Sun pairing tools for identity technology

Partnership with ActivIdentity to result in two-factor authentication system

March 13, 2006—Sun Microsystems plans to add management and other software to its identity platform so that users can converge access to physical and logical resources onto a single smart card.

The company has forged a partnership with ActivIdentity that combines Sun's Java System Identity Management Suite with ActivIdentity's Card Management System (CMS) and SecureLogin Single Sign-On software.

The result is a two-factor authentication system that can be used to provision and deprovision smart cards or other identity tokens that include all the access credentials needed to get physical (building) and logical (network and application) access.

Sun is one of many vendors rushing to create suites of identity technology. Others are CA, HP, IBM, Microsoft, Novell, and Oracle.

The agreement with ActivIdentity, in which Sun will resell and support its software, represents Sun's first move into providing infrastructure for two-factor authentication.

A number of companies and government organizations, such as Chevron and the Department of Defense, already have rolled out such systems. The government's Homeland Security Presidential Directive 12, which is a policy for a common federal identification standard, along with regulatory requirements in such fields as financial services and healthcare, are driving interest in two-factor authentication and convergence of access information.

"Convergence is the most significant thing happening in identity management, and it's totally being overlooked," says Jonathan Penn, an analyst with Forrester Research. "Integration and convergence is an upfront cost that pays for itself over time through lower operational costs and better overall security."

The system Sun is putting together with ActivIdentity includes the Sun Java System Identity Manager for provisioning and account synchronization, Java System Access Manager for secure access to Web-based applications, and Java System Directory Server enterprise edition. ActivIdentity's single sign-on technology will be used for access to all applications that are not Web-based.

The CMS merges provisioning, support and administration of authentication devices, digital credentials, and their associated user data into a single Web-based management interface.

Sun officials say the system is controlled by Identity Manager to divide network-resource and physical access for users and provision users into the CMS and the single sign-on environment. In turn, the CMS supplies the correct credentials and physical access codes to the smart card and manages its lifecycle.

Sun also announced that it is adopting this system internally and plans to roll it out to more than 38,000 employees. The company hopes to have the first phase of the project completed before its fiscal year ends on June 30.

The Sun/ActivIdentity platform is priced per user; 20,000 costs approximately 0 to 5 per user.

John Fontana is senior editor at Network World.

Learn more about this topic

This story, "Sun pairing tools for identity technology" was originally published by Network World.

Copyright © 2006 IDG Communications, Inc.