Wednesday, February 16, 2005
Jericho and Radiant Logic Team to Deliver Attribute-Based Access Control and Context-Based Identity Services
Jericho and Radiant Logic Team to Deliver Attribute-Based Access Control and Context-Based Identity Services: "Security and Personalization Combined with an On-Demand Identity and Attribute Service Unlock the Value of Existing Information Assets for Fine-Grained Policy and Federated Identity
Jericho Systems, the leading provider of next generation, fine-grained decisioning solutions for security, personalization, and knowledge management and Radiant Logic, Inc., the leading provider of virtual directory and context-based identity infrastructure solutions, today announced an alliance that provides seamless technology integration between the Jericho Systems' security, personalization, and knowledge management products and the RadiantOne Virtual Directory Server. The joint integration enables organizations to leverage their existing assets to put real-time decision making into the hands of business users.
The Jericho EnterSpace Security Suite (ESS) is designed to act as an authorization service within a SOA. For example, in a CRM infrastructure, the technologies work in tandem, with Jericho acting as an authorization server and Radiant Logic as an attribute server. The ESS authorization server protects resources and provides personalization while the RadiantOne server provides the right attributes in the right context through virtualization. ESS employs Attribute Based Access Control (ABAC) which augments and extends Role Based Access Control (RBAC).
'To date, even with the implementation of innovative authentication techniques, many application developers and enterprise architects have found enabling systems to control access through 'fine-grained' authorization to be an application-specific, time-consuming and costly task,' said Michel Prompt, CEO of Radiant Logic, Inc. 'The limitations and cost of creating and relying on traditional RBAC techniques can be a barrier. Any viable alternative for improving enterprise security opportunities must overcome the 'stovepipes' among applications, must focus on authorization and must be delivered as application-neutral services available within a Service Oriented Architecture (SOA). By combining a robust, fine-grained policy engine with a flexible identity and attribute service, our customers can define and enforce policy that reflects the way they really do business.'
The RadiantOne virtualization layer provides an identity service that can access existing data sources to reveal a complete picture of identity that is buried in existing applications. Existing identity integration solutions ignore the relationship between objects because of a lack of 'metadata' management. By ignoring relationships between objects, these integration technologies lose information about the context in which an operation occurred. The capability to capture a global picture of the different application contexts -- especially their security contexts -- is a key advantage when delivering fine-grained authorization.
'Organizations need to leverage their existing identity related information and the relevant context surrounding the identity,' said Brynn Mow, CEO of Jericho Systems. 'Attribute-based policy requires a thorough understanding of the relationships among objects and the ability to quickly access attributes in real-time. Our integration with the RadiantOne virtual directory allows our customers to leverage what they already have in their distributed identity stores.'
Most organizations architecting a federated identity strategy focus first on simplifying the authentication process by establishing secure trusted relationships and delegation. However, in a federated environment, authorization and access to resources are typically distributed and decentralized. This, in turn, implies that a federation participant should be able to authorize a user quickly based on a relatively limited number of attributes passed by the authenticator service. The authorization system must provide a service that quickly correlates a user token with the right services, which means quickly searching across many contexts to trigger a fine-grained authorization.
For more information on Jericho Systems visit www.jerichosystems.com. More information about Radiant Logic can be found at www.radiantlogic.com." ¶ 7:29 AM
Jericho Systems, the leading provider of next generation, fine-grained decisioning solutions for security, personalization, and knowledge management and Radiant Logic, Inc., the leading provider of virtual directory and context-based identity infrastructure solutions, today announced an alliance that provides seamless technology integration between the Jericho Systems' security, personalization, and knowledge management products and the RadiantOne Virtual Directory Server. The joint integration enables organizations to leverage their existing assets to put real-time decision making into the hands of business users.
The Jericho EnterSpace Security Suite (ESS) is designed to act as an authorization service within a SOA. For example, in a CRM infrastructure, the technologies work in tandem, with Jericho acting as an authorization server and Radiant Logic as an attribute server. The ESS authorization server protects resources and provides personalization while the RadiantOne server provides the right attributes in the right context through virtualization. ESS employs Attribute Based Access Control (ABAC) which augments and extends Role Based Access Control (RBAC).
'To date, even with the implementation of innovative authentication techniques, many application developers and enterprise architects have found enabling systems to control access through 'fine-grained' authorization to be an application-specific, time-consuming and costly task,' said Michel Prompt, CEO of Radiant Logic, Inc. 'The limitations and cost of creating and relying on traditional RBAC techniques can be a barrier. Any viable alternative for improving enterprise security opportunities must overcome the 'stovepipes' among applications, must focus on authorization and must be delivered as application-neutral services available within a Service Oriented Architecture (SOA). By combining a robust, fine-grained policy engine with a flexible identity and attribute service, our customers can define and enforce policy that reflects the way they really do business.'
The RadiantOne virtualization layer provides an identity service that can access existing data sources to reveal a complete picture of identity that is buried in existing applications. Existing identity integration solutions ignore the relationship between objects because of a lack of 'metadata' management. By ignoring relationships between objects, these integration technologies lose information about the context in which an operation occurred. The capability to capture a global picture of the different application contexts -- especially their security contexts -- is a key advantage when delivering fine-grained authorization.
'Organizations need to leverage their existing identity related information and the relevant context surrounding the identity,' said Brynn Mow, CEO of Jericho Systems. 'Attribute-based policy requires a thorough understanding of the relationships among objects and the ability to quickly access attributes in real-time. Our integration with the RadiantOne virtual directory allows our customers to leverage what they already have in their distributed identity stores.'
Most organizations architecting a federated identity strategy focus first on simplifying the authentication process by establishing secure trusted relationships and delegation. However, in a federated environment, authorization and access to resources are typically distributed and decentralized. This, in turn, implies that a federation participant should be able to authorize a user quickly based on a relatively limited number of attributes passed by the authenticator service. The authorization system must provide a service that quickly correlates a user token with the right services, which means quickly searching across many contexts to trigger a fine-grained authorization.
For more information on Jericho Systems visit www.jerichosystems.com. More information about Radiant Logic can be found at www.radiantlogic.com." ¶ 7:29 AM
