CoreBlox Blog

CA SiteMinder Expands Open Source Support

February 8th, 2010 by Chad

opensource_logo This morning I noticed an interesting item in my news feed that CA SiteMinder has been expanded to support web applications and services running on JBoss Enterprise Middleware. This means that popular platforms such as JBoss Enterprise Application Platform, JBoss Enterprise Portal Platform, and JBoss Enterprise SOA Platform are now fully in play for CA SiteMinder customers.

Anyone who is familiar with enterprise software can tell horror stories about its acquisition & maintenance costs, not to mention the frustration that comes when an internal team identifies a bug that must await a formal fix from the vendor because its root cause lies in the source code. Only those who have experienced this pain can fully appreciate the value of the open source model. The CoreBlox team leveraged an open source platform during the early stages of the company and we were continually impressed by the passionate community that backed it up and was always willing to help. It’s encouraging to see a large corporation like CA recognize the importance of extending SiteMinder support to those who choose to build their infrastructures (either solely or partly) on open source technologies. Well done, CA!

Tags: CA SiteMinder, CoreBlox, enterprise security, JBoss, JBoss Enterprise Application Platform, JBoss Enterprise Middleware, JBoss Enterprise Portal Platform, JBoss Enterprise SOA Platform, open source, Red Hat, siteminder, SSO
Posted in Identity and Access Management, Interesting Info | No Comments »

Quick guide to installing SiteMinder WAM R12 SP2

January 22nd, 2010 by Eric

One of the major differences between SiteMinder Web Access Manager (WAM) R12 SP2 and pre-Sp2 is in the changes made in setting up the Administration UI. The SP2 installer comes with an option to choose between a pre-configured Jboss Application Server (JBoss [Trinity] 4.2.3.GA - to serve up the Administration UI components) and your other application servers (JBOSS, WebLogic or WebSphere). In addition to that, it appears that the complex method of configuring the initial administrative user has been removed. Prior installations required you to set up a user store and configure it with the right structure in order to set up the administrator login. These improvements have made it easy to set up SiteMinder R12 SP2 relatively quickly (under 30 minutes) and significantly less complex, which to me is key for those trying to get up to speed with R12.

For those of you who are not aware, R12 allows you to install SiteMinder Administration UI ‘clients’ that can exist on remote servers separate from the Policy Server instance. We’ll be installing everything on the same machine for this tutorial.

Just keep in mind that that you might need to run a client command utility called XPSRegClient to create a trusted relationship between the Administration UI client and the Policy Server when launched for the first time. The most common error that you’ll get is the “no registration on file” message when attempting to log into the Administration UI. See the ‘tips’ section for when you need to run this utility.

The goal of this mini-tutorial is to guide you through how to set up SiteMinder in a Windows environment using ADAM as a policy store (you should be able to use any other supported policy stores) and using built-in application server that ships with the installer – all on the same machine. This is especially useful for those that do not have time to comb through the installer guide.

NOTE: This tutorial should be applicable to the other installers available for Solaris, Linux, HP-UX and AIX.

1. Make sure you have JRE/JDK 1.5 (I’d recommend the most recent JRE/JDK 1.5 version to stay on the safe side) installed on the system that you are about to install SiteMinder on. This is a requirement for the SiteMinder Policy Server.

2. Go to http://support.ca.com and download the following installers:

a. CA SiteMinder Policy Server r12.0 SP2 for Windows-32-(ESD only)

b. Administrative UI Prerequisite Installer for Windows-32-(ESD only)

c. CA SiteMinder Administrative UI r12.0 SP2 for Windows-32-(ESD Only)

3. Configure a new ADAM instance (follow steps 1 through 4 in the Configuring ADAM as a SiteMinder Policy Store guide)

4. Unzip the CA SiteMinder Policy Server r12.0 SP2 for Windows-32 installer and run it.

5. Install SiteMinder R12 SP2. The installation should be straightforward.

a. Just make sure you choose the option to initialize the instance.

b. In the “Create SM Key Database”, it wouldn’t hurt to choose to import the default CA certificates (Certificate Authority).

6. Unzip the Administrative UI Prerequisite Installer for Windows-32 and CA SiteMinder Administrative UI r12.0 SP2 for Windows-32 installer into the same directory.

NOTE: This is important because the Administrative UI prerequisite installer requires the layout.properties file from the Administrative UI installer and if it does not find it, it will abort the installation by indicating that it was unable to find the layout.properties file.

7. Run the adminui-pre-req-12.0-sp2-win32.exe installer.

8. The only options you’ll have to specify is the location of the installation and the server and port number for the Administrative UI to exist on.

9. Once you’ve completed, the prerequisite installer will kick off the ca-adminui-12.0sp2-win32.exe installer automatically. If not, run it.

10. There is no additional configuration parameters to be entered during this install and might take a while to install as it compiles and configures the UI components on the application server.

11. Once completed, the installer will attempt to launch a browser and display the SiteMinder Administrative login:

Note: Under the covers, this step starts the application server and registers the SiteMinder Administration UI with the Policy Server.

12. Use SiteMinder as the username and enter the super-user password that you specified during the SiteMinder Policy server installation. Leave the ‘server’ blank as it will default to using the local server and port (unless you have specified otherwise)

13. And you’re done! You should be able to proceed with importing your SiteMinder 6.x policies and viewing them in the new Administration UI.

Tips:

If the time difference between the time you installed the Policy Server and the time you installed the Administration UI is greater than 24 hours, you might need to run the following command if you see this error when trying to login to the Administration UI for the first time:

c:\CA\Siteminder\bin>XPSRegClient siteminder -adminui-setup -t 1440 -r 5 -cp -l c:/logs/ -e c:/logs/error.log –vT

• (run XPSRegClient.exe without any parameters to get the catalog of option).

• The parameter ‘siteminder’ refers directly to the super-user

• You’ll be prompted to enter a passphrase, use the super-user password

This step is necessary to create a trusted relationship between the client and the policy server.

Another thing to note is that the built-in JBoss 4.2.3 application server runs on its own JRE (1.6.0_13) that is found in the adminui/runtime directory.

As you see, the updated R12 SP2 version of SiteMinder has made it significantly easier for users to install SiteMinder R12. Check this article for an overview of how you would plan your CA SiteMinder Upgrade to R12.

Tags: adminui, Database, Identity and Access Management, LDAP, policy server, project planning, R12, R12 sp1, R12 sp2, siteminder, updates, upgrade, WAM, Web Access Manager, XPSRegClient
Posted in General | 2 Comments »

CoreBlox.com Changes

January 19th, 2010 by Chad

If you’re paying close attention to the CoreBlox web site (and I know you are!), you might have noticed some recent changes we’ve made to better answer that age-old question: what the heck do you guys do?? The truth is that most of our consulting work centers on some specialized enterprise security concepts and technologies that our visitors have never heard of. So to offer a little more guidance, we’ve added a new CoreBlox Technologies section. The sub-pages in this section include:

Keep watching for more changes we’ll be deploying in the coming weeks. In the meantime, we’re here to help. Please don’t hesitate to contact us if you’re in the midst of planning new initiatives, or even if you just want to bounce some ideas around. Also check out our SSOhelp community where some of the brightest minds in the security space are exchanging ideas and helping each other through tough challenges.

Tags: Access Management, CA Identity Manager, CA SiteMinder, CoreBlox, CoreBlox.com, enterprise security, identity management, LDAP, netegrity, Radiant Logic, Radiant Logic VDS, SAML, siteminder, SSO, SSOhelp.com, Virtual Directory
Posted in CoreBlox News, Identity and Access Management, SSOhelp.com, Virtual Directory | No Comments »

Happy Holidays

December 29th, 2009 by David

happy_new_year Best wishes for a healthy and prosperous 2010!

-Team CoreBlox

[photo credit: optical_illusion @ Flickr]

Tags: 2010, Happy Holidays, Happy New Year
Posted in General | No Comments »

Why RockYou Should Have Federated Identities

December 18th, 2009 by Chad

In case you haven’t seen the news, RockYou’s users have become casualties in the latest web privacy breach. TechCrunch detailed RockYou’s numerous transgressions here:

Earlier today news spread that social application site RockYouhad suffered a data breached that resulted in the exposure of over 32 Million user accounts. To compound the severity of the security breach, it was found that RockYou are storing all user account data in plain text in their database, exposing all that information to attackers. RockYou have yet to inform users of the breach, and their blog is eerily silent – but the details of the security breach are going from bad to worse.

32 million users. If you thought you were having a bad day, imagine what RockYou’s leadership team is dealing with. Winning back the trust of a single user can be challenging, let alone the other 31,999,999.

RockYou has some 'splaining to do

Of course it’s easy to pile on RockYou for the many boneheaded decisions that led to this breach. Users can’t protect themselves if they don’t have the proper tools, and the act of promoting the use of simple passwords by practicing non-existent password policies is a virtual invitation to hackers. Sadly enough, even stricter policies could not have saved RockYou since they elected to store passwords in the clear. In the applications world this is the ultimate rookie mistake, and it’s difficult to imagine a company like RockYou making it.

Unfortunately the impact of RockYou’s mistakes has ripple effects for other social network partners. As TechCrunch revealed, RockYou collected user credentials for integrated sites such as Facebook and MySpace and stored them (in clear text) in their database. So if you’re one of the unfortunate RockYou users who submitted login credentials for both those networks, you have more than just your RockYou data to worry about.

So besides following through on their promise and not storing the data to begin with, what could RockYou have done to work around the issue of exposing login credentials from their partner networks to hackers? That’s easy: FEDERATE! Federated authentication is a protocol that allows companies to trust incoming login requests from known sources, thereby eliminating the need for storing a separate login and password. Simply stated, federation is single sign-on deployed across the internet. This means user identities are more portable, the user experience is more seamless, and the login data is more secure since it does not need to be stored in multiple locations.

Facebook Connect login option

Sounds complicated, right? But the reality is you’re probably already using forms of federation in your every day web experience. Authentication services like Facebook Connect and Twitter’s oAuth are examples of federation in action. Why expose yourself to more risk by storing credentials when you can simply piggyback on what your partner is already doing?

Of course, the value of federation isn’t limited to social networks. Large enterprises like CA are using federated security models to drive partnerships and other business relationships. Our own Todd Clayton has described a vision for a Federation Oriented Architecture where the principles of identity federation are applied other data. There is no doubt the need for identity federation is on the rise, and we expect to see plenty of work in this area in 2010.

Unfortunately hindsight cannot save RockYou from the embarrassment over this mess. The users who choose to stay with them can only hope they’ll learn from their mistakes.

Tags: facebook connect, Federation, Federation Oriented Architecture, Identity and Access Management, MySpace, oAuth, security breach, social networks, SSO, twitter
Posted in Federation, Identity and Access Management, Social Networking | No Comments »

Planning Your Upgrade to CA SiteMinder R12

October 30th, 2009 by Todd

CA SiteMinder Internet Access Manager R12 improves upon the functionality available in SiteMinder 6.x in several areas. In addition to fine-grained delegation through the new administration user interface, R12 improves directory mapping, adds support for web services, bundles federation support previously only available through the Option Pack and introduces fine-grained authentication capabilities. While these features warrant upgrade consideration on their own, an eventual end-of-life of SiteMinder 6.x will require an upgrade of your existing environment.

As you begin the process of upgrading your environment to R12, careful consideration is required to make sure the migration goes smoothly. New components like an application server are required and even the way policies are stored has changed with the addition of the extended policy objects. SiteMinder deployments provide mission critical functionality and the upgrade must be completed with minimal risk or downtime. To ensure a smooth upgrade path, ensure that you spend sufficient time planning for each phase of the move to SiteMinder R12.

Your Upgrade Strategy

As you look at your strategy for upgrading to SiteMinder R12, you need to consider the following:

Make sure that you have detailed information on each component of your SiteMinder environment
Understand your maintenance windows
Ensure that you have a good recovery and rollback plan
Map out the upgrade order of the components

Analysis

When breaking down your existing SiteMinder environment, keep in mind the following SiteMinder components:

R12 Upgrade

There are several things to consider as you analyze your current environment. Make sure that you minimally have the following details:

The number of policy servers and agents you have deployed and the versions of each component. The audit logs on the policy servers can be reviewed to capture this information.
Which policy servers are being used by each agent. While the host config object can provide some details here, don’t forget that the SmHost.conf file contains the bootstrap policy server for the agent and that information is not stored centrally. You can use the audit logs to help narrow this down further.
Determine if your agents are operating in failover or round-robin modes and which agents are providing single sign-on for unified applications. Careful review of the upgrade documentation is required to ensure that single sign-on and correct handling of failover and round-robin modes are maintained during the upgrade process.
Determine which authentication schemes are being used and ensure that there are no required configuration changes for those authentication schemes.
Map out all your 3rd-party and custom components. You will want to validate that your 3rd-party components are compatible with R12. Any custom components will require testing and may need to be recompiled.

Spending the time to collect this information will allow you to map out a detailed plan. You can combine this with information on your maintenance windows and off-peak times to minimize the upgrade impact and reduce risk.

Recovery Strategy

If you have the luxury of standing-up another environment and then migrating over to your new systems, recovery is simply a matter of switching back to the old environment. Similarly if you are using VMWare or similar virtualized systems, this give you the flexibility or taking your existing image, upgrading it and then deploying it while being able to roll back to the old image if needed. If you’re like most of us, the only way to do this is inline. Before upgrading, be sure to backup. Aside from backing up the machine, make sure you backup the following:

Policy store using smobjexport
Configuration files like the WebAgent.conf conf, SmHost.conf customized forms and other FCC’s, etc.
Web Server configuration files like Apache’s httpd.conf

Upgrade Plan

Once you have completed the analysis of the environment put together a plan that ensures that all components in the environment will remain compatible. The typical approach is to upgrade the policy servers first and then the web agents. This may change depending on the version of the agents deployed. Once you have run the installer for R12, you can’t revert back without uninstalling. So, make sure that you’ve mapped out a strong recovery strategy.

Make sure that you have tested the upgrade in several environments prior to rolling this out to production. Having a well documented and tested strategy takes some time to put together, but the reduced risk and post-upgrade issues is well worth the investment.

Stay tuned for additional information. We’ll be posting tips-and-tricks, troubleshooting and other information to our blog over our next few posts.

Tags: Database, Identity and Access Management, Internet Access Manager, LDAP, project planning, siteminder, updates, upgrade
Posted in Identity and Access Management | No Comments »

Attention Sales People

October 15th, 2009 by Chad

help_wanted Yesterday we posted a new opportunity in our Jobs section. We’re looking for a salesperson to help prospect and sign engagements for our professional services team. Sales experience is required, and experience with enterprise security is even better. But most importantly, we need someone who is dependable, honest, and hardworking. CoreBlox is blessed with a wealth of enterprise security knowledge and no shortage of clients who will speak to the quality of our work. We know there is plenty of opportunity in this space, and we need someone who can be dedicated to going out and finding it for us. The role is part-time and compensation is commission-based, so it could work out well for someone who is currently between jobs.

Are you interested? Do you know someone else who might be? Please help us spread the word via Facebook, LinkedIn, Twitter, good ol’ fashioned e-mail, or word of mouth! No recruiters please.

Tags: CoreBlox, dependable, enterprise security, hiring, honest, job, professional, sales
Posted in CoreBlox News, General | No Comments »

Extending Augmented Reality with a Virtual Directory

September 23rd, 2009 by Todd

Wikipedia describes augmented reality (AR) as “a term for a live direct or indirect view of a physical real-world environment whose elements are merged with, or augmented by virtual computer-generated imagery – creating a mixed reality.” In essence the real-time view of your world is enriched with additional information making your environment interactive. Take the following simulated example from my recent trip to Las Vegas for DIDW 2009.

augmented reality

So, by glancing out my window, my view is extended with details on my location, the time, upcoming weather and a map of the area. There is also additional information based upon factors I set, like betting and food price ranges so that I instantly know if a location matches places I might be looking to go.

One of the key statements from the Wikipedia article is that “the augmentation is conventionally in real-time and in semantic context with environmental elements…” So, taking that another way, you need a way to describe the world around you in a way that scales and is high-performing. In essence you need to create a virtual mapping of identity information, the attributes of the objects and the relationships between the objects so that this information can be overlaid on the view of the observed world. A directory structure is perfect for describing these virtual representations since the hierarchy describes the relationships between objects and allows you to easily create compound objects that combine the identity and all of the related meta-data into a single entity. There are additional benefits to using a directory for representing this information:

Highly optimized for reads to ensure high-performance
Built-in model for scalability
Ability to replicate information
Robust security model that allows the world to be described based upon authorized information

The problem with using a directory, though, is that the structure is too static and the information must be represented within the directory itself. As the world change or new relationships need to be exposed, the existing tree may not be able to represent the correct hierarchy or expose the right elements. This is typically why people fall back to using a relational database model, but there is another way to address this challenge. Enter the virtual directory.

A virtual directory allows you to create views into the information dynamically and allows you to reshape and adapt the model as your definition of the world changes. Additionally, the virtual directory allows you to describe the world semantically in sentences that model the relationships between objects. Take a look at Michel Prompt’s blog post entitled “From Static Directories to Context Servers” for additional information. While the post focuses more on classical business challenges, it is not a big leap to take this into other realms where context and relationships are important like AR.

If we take the picture above and apply a directory structure to the relationships, the hierarchy might look like:

Tree Structure

The beauty is that the information represented in this structure can come from local data, other directories, databases and even web services allowing you to pull together a robust representation of all of the information necessary to describe the virtual representation of the world around you. Additionally, the virtual directory gives you all the benefits of a standard directory for scalability and security.

Another critical function to ensure scalability and performance is to be able to easily create a cached representation of this information. This is due to the amount of data, complexity of the relationships, speed of information sources and real-time nature of the augmented reality system. Some virtual directories like Radiant Logic’s RadiantOne VDS allow you to create a persistent cache that can be updated in real-time. This is important since data describing your virtual world can change frequently so other caching mechanism (e.g. memory caches) based upon a time-to-live or aging algorithm can become easily outdated which would lead to an incorrect model.

Additional information on Augmented Reality can be found here:

Bonsor, Kevin. “How Augmented Reality Will Work.” 19 February 2001. HowStuffWorks.com.
Jim Vallino’s Augmented Reality Page
TED Talks Pattie Maes and Pranav Mistry demo SixthSense (note that this is a video that will begin playing)

I’m curious to hear your take. Where would you like to see identity and data virtualization go in the future? I think there are many other use cases which could warrant being able to leverage an abstraction layer to bring context to your identity and related information.

– Todd

Tags: AR, Augmented Reality, LDAP, Radiant Logic, radiantone, Virtual Directory, virtualization
Posted in Identity and Access Management | No Comments »

Using SiteMinder to redirect users to a “Message of the Day”

September 15th, 2009 by Darren

detour

This is a fairly common request from our SiteMinder clientele.

“We would like to be able to “flip a switch” when we have some kind of notification that we need to share with all of our website users/customers. Once the switch has been flipped, the users should be redirected to this page immediately upon login. After acknowledging the notification, they should be taken to the original page they were requesting.”

Possible uses:

There is a new offer that we want our customers to see.
We want to make sure customers have read our “terms and conditions” page before they are allowed to access some protected content.
We have a new customer account requirement, such as Forgotten Password Challenge Response Questions, and we want customers to be redirected to a page to fill out those questions if they have not already done so.

We have seen other companies try to enforce this without CA SiteMinder, using their own redirects after login. The problem there is that the user can often circumvent it by manually changing the URL again to the page he was trying to get. The benefits of using CA SiteMinder to enforce this, is that you are controlling it at the authorization level, and not simply putting in a post-login redirect. So there is no way for the user to ignore it and manually change the URL to what he was originally trying to access without first acknowledging the notification/completing the required account maintenance/etc.

SiteMinder’s Advanced Password Services (APS) has a built in feature that makes this a little simpler, but you can do it with out-of-the-box SiteMinder functionality, with just a little more work. Here’s how:

Assumptions and notes for this example:

There is an attribute in your LDAP or DB that is used as a flag to tell if the user has or has not seen the notification. For the example below it’s called “hasreadnotification” and 0 means no, anything non-zero means yes. In this example, we will cover the scenario where you want your customers to see the “terms and conditions” page. The policy user entry pieces are shown below in LDAP format, it would be different for DB’s. The terms and conditions page is located at /pages/termsandconditions.asp. This page must have 2 capabilities:

It must be able to flip the bit in your LDAP or DB when the user acknowledges the notification.
It must be able to read a cookie and redirect the user there after he acknowledges the notification.

Steps:

1) Turn off caching of negative authorizations

When using SiteMinder’s authorization cache, it will store a user’s success or failure to be authorized for a given page. In a scenario where you may be temporarily rejecting a user’s authorization because they need to read a notification first, you do not want SiteMinder to cache this rejection. As of SiteMinder 6.0 sp5 cr011, you can disable the caching of authorization failures so that once the user is done reading the notification, and tries to visit the page again, he is not rejected due to cache.

Open regedit (or open sm.registry file if your policy server is on UNIX)
Navigate to HKLM–>Software–>Netegrity–>CurrentVersion–>Ds–>DsCacheParms
Change: DsInfoEnabled=3 (NOTE: this is contrary to what is in the SiteMinder release notes, it is a doc bug)
Close regedit
Restart the Policy Server

2) Update login form to store the originally requested page in a cookie

The target page that your user was originally requesting will be lost when he is redirected to the notification page. The simplest way to overcome this is to configure your fcc login page to store the target in a cookie. Then this cookie can be read by your notification page, to send the user there after he acknowledges the notification.

Open your fcc file in a text editor
At the top amongst the other @ directives, insert the following line: @smtransient=TARGET
Save and close the file

3) Update policies to disallow users who have not seen the notification

In each policy that controls access to pages that should only be seen by those who have acknowledged the notification, you must put a new entry into the policy to prohibit authorization for anyone who hasn’t. This can be very tedious if it applies to a large set of realms, but there is no good way around it, since Global Policies apply to all users and we only want these new policies to apply to users who have not acknowledged the notification.

Open the policy
On the users tab, enter: (hasreadnotification=0)
Click “Add to Users”
While that new entry is still highlighted, click the “Exclude” button.
Click OK to save and close the policy
Repeat for all relevant policies

4) Create AccessReject rules

This one cannot be done at the Global level, because Global Rules only show up when adding rules to Global Policies. So in each realm that governs access to pages with the notification restriction, you will need to create a new rule.

Under each relevant realm:
Right click on the Realm and Create Rule under Realm
Name the rule AccessRejectRule
Select the proper Agent or Agent Group
Leave the resource as *
Under Action, select Authorization events, and then OnAccessReject from the dropdown list
Click OK to save and close the rule

5) Create redirect Responses

This is the only piece that can be done at the Global level, and it will show up in the available responses when adding responses to any of your policies.

Under the Global Policy tab
Right click on Responses, and Create Response
Name the response RedirectToNotifyPage
Click the Create button
In the dropdown, select WebAgent-OnReject-Redirect
For Variable Value, enter /pages/termsandconditions.asp
Click OK, OK to save and close the response

6) Create new Policies to redirect users

This one cannot be done at the Global level, because Global policies have to apply to all users, and we only want this redirect to apply to those who have not read the notification. In each policy domain that has realms which govern access to pages with the notification restriction, you will need to create a new policy.

Under each relevant domain, right click on Policies, and Create Policy
Name the policy RedirectUsersToNotifyPage
Under the users tab, in the manual entry field, enter: (hasreadnotification=0)
Click Add to Current Members
Under the rules tab, add the AccessRejectRule rule
Highlight that rule, and click Add Global Response
Select the RedirectToNotifyPage response
Click OK, OK to close and save the Policy

That’s it for the SiteMinder configurations. When you want to engage this functionality, run an LDAP or DB script to set hasreadnotification=0 in the necessary user accounts. This tedious setup can often be recycled with very little effort. If a new required notification comes up, located at a different URL, it can be as simple as changing the Value in the Response and then rerunning the LDAP or DB script that sets hasreadnotification=0 in the necessary user accounts.

[Photo credit: JoshuaDavidPhotography.COM via Flickr]

Tags: access control, account maintenance, Identity and Access Management, notification, siteminder, terms and conditions
Posted in Identity and Access Management, Interesting Info | 4 Comments »

Digital ID World 2009 – Next Week!

September 10th, 2009 by David

DigitalIDWorld

It’s time for Digital ID World once again. Todd was invited to be a panelist at one of the expert roundtables. The topic has to do with Oracle’s acquisition of Sun Microsystems, which was announced back in April of this year:

The Impact of Oracle/Sun Acquisition on IdM and the Directory and Virtual Directory Market– Expert Round Table

Moderator: Dieter Schuller
Panelists: Todd Clayton from CoreBlox, David Rusting from Unisys
Invited panelist: Ash Motiwala from Identropy

The April 20th announcement that Oracle is acquiring Sun Microsystems sent huge shockwaves through the IT marketplace. In particular, both Sun and Oracle directory customers are concerned about their investments in what is considered a mission critical component of their infrastructure and are eager to learn what the impact on their infrastructure may be. In this session a group of industry experts will discuss possible solutions to this dilemma and how directory virtualization may be the key to creating a vendor agnostic infrastructure.

The roundtable event goes from 3:45PM to 4:15PM on Monday. If you happen to be at Digital ID World, pop in and see what Todd has to say!

You can also follow the event on Twitter:

http://twitter.com/DigitalIDWorld

-Dave

Tags: acquisition, Digital ID World, las vegas, oracle, sun microsystems, Virtual Directory, virtualization
Posted in Identity and Access Management | No Comments »