Ping Identity Corp, which last year introduced one of the first standalone tools for managing federated identities based on the SAML 2.0 standards, is now releasing a follow-on that deals with security tokens.
The idea of using tokens is that, in a distributed system, you don’t always want or need to send all of the information about a requestor all over the Internet. Tokens are used for passing just enough information about the requestor that a service provider needs.
That information can range from a simple anonymous note that a remote gateway has validated the user, to more detailed information for sources, such as in healthcare or financials, that must maintain deep audit trails of who is requesting what and when.
Ping’s new offering, called PingTrust, is a standalone system that supports the proposed WS-Trust standards, which cover security tokens. It can work with Ping’s Federated Identity Server or in standalone mode.
PingTrust performs tasks such as converting incoming tickets from commonly used internal protocols such as X509, Kerberos, or user name and password, into WS-Trust compliant tokens that can be embedded into a SOAP message that is sent to a remote service provider. In doing so, it can convert the information, if that’s all that the service provider requires, or query back the originating system for additional credentials.
The product also comes with a software development kit for building custom integrations for other identity management protocols. It also supports authentications from Netegrity (now part of CA) SiteMinder and Salesforce.com. On the horizon, support will likely be extended to Oblix, another federated identity suite.
Of course, you could also buy WS-Trust capabilities as part of a larger identity management or web single sign on offering, once they are available. Ping’s value proposition is that it provides a point solution for converting internal authorizations and authentications in WS-Trust tokens, if you already have the other piece sin place and that’s all you need.
Ping is also betting that WS-Trust will become a formal standard. That bet looks likely, since the formation by Oasis of the WS-SX technical committee last fall to formulate standards governing exchange of tokens or assertions inside SOAP messages. WS-Trust joins two other proposals, WS-SecureConversation and WS-SecurityPolicy, which are being tackled by the committee.
PingTrust is available now. Like PingFederate, you can get the first 100,000 transactions for a free trial, then pay either by subscription or conventional software license.