FRAMINGHAM (10/03/2003) - IBM Corp. next week is scheduled to unveil upgrades to its identity management platform that more tightly integrate its suite of products and provide users with more automated controls of business workflow and applications.
The company has focused on IBM Tivoli Access Manager 5.1 for access control, Identity Manager 4.5 for provisioning services and Directory Integrator 5.2 to pull together repositories of user data.
IBM is tightening the integration between those products and others in its suite, including its Privacy Manager and Directory Server, to create an identity management platform that provides authentication, access management, user management and directory services. The goal is to eventually extend the entire package to support federated identity management among organizations using Web services standards.
The identity management initiative is part of IBM's US$10 billion On-Demand strategy for enterprise computing. IBM is competing with rivals such as Microsoft Corp., Novell Inc. and Sun Microsystems Inc. that are working on their own comprehensive platforms.
In June, Sun upgraded its Sun One identity suite to include integration with Microsoft's Active Directory. In July, Novell unveiled its Identity Automation Framework, which incorporates its nSure product line. And later this month, Microsoft is scheduled to further flesh out its identity management platform, built around Active Directory and Identity Integration Server.
ID management is catching on
The management of user identities is becoming a hot project for end users because of the security and cost savings it promises.
"We said we would save $1 million-plus this year with identity management, and we have already met our goal," says Ronda Kiser, senior manager for enterprise automation for Whirlpool in Benton Harbor, Mich. "We had 11,000 calls to our help desk last year, and 60% to 70% were for password resets and account modifications."
Whirlpool rolled out IBM Tivoli Identity Manager early this year and recently upgraded to Version 4.5 to support self-service capabilities on its network, including self-registration. The company also has deployed IBM Tivoli Access Manager to support single sign-on for its users.
The next task is to further automate provisioning of user accounts with Identity Manager 4.5. Kiser says the provisioning improvements will save another $1 million for the company.
"As we centralize all our identity needs we get simplification, flexibility and we save money," she says. "But the real reason we are doing this is to improve security."
IBM has the same thought in mind with its upgrades to Access Manager 5.1, which it says will be available next month. The new Dynamic Rules Engine will let users pull additional user attribute information, such as age or credit rating, from a number of sources and apply it to authorization policies to tighten access controls.
IBM also has added Dynamic Group Support, which lets companies assign access-control rights based on organization, job or partner status. The features also have been added to Privacy Manager 1.2, to support real-time checks on compliance with access policies.
With Identity Manager 4.5, IBM has opened the workflow engine so that it can be integrated with other workflow engines. Now identity management can be tied into larger business processes, such as setting up a user account as part of approving a loan.
IBM also improved integration between Identity Manager and Directory Integrator 5.2, which is scheduled to ship next month, to increase the number of repositories that can feed user data to Identity Manager. Directory Integrator now also lets users manipulate data before passing it on, such as adding a country code to a telephone number.
IBM says next year the entire suite will be upgraded again to support Web services standards the company is developing in conjunction with Microsoft, including WS-Federation and WS-Policy.