Identity management products will boost Web services

Software vendors are introducing a range of products that aim to reduce the growing complexity of managing user identities and...

Software vendors are introducing a range of products that aim to reduce the growing complexity of managing user identities and controlling access to applications scattered across internal and external systems.

Novell and Netegrity are scheduled to introduce updates of their access and identity management technologies this week.

This will follow IBM and VeriSign's rollout last week of a hosted service for identity management, and RSA Security's introduction of a new version of its ClearTrust access management suite that features key usability and security enhancements.

These products are being driven by growing user demand for products that help better manage the task of dealing with multiple versions of user identities across multiple applications, according to analysts.

"Companies are realising they have a problem with this," said Laura Koetzle, an analyst at Forrester Research.

Identity management products offer capabilities as varied as centralised administration and lifecycle management of user identity data, password synchronisation across multiple applications, single sign-on, secure authentication and policy-based access control.

Research group IDC has predicted that sales of security management software, which includes identity management offerings, will grow 30% annually, from $550m (£353m) in 2001 to $2bn (£1.3bn) in 2006.

Niche software vendor Oblix, for example, has helped Oslo-based Norsk Hydro automate the task of setting up users, simplify the process of updating and maintaining user attribute information, and ease the delegation of access-control decisions to business units.

The energy giant is using Oblix's NetPoint technology to let third parties access corporate portals for tasks such as ordering natural gas. Oblix also helps Norsk control the manner in which its 40,000 employees access internal applications, based on a person's role or other attributes.

"As you open up your information assets to external companies, business partners and customers, you can't base your security on firewalls alone," said Mike Kimbell, a directory architect at Norsk Hydro. "You have to protect the information and how it is accessed."

Identity management technologies will play a crucial role in enabling Web services, according to Larry Hawes, an analyst at Delphi Group. "Distributed access management is a big hole in the service-oriented architecture right now," Hawes said.

Read more on IT risk management