Tuesday, May 31, 2005

Vendor List

Updated: November 12 2006

I am trying to come up with the list of vendors and associated products in the Identity and Access Management arena. Please note that this list is based on marketing/public information and my understanding of the terms which may not comply with any specific groups' definitions and/or requirements. This is by no means a complete list and will keep growing as I get more time to add them and find more companies (any help on that front will be really appreciated). Before we go further along, lets try to define what each of these product typically do so that my mode of classification may make sense or any flaw in my classfication will become apparant.

  • Identity Management/User Provisioning These products typically provide the facility of Workflow-based Identity provisioning, password reset, identity reconciliation/discovery, delegated identity administration and self-service features on wide variety of identity platforms (like LDAP, Unix, Windows, Mainframe, ERP, CRM and so on). In addition to that most of the product also provide ability to implement rule based compliance validation.
  • Single Sign On Typically these product allow users to authenticate in various ways (i.e. RADIUS, SPNEGO, form based, certificate, etc.) and then provide access to web application without request for another credential. In addition to that these product also provide basic access management/control over resources (web incase WebSSO).
  • Access Control and Enterprise Rights Management there are new breed of independent product that provide fine-grained access control. There seems to be some confusion in market on what constitutes access control. Most of the customers that I talk with understand the access control as a Policy Evaluation system that can be invoked by application to check whether a user has access to the data. But at the same time, some other vendors (which probably come from Data Encryption world) see access control more as Role/Rule based data decryption process. This to me sounds more like Enterprise Rights Management which is just a special case of access control where the enforcement approach is built into the system.
  • Reduced Sign On/Enterprise Sign On These are typically windows desktop agent based product that automatically fills user's ID and password in to an application (web, windows application or mainframe/terminal application) once accessed via desktop.
  • Federated Identity Management/SignOn Refers to products that provide full implementation of SAML 1.0, 1.1, Liberty Alliance and WS-Federation protocol/profile implementations. In addition to that some product also provide cross-domain Identity provisioning.
  • Strong Authentication Refers to products that provide authentication approaches better than password. This typically includes products like token, biometric and new approaches to strong authentication and anti-phishing solutions.
  • New Stuff Refers to new breed of products like identity appliances which are out there.
  • Network Access control Refers to products that allow control of network access based on user identity and optionally additional criteria like virus definition, application protocols, etc

Please feel free to provide your comments on the basic classification definition, product mis-classification, personal product preference or any thing relevant to this discussion.

 
Vendor User Provisioning Single Sign On/Access Control Federated Identity Management/Sign On Directory Others (Privacy, Compliance, Strong Authentication)
A10 IDSentrie 1000 Identity Appliance (UNIFIED IDENTITY MANAGER) IDSentrie 1000 Identity Appliance     IDSentrie 1000 Identity Appliance (Network Event Manager and Correlation)
ActivIdentity/ActivCard/Protocom         Smart card, USB Token, One Time Password, fingerprint (Strong Authentication)
Aladdin Enterprise Single Sign-On (SSO) with eToken (Reduced Sign On)       USB Token, OTP Token, Smart Card (Strong Authentication)
Apere (Product Data protected)   IMAG - Identity Managed Access Gateway (IDentity Appliance??, NAC??)     USB Token, OTP Token, Smart Card (Strong Authentication)
Applied Identity   Identiforce (NAC, Identity Appliance)      
Arcot         ArcotID (Software based PKI which protects the private key by Camouflage it)
ASG ASG-Entact ID™ for Enterprise Identity Management ASG-Focal Point™ for Enterprise Single Sign-On (Reduced Sign On)   ASG-RadiantOne™ for Enterprise Identity Integration (Virtual Directory)  
Authentify         Voice/Telephone Based registeration(Strong authentication using telephone)
Avatier Identity Management Service (Password reset, password policy enforcement, (de)provisioning, request)        
Aveksa         Aveksa (Compliance Automation)
Axalto         Smart Cards(Strong authentication)
Bayshore Networks   SingleKey (Appliance, Reverse Proxy based SSO, fine-grained Authorization-Not sure)      
BEA   AquaLogic Enterprise Security (Fine grained policy evaluation)      
Beta Systems SAM Jupiter (Workflow, Rules, Provisioning, Role Mining, password management, compliance, reconciliation ) SAM enterprise Single Sign-On (Reduced Sign On)      
BHOLD BHOLD Modeler, BHOLD Auditor, BHOLD User, Authentication, Authorization, Provisioning Manager and SSO Portal (Role Management)        
BMC CONTROL-SA/        
BNX         Unable to locate the company website bnx.com but it is in strong authentication.
Bridgestream Bridgestream (Role Membership and Role hierarchy management)        
Caymas   Identity Driven Access Gateway(NAC)      
Centrify DirectControl Suite (AD based Identity Management)        
Computer Associates ETrust Identity Manager (Provisioning, Self-service, workflow, password management) eTrust® SiteMinder® Federation Security Services, eTrust TransactionMinder eTrust Directory eTrust CA-Top Secret Security (Mainframe Security Administration)
Cisco   Cisco Clean Access/NAC Appliance(NAC)      
Citrix   Citrix Password Manager (Reduced Sign On)      
ConSentry Networks   NAC(NAC)      
Courion AccountCourier®(Provisioning), PasswordCourier(Password synchronization and reset), ProfileCourier®(Self service), Role Management (Role membership and hierarchy management)       CertificateCourier, Compliance Courier
Credentica (No known product)          
Digital Persona         DigitalPersona Pro (Strong Authentication - Fingerprint)
diamelle (Advertized as opensource. Can not find the location for the source) Identity Management Authentication Server    
e-Meta   Right Access (DRM/Enterprise Rights Management?)      
Encentuate   Encentuate TCI(Reduced Sign On with multiple authentication factor)      
EngiWeb Security (Italy) Profile Manager (Role Design and Management), Provisioning Module (Provisioning) Web Single Sign On (Web SSO)      
Entegrity   Entegrity Assure Access(DCE based Single Sign On)      
Entrust Sun Identity Manager Entrust GetAccess™ (Web SSO and access control), Passlogix v-GO Single Sign-On (Reduced Sign On)     Entrust USB Tokens, Entrust IdentityGuard™ (Strong Authentication)
EPOK Inc.   EPOK ISE System (Enterprise Right's Management and Access Control)      
Eurekify        
Evidian (Enatel)        
Fischer International Identity Management (Provisioning, Compliance, Password Management, Self-service)        
ForeScout   CounterACT (NAC)      
GemPlus         Smart Cards, OTP (Strong Authentication)
HID (Indala)         Smart Cards (Strong Authentication)
HP Select Identity Select Access Select Federation   Select Audit
IBM IBM Tivoli Identity Manager IBM Tivoli Federated Identity Manager IBM Tivoli Privacy Manager for e-business, IBM Tivoli Security Compliance Manager, IBM Tivoli Identity Manager (Built-in compliance), XML Security
IdentiPHI   IdentiPHI™ Enterprise Security Suite (Reduced Sign On), IdentiPHI™ EPM (Network Access Control)     CompliSoft(Compliance)
Identity Engines Ignition 3000E (Identity Appliance for Provisioning to switches??, RADIUS Sign On) Ignition 3000E (Network Access Control)      
Imanami SmartDL (Group Management), WebDir (Self-service tool for directory)       Directory Synchronization
Imprivata   OneSign Platform (Reduced Signon)      
i-Sprint   AccessMatrix USO (Reduced Signon), AccessMatrix™ Universal Authentication Server (Centralized Authentication Server, Token Management)      
Jericho Systems   Enterspace Security Suite (Fine-grained policy evaluation based access control)      
Juniper Networks   Unified Access Control(NAC)      
M-Tech ID-Synch (Provisioning), P-Synch(Password Synchronization, Reset), ID Certify (Account re-certification), ID-Access(Self-service Access Control), ID-Discover, ID-Telephony (Voice/Telephone based Password reset)         
MaXware Identity Center (Provisioning, workflow, password management, audit and monitoring), MaXware Data Synchronization Engine (Data Syncrhonization), MaXware ExpresSync(Lightweight Data Sync??)     MaXware Virtual Directory  
Microsoft Microsoft® Identity Integration Server 2003 Enterprise Edition (Synchronize Identity, user account provision, password management) Active Directory Federation Services (Federated SSO for Web Browser and Web Services - Part of Windows Server 2003 R2) Windows Server 2003 Active Directory, Strong Authentication for Microsoft Web Application and Microsoft Clients, Certificate Lifecycle Manager (from Alacris)
NetPro SecurityManager        
nCipher(Abridean) Provisor (Group Manager, Compliance Manager, Password Manager, User Manager), keyAuthority (PKI Management)       Secure APP for Peoplesoft (Access Control by Data encryption and policy enforcement), KeepSecure: SecureDB for column level database security (Access Control by Data encryption and policy enforcement), KeepSecure: SecureFS for File security (Access Control by Data encryption and policy enforcement) - More Information on supported policy model needed before classifing as access control product.
Novell Nsure Identity Manager (formerly DirXML) (Previously a Meta-directory product but Enhanced Provisioning Module provides approval workflow, delegated admin) SAML Extension for Novell iChain, Liberty identity provider for Novell eDirectory (Liberty 1.1) eDirectory®  
OMNIKEY         Smart Card (Smart Card & Object)
Oracle Oracle Identity Manager (Provisioning - Previously Thor Xellerate) Oracle COREid Access and Identity (WebSSO), Oracle Enterprise Single Sign-On Suite (Reduced Signon From Passlogix) Oracle COREid Federation Oracle Internet Directory, Oracle Virtual Directory  
PassGo Technologies Syncom, Resync, InSync (Password Synchronization and Management) SSO Plus (Reduced Sign On), Webthority (Web SSO?), SSO (Not sure?)     Defender Tokens(Strong Authentication), Software Tokens
Passlogix   V-Go SSO (Reduced Signon)      
Persistent Systems       enQuire Identity Server, enSure Synchronization Server (Meta-Directory)  
PingIdentity     PingFederate, PingTrust    
Prodigen Contouring Engine (Role Engineering and Enforcement Validation)        
Proginet SecurForce (Role-Based Provisioning and Delegation, Identity and Password Synchronization, Self-Service Password Reset and Registration), SecurPass (Password Management) SecurAccess (Reduced SSO?? Not sure)      
Quest Provision (AD based provisioning and PAssword Management)        
Radiant Logic Synchronization Services(MetaDirectory)     Virtual Directory Server  
RedHat       Red Hat Directory Server  
RSA   Federated Identity   RSA SecurID Authentication (Strong authentication using One Time Password, USB, Smart Card)
SafeStone AccessIT (PRovisioning, Audit and compliance)        
Secured Service Identiprise SecuredUser (Provisioning, Delegated Administration, User Self-service) Identiprise SecuredUser (Policy Server)   Identiprise SecuredUser (Virtual Directory)  
Securent   Securent Entitlement (Fine-grained access control)      
SecurIT R-Man (Role Management using Tivoli IDentity Manager)        
Siemens HiPath SIcurity DirX Identity (Self-service, Delegated Administration, Password Management, Provisioning) HiPath SIcurity DirX Access (Web SSO)     HiPath SIcurity DirX - LDAPv3, DSMLv2 and X.500 Directory Server (Directory Server), DirX Identity metadirectory (Meta-directory)
Sentillion Vergence Provisioning Manager Vergence Single Sign-on (Reduced SignOn)??     Vergence Strong Authentication (Strong Authentication?), Vergence Privacy Auditor (HIPPA Privacy??)
SUN Microsystems Sun Java System Identity Manager Sun Java System Access Manager(Federation SSO) Sun Java System Identity Auditor
Symantec (Bindview) Bit confused how identity integrates into this compliance.       Policy and Compliance Management (Define Policies), VULNERABILITY AND CONFIGURATION MANAGEMENT (Find holes on network and systems and apply Patches),
Symlabs     Federated Identity Access Manager (Federation) Virtual Directory Server (Symlabs)  
Trusted Network Technologies   Identity (Network Access control)      
Vaau Role Manager (Role Engineering and Management)       Identity Compliance (Compliance)
Veridicom         VKI (Strong Authentication - Finger print reader)
Vernier Networks   Edgewall series (NAC)      
Voelcker ActiveEntry (Provisioning, Self-service, password management)        
           
Open Solutions     Sun Open SSO, Java Open Single Sign-On, CoSign, CAS(Use case), Pubcookie (Web Single Sign On - No Access Control a.t.m.), Guanxi (Shibboleth) OpenLDAP Software, Penrose (Virtual Directory)  
Some companies in the "User-centric" Identity space Looking forward to your input on the subject especially on open-source. Sources