TriAWorks Aims to Simplify Single Sign-On with EIM Utility
February 3, 2004 Alex Woodie
A new company named TriAWorks was formed last month and has already released its first software product, called TriAWorks Identity Manager for Single Sign-On, or TIM SSO. The software utility is designed to simplify using IBM‘s Enterprise Identity Mapping framework, and therefore to make it easier for iSeries and Windows shops to provide their users with the much vaunted–but seldom obtained–single sign-on capability.
In a nutshell, Enterprise Identity Mapping is a framework for creating “associations” among the different user IDs a person uses to access a variety of computer systems. When combined with Kerberos authentication, Enterprise Identity Mapping provides a secure, powerful, yet straightforward way to enable single sign-on capability, and thereby lessen the requirement for users to remember the different user IDs and passwords needed to access computers.
Because Enterprise Identity Mapping is built into OS/400 V5R2, it can enable iSeries shops to provide single sign-on capability for a very low cost, says Jack McAfee, TriAWorks cofounder and president. “The EIM [Enterprise Identity Mapping] technology underneath [OS/400] is awesome,” he says. “More and more people are starting to understand what Enterprise Identity Mapping does, that it can enable single sign-on for a very low cost.”
The drawback with IBM’s Enterprise Identity Mapping infrastructure is that the Enterprise Identity Mapping management tools that IBM provided in iSeries Navigator are not particularly easy to use, McAfee says. “The only functionality IBM provides is in iSeries Navigator, and it allows you to do things in a very sequential manner, to create associations,” he says. “We saw a real need–an opportunity–to come in and help people adopt EIM more quickly.”
Once an administrator has configured his Enterprise Identity Mapping domain with IBM’s tools, iSeries Navigator limits the options for populating that domain with users’ identities, and then mapping those identities to a specific person, through Enterprise Identity Mapping associations, McAfee says. “What our product allows you to do is to create associations very quickly and very accurately,” he says. “We’ve reduced a significant amount of the administrative burden of managing an Enterprise Identity Mapping domain, in creating all those mappings.”
TIM SSO runs on Windows workstations and provides a GUI that administrators can use to create associations by dragging and dropping names on the screen. Wizards are available to help import user identities from existing directories, and also in creating associations, by making suggestions when it spots patterns in how user identities are set up.
Rules can be set in TIM SSO to speed the process of creating associations. For example, user Bob Smith might have a user ID of BSmith on his Windows workstation, and he might use BOBS to access the iSeries server. With TIM SSO on the job, the software can be configured to recognize any combination of first name, last name, first initial, or last initial (and a variety of other patterns) on selected machines. The software will also run checks on these rules to make sure it provides the right results, before being used to find suggestions and create associations.
McAfee says TIM SSO can do one thing that iSeries Navigator cannot: alert the administrator when there’s a problem. For example, user BOBS could refer to either user Bob Smith or user Bob Simpson, and iSeries Navigator would be unable to distinguish them before creating an association with Enterprise Identity Mapping. “In iSeries Navigator, it doesn’t prevent you from doing that, but our product creates warning indicators when that situation occurs, to maintain integrity in the single sign-on environment,” he says.
TIM SSO doesn’t totally replace iSeries Navigator for creating the Enterprise Identity Mapping framework. The iSeries Navigator is still needed to configure the Enterprise Identity Mapping domain at the initial startup. Once that is complete, however, administrators may work with TIM SSO exclusively to populate the Enterprise Identity Mapping domain and to create associations among the different identities, McAfee says.
TriAWorks wrote TIM SSO using IBM’s Eclipse development tools, and the software works with all the operating systems using IBM’s Enterprise Identity Mapping. Those systems include OS/400 V5R2; AIX R5.2 on pSeries; Red Hat Linux 7.3 on Intel 386; Windows NT/2000/XP/Server 2003; and z/OS V1R4. While TIM SSO supports the gamut of eServer operating systems, TriAWorks is primarily targeting iSeries shops that want to streamline user access to iSeries and Windows machines, McAfee says.
McAfee, a former IBMer who worked at Rochester and in the Tivoli unit, founded TriAWorks earlier this month with two of his former colleagues from systems management and security software provider NetIQ, Clay Scogin and Kurt Goolsbee. “The other guys feel the same way, that we wanted to challenge ourselves in a new way and start our own business,” McAfee says.
The company has been pleasantly surprised by the number of sales opportunities presented to TriAWorks during only two weeks of operation. “We didn’t think we’d be this active on the sales front,” he says. TriAWorks got some publicity when the company was referenced in a new IBM Redbook called Windows-based Single Sign-On for the EIM framework on the IBM eServer iSeries Server (SG24-6975), a guide for implementing Enterprise Identity Mapping and single sign-on on the iSeries.
TIM SSO Version 1.0 is available now. License fees are set from a base price and the number of people who will be brought into the Enterprise Identity Mapping framework (not the number of identities, which would be much greater); specific pricing information was not provided. For more information and free downloads, go to www.triaworks.com.