Netegrity releases SAML agent

Netegrity Monday introduced software intended to make it easier for organizations to securely exchange user-identity and sign-on information using Security Assertion Markup Language (SAML).

The Netegrity SAML Affiliate Agent is designed to run on the servers that support business-to-business (B2B) and business-to-consumer (B2C) sites, as well as corporate intranets. The lightweight application will make it easier for companies to share user and sign-on information between their Web sites regardless of the technology infrastructure on each side of a transaction, according to Bill Bartow, vice president of products at Netegrity.

SAML is an XML standard for exchanging login information between distinct Web sites – for example, as part of B2B or B2C transactions.

Netegrity’s SiteMinder version 5.5 access management product already supports the SAML specification adopted by the Organization for the Advancement of Structured Information Standards (OASIS) in November, enabling SiteMinder customers to create an SAML-based identity and share it with a partner Web site, according to Netegrity.

With the new agent, partner sites that are not using SiteMinder will more easily be able to recognize and authenticate that SAML identity from sites that are, Netegrity said.

For example, employees looking for 401(k) account information could have their login credentials passed from their employer’s Web site to the 401(k) provider’s Web site without requiring the employees to log in separately to that site, Netegrity said.

In addition to processing the login information, the SAML Affiliate Agent also allows the 401(k) provider to send a notification back to the employer about sensitive modifications that the employee made, according to Netegrity.

The SAML Affiliate Agent also manages critical sign-offs as users move from partner site to partner site, terminating sessions that might otherwise be left open after a user clicks away from a Web site or logs off.

The Agent will eliminate the need for custom development by companies wishing to link Internet and Web-based services. And, by allowing one set of user credentials to be used across sites, the SAML Agent will reduce the cost of user administration and make it easier to enable and disable user access to partner sites, Netegrity said.

The announcement from Netegrity is just the latest in the identity management arena, as companies rush to offer standards-based technologies that will simplify the process of managing identities between organizations that are sharing applications and services.

Also on Monday, Oblix said it had integrated the SAML standard in its just-released NetPoint version 6.1. That product will allow companies using NetPoint to exchange SAML assertions with security systems at other partner sites, providing a single sign-on to resources on those sites.