Identity Management Set To Make A Name For Itself

Novell, Provo, Utah, plans to expand its Nsure identity management offerings with new secure logging and auditing software called NSure Audit. Increasing regulations,especially for health-care organizations,are creating a big need for auditing user access, said Jeff Allen, product manager at Novell.

Among its key features, NSure Audit provides a nonrepudiative audit trail that a company can use as evidence in court in the event of a break-in, said Adam Gray, vice president and CTO of Novacoast, a Santa Barbara, Calif.-based IT services firm. The feature guarantees authenticity of the log data.

"If you decide you want to prosecute, [the data] needs to be court-usable," he said. "You have to be able to show that the data you're showing as evidence hasn't been modified."

Slated for availability this week, NSure Audit costs $1,495 per audited system and $9,995 for the central collection server.

Novell also plans to announce a Security Assertion Markup Language (SAML) extension for its iChain secure Web access product, allowing customers to manage identities across partner Web sites, executives said. In addition, Novell will release an identity management architectural guide.

Entrust is set to unveil a new version of its GetAccess single sign-on and Web access management software product featuring new CPU-based pricing, which provides more flexibility than the per-user pricing of competing products, said Chris Voice, vice president of product marketing at Entrust, Dallas. Pricing is about $30,000 per processor.

At Catalyst, Entrust will participate with other vendors in an interoperability demonstration of the Oasis Service Provisioning Markup Language Specification (SPML), an XML-based framework for exchanging and administering user-access rights and data within and between enterprises.

Also at the show, Sun Microsystems is expected to announce an expanded partnership with Waveset Technologies, Austin, Texas, to provide an identity management solution for PeopleSoft products.

"Identity management has always been critical in the enterprise," said Dick Mackey, principal at SystemExperts, a Sudbury, Mass., consulting firm.

Identity management is very complex and includes administering multiple user accounts and tracking outdated accounts, he said. Vendors tend to focus on one aspect of identity management, such as single sign-on, but Mackey said he has yet to see a product that addressees all aspects.

Last week, Microsoft said its new Identity Integration Server 2003,an identity management, access and provisioning solution based on meta-directory services,was released into manufacturing and would be demonstrated at Catalyst.

PAULA ROONEY contributed to this story.