Article

Authentication, SSO tool aids Web app security

Michelle Davidson

As companies realize the threats to their online applications, more are looking to strong authentication to block those threats. Authentication mechanisms exist, but the trick is applying them to all of their applications and ensuring the mechanisms won't be defeated.

Ping Identity plans to address that with its PingLogin. PingLogin is an authentication and single signon (SSO) framework for consumer-facing online services and Web applications.

"Business-to-consumer companies are faced with growing issues of ID theft and fraud and are looking at strong authentication. They're asking, 'How do I get it to work with all the applications in our infrastructure,'" said Mike Donaldson, vice president of marketing at Denver-based Ping Identity. "That led us to create PingLogin. Now companies can do both single signon and control access to applications."

Think of PingLogin as authentication middleware, said Ryan Hunter, director of product marketing at Ping Identity. "It provides a centralized authentication process. Companies can integrate their applications on one side and integrate their authentication mechanism on the other side," he said.

    Requires Free Membership to View

Now companies can do both single signon and control access to applications.
Mike Donaldson
Vice president of marketingPing Identity

Application developers also benefit from PingLogin, Hunter said. "It eliminates the need for application developers to think about that type of security," he said.

In an effort to enhance the authentication aspect of PingLogin, Ping Identity is partnering with leaders in consumer authentication technology to reduce the integration and maintenance burden on joint customers. Integration with tools from companies such as BioPassword, Trade Harbor and VerID will reduce the cost of managing consumer authentication, according to Ping Identity.

PingLogin also adapts to changing authentication needs. Its lightweight and extensible runtime engine combined with an easy-to-use administrative console and a strong authentication integration SDK enables customers to rapidly add new identity verification systems when they need to address new threats, Hunter said.

Understanding that customers interact with applications via channels other than Web browsers, Ping Identity enabled PingLogin to support communication devices such as PDAs, smart phones and voice recognition units.

Scott Crawford, a senior analyst at Enterprise Management Associates, an IT analyst firm based in Boulder, Colo., said PingLogin is something they've been looking forward to. The SSO aspect, in particular, is appealing. Customers are looking for the full value of SSO, he said.

"Most organizations seek single signon internally, but most ways don't leverage a company's existing architecture," Crawford said. PingLogin does that, he said. "It's a direct user interface that complements [Ping Identity's] Federate product very well."

Standards compliance
If a company wants to further improve its collaboration with partners and customers, PingFederate 4 can help. This Federated identity server, now generally available, implements protocols and standards to provide cross-domain SSO, single logout (SLO) and attribute exchange. PingFederate 4 adds tightly integrated support for WS-Federation, SAML 1.0 and SAML 1.1 to existing support for SAML 2.0.

It also includes role-based administration and administrative logging to meet compliance requirements, as well as a new attribute source SDK to further simplify integration with existing identity infrastructure.

Trends with protocols drove Ping Identity to include that compatibility, Donaldson said. "It will support whatever regulation your partner wants you to support," he said.

Crawford said Ping Identity has always driven to be in front with Federation, and these moves reinforce that. "They have chosen a rather unique position in the market, so it behooves them to be in the front," he said.

Other enhancements to Federate 4 include the following:

  • Use case-driven configuration extended to protocols -- Based on the protocols selected for use on a given connection, PingFederate only asks the administrator for parameters relevant to that protocols, reducing complexity and minimizing errors.
  • Role-based administration -- PingFederate 4 provides four separate administrator roles that can be assigned to one or more administrators depending on organizational and regulatory requirements.
  • Administrator logging -- PingFederate 4 adds configurable Admin logging that provides a detailed audit trail of all administrative actions.

Authentication articles, tips

Attacks illustrate need for stronger authentication

How to avoid authentication bypass attacks

Banking on multifactor authentication

PingFederate 4 and PingLogin are modular, stand-alone products that can run with Ping Identity products or with other companies' products.

"There are lots of enterprise suites and we've heard a lot of people complain that they're buying things they don't need," Donaldson said. "Our approach is different in that you buy just the service that you need."

PingFederate 4 is available now, and PingLogin will be available in July. Both can be downloaded directly from Ping Identity. For users new to both products, the first six months or 100,000 transactions are free, whichever comes first.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: