SiteMinder allows businesses to protect data and applications with passwords, tokens, smartcards and other authentication mechanisms, and then grant access to resources based on rules and policies, said Bill Bartow, vice president of the access control business unit at Netegrity.
When SiteMinder is installed at a company, applications and data are protected by the combination of a Web agent and a policy server, both parts of SiteMinder, Bartow said. The Web agent sits next to the Web server and intercepts requests for data and applications, he said, while the policy server communicates with the Web agent and with directories storing user data and permissions. When a request is made through the Web agent, the request is forwarded to the policy server, where the server checks to see if the request is for protected material, he said.
If the requested material is protected, the policy server prompts the Web agent for the type of authentication required, such as a smartcard, password, biometrics or other means. Once the user has authenticated through the Web agent, the policy server then determines the level of permission and access the user has, he said.
SiteMinder 5.0, which will ship by the end of the month, beefs up the application's management features, its e-business capabilities, its ability to be customised and its interoperability with Microsoft applications, Bartow said.
First among a host of manageability additions is OneView monitoring, which will allow administrators to send system status information such as failed log-ins and crashed applications or servers via SNMP (Simple Network Management Protocol) to management systems such as those offered by Hewlett-Packard Co. and Tivoli.
Version 5.0 also adds the ability to update and change Web agent configurations centrally, he said. Bartow believes this improvement, will save time and money in maintenance and management.