What RSA has to do with federated identity
By Dave Kearns, Network World, 05/24/04
Anyone like me with more than a few years in the networking trenches remembers when RSA was RSA Data Security, and was known as "...the world's brand name for cryptography..." (see link below).
Until 1996, in fact, the company existed almost solely to exploit public-key
cryptography. Even after RSA Data Security was acquired by Security Dynamics,
which later changed the name to the current RSA Security, it was still best
known for cryptography and PKI. So when I got a note from RSA publicist Amy
Barney asking if I was interested in talking to the company, I was, as usual,
Yes, I'd come across RSA at identity-related events, for example at last year's Catalyst conference, but usually RSA was partnered with another company such as Thor Technologies and Oracle (see http://www.nwfusion.com/newsletters/dir/2003/0721ds2.html).
I assumed that RSA wanted to talk to me about providing the "security" component within a provisioning or federation scenario. But Amy wanted me to meet with Senior Product Manager Howard Ting, and his product wasn't security. His product was Federated Identity Manager. Whoa! Had I slept through the movie?
<aside> I last went to what used to be called the "RSA Security Conference" about 5 years ago, and yawned a lot. Had I not skipped the last couple, I would have realized that RSA was providing more than security services. </aside>
If pushed, I might have admitted that RSA was "involved" in provisioning, but security was its strongpoint and strong authentication was its forte. Ting did enlighten me, however.
To his benefit, Ting did admit that few people thought "RSA" when they were considering identity federation projects, so I wasn't alone. But he explained that RSA's long experience with both strong authentication and rules-based authorization made the company a natural to develop a best-of-breed federation system. Provisioning is one-time, federation is run-time, is how he put it.
Federation requires quick exchange of data - secure data, while also requiring the strongest possible authentication. RSA's Federated Identity Manager supports all known standards "out-of-the-box," including the Liberty Alliance specification, Shibboleth and WS-Federation. It's a powerful product (read about it at http://www.rsasecurity.com/node.asp?id=1191) but that's not the end of the story, by a long shot.
Many of you probably have something in your pocket, or on your keychain, with RSA's name on it - the credit card-sized RSA SecurID. The device with the constantly changing numbers on its LCD screen that you have to type in to your computer to gain access to some resource. It's the best-known two-factor (username/password and one-time use number) authentication method available.
Now you can get RSA's Federation product and tightly couple it to the SecureID card. That puts RSA well ahead of other federation providers, I believe, because strong two-factor authentication will be required of many participants when federation projects move outside the firewall. Ting spoke softly, but he carried a big message. I doubt I'll be forgetting RSA's role in identity management any time soon.
Copyright, 1994-2005 Network World, Inc.
Questions or problems regarding this web site should be directed to firstname.lastname@example.org.
Copyright © 2008 Art Beckman. All rights reserved.
Last Modified: March 9, 2008