Home It’s PingFederate 6.6 Versus “Identity as a Service”

It’s PingFederate 6.6 Versus “Identity as a Service”

It’s a demonstrated fact that as cloud application users find themselves logging on more and more often, they tend to oversimplify their passwords in an effort to avoid writing them all down someplace. It doesn’t help that many IT shops’ first course of action is to standardize identity around social networks such as Facebook, making these public repositories into the lynchpins of private networks’ security strategies.

This morning’s rollout by Ping Identity of a new point release for its PingFederate identity management system is an effort to reorient businesses that have already begun using public identity providers, around a centralized identity scheme that resides back inside the firewall. There, administrators can create policies that govern how users access privileged network resources, based on such factors as where they are, and whether they can also log onto – and authenticate themselves from – someplace else that’s actually stronger.

This latter concept is called authentication chaining, and it’s one of three elements that Ping is touting in its new marketing push around “Adaptive Federation.” Certainly being able to leverage authentication resources from Facebook or LinkedIn expedites the registration process for e-commerce sites. But the strength of that authentication is not enough during checkout, when a logged-in customer may have access to stored credit card data.

So what Ping suggests is a form of chaining that also incorporates a stronger, multi-factor authentication system such as PhoneFactor. An admin may then establish authentication rules that evaluate specified criteria (“Is this a remote user?”) and, if the case is true, chain the process over to that stronger provider. If that provider is unavailable, or if something goes wrong, a separate rule may establish a failover identity provider – someone to trust in the absence of clarity.

“If you have users in multiple directories, and you want to be able to authenticate those users across those directories,” explains Ping Identity technical marketing manager David Gorton in an instructional video published today (above), “you can actually chain those directories together.” This way, after the user provides credentials, the newly enhanced PingFederate system will check them against each directory, until one is capable of validating those credentials. “If he doesn’t get authenticated in any of those directories, he gets rejected,” Gorton continues.

With the third added component, attribute aggregation, elements of a SAML assertion may be combined from multiple sources. This way, for example, when an enterprise stores its employee data in a database rather than Active Directory, PingFederate can collect elements from both sources and piece them together.

“This functionality makes virtual directory products unnecessary for attribute aggregation,” reads a Ping Identity product guide released today. That may not be the best news for so-called identity service providers like Radiant Logic, whose RadiantOne Virtual Directory Server, released last July, manages multiple logons through a centralized console. Radiant and Ping had been partners since 2007 on virtual directory support.

Indeed, back in 2005, Ping CEO Andre Durand went so far as to call virtual directories and identity federation tools “natural product partners.” But that was before providers started moving those virtual directories to the cloud, as services outside corporate firewalls. As the chart above from 2012 suggests, PingFederate remains firmly planted as a public-facing service inside the corporate firewall. While this move isn’t enough to split the partnership, it does place the two companies on different rotational axes, if you will, with respect to where the federation takes place.

Ping Identity is holding a webinar on the new topic of authentication rules and chaining, this Thursday, February 16, at 11:00 am ET. Register here to take part.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.