DotSec designed, developed and continues to support an Identity and Access Management (IAM) infrastructure that is owned by SPARQ Solutions, and that was designed and built to be used by customers (domestic and contractor) of Energex and Ergon.
The IAM infrastructure was implemented within the .Net framework, and supports both native .Net applications and non-Windows LAMP and Java applications. The IAM infrastructure was designed to meet a number of key requirements, including:
- Centralised authentication and access control. Instead of each application requiring detailed knowledge of the authentication mechanism (display form to collect passwords, verifying passwords against an account store (e.g. LDAP), look up groups/roles) they can delegate that work to a central service
- User self-management. Users should be able to self-register (with appropriate controls to prevent bot registrations), reset their passwords and manage their user profile securely without involvement from the business.
- Subscription model for participating (third-party) applications. The third-party application owners (Energex and Ergon) remain responsible for their applications and access control; SPARQ only remains responsible for the user accounts.
- Load-balanced and highly available. Redundant infrastructures are deployed as a distributed, active-active pair, with each “half” of the pair able to deliver services in the event that the other half should fail.
- Supports heterogeneous platforms. Third party applications can run on Apache/Linux or IIS/Windows, and can integrate with the authentication and access control mechanisms from either platform.
- Web SSO. Participating third-party businesses can choose to take advantage of web single sign-on (Web SSO), depending upon business requirements and policy.
- Federated Identity Management with ADFS server acting as Identity provider. Because each application is decoupled from the IAM infrastructure, it is much easier to migrate the applications to different locations (between physical networks) without breaking the authentication and access control processes.
- Support for both SAML2 and WS-Federation applications. For example, one third-party’s application runs on an Apache/Linux environment and was implemented as a SAML2 service provider using the Shibboleth SAML2 libraries; another party’s application runs on IIS/Windows with WS-Federation service providers using Windows Identity Foundation (WIF). All good!
DotSec’s IAM infrastructure enables new business at SPARQ, allowing the rapid integration of new applications running on heterogeneous platforms, and owned by a range of third-parties. Since all new applications must adhere to the standards-based (SAML and WS-Federation) infrastructure, the time and cost of integration is reduced and the risks associated with third-party applications are reduced.