Identity management vendor TriCipher this week rolled out a hosted service that lets companies pass-on the complexity of sharing identities with partners.
TriCipher's myOneLogin Federation service acts like a trusted hub or lets companies create their own trusted hubs so they can share identity credentials in order to secure access controls across corporate boundaries.
While the merits of federation are well understood, the complexity of establishing contractual agreements with partners around federation has slowed adoption of the technology.
TriCipher officials say the goal is to create federation on-demand and a place where companies that trust myOneLogin by association can trust each other.
The service supports the Security Assertion Markup Language (SAML) 1.1 and 2.0, WS-Federate and Active Directory Federation Services (ADFS). It also works with corporate directories that support the Lightweight Directory Access Protocol and other federation software.
TriCipher, which competes with companies such as Ping, launched myOneLogin service earlier this year focusing on strong authentication. The company quickly added provisioning capabilities for such online applications as Salesforce.com and Google Apps before coming out with its federation add-on.
With the service, each user federates with myOneLogin, which then provides the option to federate with anyone else subscribed to the service.
The service validates assertions that come in from a sender and it then creates a SAML assertion and forwards it to the intended recipient. If the recipient does not speak SAML, they enclose the original assertion in an XML-wrapper and forward it back to myOneLogin via a private channel. The service then validates the assertion and sends back a simple reject or accept.
If the answer is "accept" the service includes relevant attributes about the user's access rights as part of the XML file.
As part of the service, users can set up their own privately branded hubs with a collection of partners, using myOneLogin in the background to perform validations.
Companies also can use their own directories as their authoritative source of user information so they don't have to store any user data with myOneLogin.
"What is happening is that this eliminates the need for people to go through the complex process of implementing something to support federation," says Vatsal Sonecha, vice president of business development and product management at TriCipher.
He says TriCipher is talking to software-as-a-service providers who are interested in the federation service as a way to stitch together mashups. And he says TriCipher is aiming at developers who could find the tool useful in that it eases the effort needed to include identity and access control features in applications.
The myOneLogin service is priced at US$3 per user per month.