The application identity crisis

Was that "Error 404 - access denied" caused by a typo, or is it the symptom of an identity crisis in your applications security environment?

It's relatively easy to front-end simple Web server-based applications with Web access management tools such as Netegrity SiteMinder, IBM Access Manager, Oblix NetPoint, RSA Security ClearTrust or Entrust GetAccess. The access manager plugs into the Web server's authentication model and authorizes or forbids access to specific URLs.

Integrating Web access managers with IBM Resource Access Control Facility (RACF)-powered mainframes, application servers and massive client/server applications such as SAP, J.D. Edwards or PeopleSoft is another story. These complex line-of-business systems usually employ their own account management tools. An average SAP deployment has about 20 subsystems and tracks thousands of roles for employees and contractors. And the user IDs, passwords and other attributes in back-end systems such as SAP might not match up with data in the access manager's Lightweight Directory Access Protocol (LDAP) directory.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Was that "Error 404 - access denied" caused by a typo, or is it the symptom of an identity crisis in your applications security environment?

It's relatively easy to front-end simple Web server-based applications with Web access management tools such as Netegrity SiteMinder, IBM Access Manager, Oblix NetPoint, RSA Security ClearTrust or Entrust GetAccess. The access manager plugs into the Web server's authentication model and authorizes or forbids access to specific URLs.

Integrating Web access managers with IBM Resource Access Control Facility (RACF)-powered mainframes, application servers and massive client/server applications such as SAP, J.D. Edwards or PeopleSoft is another story. These complex line-of-business systems usually employ their own account management tools. An average SAP deployment has about 20 subsystems and tracks thousands of roles for employees and contractors. And the user IDs, passwords and other attributes in back-end systems such as SAP might not match up with data in the access manager's Lightweight Directory Access Protocol (LDAP) directory.

In such fragmented identity management environments, a "404" could occur because there's a mismatch between the IDs in the LDAP directory and a back-end application's account database. Or perhaps a password expired in the application, and the problem wasn't detected and conveyed to the user by the front-end security system.

It seems that the better our portals and Web access managers get, the more application integration becomes the key problem. Resolving integration problems requires front-to-back identity management with comprehensive delegated or centralized administration to manage accounts, self-service administration for password resets and ID/password provisioning software that keeps your front-end access manager in sync with the accounts on the back end.

User management, provisioning and Web access management offerings are starting to coalesce through acquisitions and partnerships. In a trend I call "platformania," some of the leading vendors in the identity management market - IBM, Oblix, Netegrity, Novell, RSA and Sun - are broadening their products to become identity management "platforms." Novell and Netegrity are building or improving provisioning and user management to complement their product suites; Oblix has partnered with BMC Software for provisioning and PricewaterhouseCoopers for integration services; IBM recently acquired Access360; Sun has added a Web access management offering directory offerings; and RSA is certifying multiple directory services and provisioning partners.

So if users in crisis are overwhelming your help desk or dropping like flies from your Web site, you know what to do. Resolve that application identity crisis by developing a comprehensive identity management architecture, select some products, and begin the front-to-back application security integration that will deep-six those 404 errors forever.

Read more about software in Network World's Software section.