1 Introduction
Providing the right access to the right application for the right user at the right time is getting increasingly important for today’s organizations. IT and more precisely Identity and Access Management teams have to provide the technical foundation for communication and collaboration with external parties such as business partners and customers. Requirements and use cases change swiftly. The required integration between application infrastructure, identity providers and the actual end users has to be adapted reliably and quickly alike to fulfill business, security and privacy requirements. Organizations need to develop technological and strategic approaches to enable this integration, which results in particular from the changing cooperation models in the context of digitalization.
Web Access Management (i.e. the combination of Web Application Firewalls and Access Management) and Identity Federation are key technologies enabling the integration of the above given building blocks. These technologies enable companies to provide internal and external access to internal and external systems, including cloud services, and to manage them consistently and efficiently.
Web Access Management and Identity Federation have been used successfully for years and are used extensively in many application scenarios. Increasing acceptance is accompanied by a considerable increase in interest in the possibilities of these technologies. This goes hand in hand with the development of the Web browser into the universal application client software and the provision of practically every relevant application system as applications that can be accessed through common internet technologies.
This is where technologies such as Web Access Management and Identity Federation come in: Web Access Management acts as a gateway approach that is logically located in front of standard applications and performs authentication and usually coarse-grained authorization to back-end applications. That type of security infrastructure also can intercept and modify the browser-server communication by applying HTTP header injection to add authorization information to the HTTP header that then is used by the backend application. Some tools also support APIs for authorization calls to the system.
Identity Federation describes the standardized use of the same identity data across multiple organizations. These can be companies within a group, but Federation is especially becoming increasingly important for the extended or connected enterprise in order to enable customers, partners and suppliers to access common applications. It allows splitting authentication and authorization between an IdP (Identity Provider) and a Service Provider (SP) or Relying Party (RP). The communication is based on standardized protocols, such as OAuth 2.0, OpenID Connect or UMA, to allow for a high level of interoperability. By that, Identity Federation can be used in various configurations, including federating from internal directories and authentication services to Cloud Service Providers.
Virtually all companies and their business departments face current challenges when it comes to adapting to changing requirements. They demand solutions for new business requirements such as the on-boarding of business partners, self-registration particularly of external users, collaboration with freelancers or mobile workers, customer access to in-house services, access to cloud services and much more. As a result, access management and federation have changed their initial roles of being tactical IT tools to strategic infrastructure elements that enable business agility while maintaining the necessary security and compliance. These services are thus the basis for meeting the diverse customer requirements mentioned above and for enabling modern extended enterprise concepts.
United Security Providers (USP) is a Swiss software vendor and service provider being organized under commercial law as a public limited company (AG), USP has offices in Bern (headquarters), Zurich, London and Minsk. The company currently employs more than 100 security professionals and operates its own 24/7 Security Operations Center. While their initial and main target market is Switzerland, they are sustaining a growing market reach beyond their domestic market, especially in Germany, Austria and the UK.