On Monday, November 23, Blue Origin successfully flew the first fully reusable rocket into space, giving the company first bragging rights. Founder Je…

Read More

Autonomous Car Technology Takes New Leap Forward With Ford, Uber

By: Larry Alton    11/24/2015

The age of the self-driving car is nearly upon us, or at least that's what major technology and automotive companies are hoping. There have been major…

Read More

Unusual but Fun Tech Ideas for 2015

By: Rob Enderle    11/24/2015

Well, it's the week of the big sales, and many of us are planning to buy that special someone a special something. I figured I'd join my peers and poi…

Read More

Locus Telecommunications is Challenging the FCC's Authority, Claiming Due Process Violations

By: Special Guest    11/24/2015

One of a handful of prepaid calling card companies slapped with a $5 million fine by the Federal Communications Commission (FCC or Commission) for its…

Read More

Kaspersky: Three Out of Four Users Have Trouble Spotting Big Threats

By: Steve Anderson    11/23/2015

We all know that spending on cybersecurity has been on the rise lately, as everyone from major corporations to military groups ramp up their cyberdefe…

Read More