Trustgenix and IdentityForge Put iSeries, zSeries at Center of SSO

Recognizing the importance of user directories established on iSeries servers and mainframes, Trustgenix and IdentityForge unveiled a partnership last week that will allow organizations to leverage that user data for wider single sign-on (SSO) implementations. The companies plan to do this by integrating their respective products, including TrustGenix IdentityBridge and IdentityForge’s LDAP Gateway, by the fourth quarter.

Trustgenix’s flagship product, IdentityBridge, is a federated identity management system that essentially lashes together the various other identity management systems that may be used in a company or by a company’s partners, thereby eliminating the need for users to remember different passwords and enabling SSO. IdentityBridge does this by supporting popular identity management protocols, including Liberty Alliance‘s Liberty 1.1, 1.2, and WSF standards, and the Security Assertion Markup Language (SAML) protocol from Oasis, and also by providing out-of-the-box support for popular identity management systems, such as Microsoft Active Directory, IBM Tivoli, Computer Associates eTrust, RSA Security ClearTrust, and Hewlett-Packard OpenView. (HP is actually reselling IdentityBridge through an OEM agreement it formed with Trustgenix last year.)

While Trustgenix provides federated identity management for most applications, it has tapped IdentityForge of Atlanta for iSeries and mainframe expertise and connectivity. IdentityForge’s flagship product, called the IdentityForge (IdF) LDAP Gateway, is a Java-based product that translates LDAP protocol commands from distributed applications into native OS/400 and mainframe commands, including the RACF, ACF2, and Top Secret security environments on the zSeries mainframe.

The IdentityForge LDAP Gateway includes two server-side agents, including the Pioneer Agent, which supplies OS/400 and z/OS connectivity, and the Voyager Agent, which only supports the mainframe. The Pioneer Agent provides direct support for a range of actions users can take on IBM iSeries and mainframe servers, including adding, deleting, or modifying users to the system; adding users to user groups; changing passwords or forcing a password reset; and list, authorize, and authenticate user.

By integrating the IdF LDAP Gateway and Trustgenix IdentityBridge products, the two companies hope to give OS/400 and mainframe shops a leg up on the development of a wider federated identity management system that spans Unix, Linux, and Windows systems, as well as their established host platforms.

“Identity management technology was originally developed on the mainframe, where controlling access to applications was critical to protecting business operations,” said Timothy Finley, executive vice president of worldwide sales for Trustgenix, which is based in San Jose, Calif. “As a result, today’s mainframe environments maintain sophisticated user account repositories. Our strategic partnership with IdentityForge enables enterprises to extend the value of their mainframe investments with identity federation.”

Likewise, IdentityForge’s vice president of sales, Michael Hrobat, says the capability to share mainframe and midrange user identities with other environments opens up new possibilities. “It allows for the preservation of current mainframe and midrange assets, which contain the majority of the company’s customers, employees, and partners credentials,” he says.

IdentityForge is currently developing a bi-directional OS/400 adapter that will be on par with its mainframe technology and provide a deeper level of interaction. Currently, the company offers a one-way adapter, which somewhat limits its functionality Hrobat says. The bi-directional OS/400 adapter is scheduled for delivery by the end of the first quarter of 2006.

The companies announced their partnership last week at the SHARE mainframe user conference in Boston. The companies say the integrated Trustgenix IdentityBridge and IdF LDAP Gateway solution will be available in the fourth quarter of 2005. The adapter that connects the two products will be sold with the Enterprise and Carrier Editions of Trustgenix IdentityBridge (but not the Standard Edition). Customers will have to purchase the IdF LDAP Gateway separately, company officials said.

Pricing for Trustgenix IdentityBridge Enterprise Edition starts at $25,000. Pricing for the IdF LDAP Gateway also starts at about $25,000. For more information visit www.trustgenix.com and www.identityforge.com.