Supporting Business Agility

To create a cost-effective, secure and scalable identity and access management solution, Daston has integrated Oracle Waveset (previously called Sun Identity Manager) and CA SiteMinder with custom Java applications.

Our expertise and consistent implementation of industry best practices combined with these best-of-breed COTS applications, which are consistently ranked in the Gartner Magic Quadrant, provide a full suite of user management tools that enable:

• User and attribute synchronization between corporate resources
• User self-registration to allow an organization's external personnel to access internal web-based applications
• Active Directory (AD) account creation (provisioning) and deletion (deprovisioning)
• Single Sign-On between enterprise-level web applications
• User authentication utilizing the Department of Defense (DoD) Public Key Infrastructure (PKI)

Identity Management

Daston's Identity Management solution combines custom Java applications, Oracle Waveset, and a set of custom Apache AXIS-based web services to create and synchronize user accounts between enterprise-level resources, e.g., HR Systems, Intranet Services Directories, and File Servers.

As personnel enter and leave the organization, their accounts in the HR database are updated. Several custom-built java applications recognize these changes and either create or update accounts as required in the directory.

To support an automated account creation and disablement in the Active Directory (AD), Daston has developed several identity management custom workflows. The workflows include a deferred task approach to account for the latency in users AD accounts getting propagated through the various Active Directories. The deferred task delays the setup of the user's file shares in the Active Directory domain to insure the account is available on the file server.

Additional features include:

• A web service interface to support remote invocation of the account provisioning/ deprovisioning
• Oracle-recommended procedures for building and deploying the Waveset identity application using version control concepts and associated build scripts which simplify the building of the customized identity management application for server environments and support the efficient build-out of development, test and production servers
• Processes/scripts that monitor the health of the Identity Management solution and notify application and system administrators when issues arise and monitor the availability of the custom java applications as well as the Identity Manager synchronization function

Access Management

Daston's access management solution combines a local CA SiteMinder implementation, application integration with the Army's AKO SSO Infrastructure which is also based on CA SiteMinder, and a set of custom web services to facilitate application authorization.

The local CA SiteMinder implementation provides a client PKI certificate implementation that consists of a central web-server that performs the PKI authentication and a local OCSP responder to provide certificate revocation status.

The SiteMinder solution includes standard web agent integrations with SunONE Web Server, IIS 5.0/6.0 and Apache web servers as well as custom solutions for the Open Text Collaboration Server Java Authentication and Authorization Service (JAAS) module, the Oracle Waveset user interface, and several IBM Cognos implementations.

As part of a larger initiative within the Department of Defense to utilize enterprise services instead of local "enclave" services, Daston provides support for migrating Internal Web Applications to the Army SSO infrastructure as well as provides a web-services solution to translate the enterprise identity supplied by the Army into a local identity.