Secure authentication to the cloud

Directories and directory stores featured in a great workshop session I attended at the recent European Identity Conference (EIC), which was also a good place to catch up with an old friend, Michel Prompt -- CEO of Radiant Logic, one of the pioneers in virtual directories. I want to tell you about a new service from Radiant Logic.

Directories and directory stores featured in a great workshop session I attended at the recent European Identity Conference (EIC), which was also a good place to catch up with an old friend, Michel Prompt -- CEO of Radiant Logic, one of the pioneers in virtual directories. Michel and virtual directories were also prominently featured in this newsletter 10 years ago. We'll talk about the past, and the ideas Michael Schwartz (of GLUU) presented at EIC, in upcoming issues. Today I want to tell you about a new service from Radiant Logic.

Last month, Radiant Logic released Cloud Federation Service (CFS) for its RadiantOne Identity and Context Virtualization platform. CFS federates disparate identity sources while securely delivering claims to cloud-based applications that support SAML 1.1 and 2.0.

IN DEPTH: The challenges of cloud security

The RadiantOne Cloud Federation Service includes an Identity Provider (IdP) and Security Token Service (STS) as defined by the Windows Identity Foundation (WIF). CFS provides enhanced authentication and authorization capabilities in a federated environment, connecting disparate identity sources through a secure layer to applications in the cloud. It allows for authentication and claims generation for users residing in various backend stores, including multiple Active Directory domains in different forests, LDAP directories, SQL databases, and sources accessed through a Web service.

Previously, Microsoft's Kerberos service and Active Directory couldn't be extended to Web applications beyond specific Microsoft products. With RadiantOne Cloud Federation Service, however, these identities can be easily integrated in the open world, because they can be made available to any claims- or SAML 2.0-enabled application. With CFS, you can combine internal AD users from multiple domains and forests with your other identity sources, and build one secure access point for Web and cloud-based applications.

According to Prompt, "Microsoft's security layer with Kerberos and Active Directory provides a solid foundation in most enterprise networks, simplifying security and single sign-on for MS-based applications. We're delighted to see Microsoft safely opening its systems with technologies such as claims, WIF and ADFS 2.0. However, besides Active Directory, other identity sources are also mission-critical to your enterprise, and could benefit from this framework. RadiantOne CFS allows you to delegate the complicated task of authenticating against all these sources to one common virtual layer. The result is stronger security through federation, and greater flexibility to secure identities for external applications on the Web. In short, it connects all the identities of an organization to the cloud -- basically acting as an IdP in a box."

It's the sort of innovation we've come to expect from Prompt and Radiant Logic over the past 10-plus years. Next issue, we'll look back and see why.

Learn more about this topic

The challenges of cloud security

Trust, respect and personal datastores

Active Directory: 10 years old and thinking cloud

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022