HP Wednesday turned a licensing agreement into an acquisition when it signed a deal to buy Trustgenix, which develops a federated identity server.
HP has been working for the past few years on bolstering its identity management wares as part of its OpenView platform. Last year, HP signed a licensing deal with Trustgenix that materialized as HP's Select Federation server. In July, HP announced upgrades to that product along with upgrades to Select Identity, which is provisioning software that the company acquired when it bought Trulogica in March 2004, and Select Access, which is Web access management software it acquired from Baltimore Technologies in 2003. The upgrades centered on automation and reporting features, as well as improved integration among the applications.
Terms of the Trustgenix deal were not disclosed, but it is expected to close in the next 30 days. The deal leaves Ping Identity as the only independent player in the identity federation server market.
Earlier this month, Trustgenix released IdentityBridge 2.5, a server focused on federating identities among companies or corporate divisions that includes support for Security Assertion Markup Language (SAML) 2.0, the latest version of the standards-based authentication protocol. The server also provides a framework for end users to manage their privacy.
Over the past few years, major vendors have been playing the identity consolidation game, which experts say is now coming to a close. Just last week, Oracle made two acquisitions - Thor Technologies and OctetString. Others such as BMC, CA, IBM, Microsoft, and Sun have been building identity suites through acquisition. Experts say HP is playing a catch-up role to these other vendors. Novell, which is rumored to be making an identity announcement next week, and RSA have largely built their suites internally.
Identity is becoming a hot IT topic as companies feel pressure from federal regulations and privacy issues.
Ping Identity, the lone independent in the federation market, doesn't see the identity suite as inevitable.
"While the rest of the industry consolidates their functionality, Ping looks to provide modular, lightweight solutions built entirely on open standards," says Andre Durand, CEO of Ping Identity. "Our customers have told us that they want loosely coupled, lightweight and standards-based solutions. One of our larger customers actually referred to this as the 'anti-suite' approach."
Durand says there seems to be two diametrically opposed forces at work within the identity management industry. "First, large security and identity management vendors are shoring up their product suites, looking to become sole-source providers of tightly integrated authentication, authorization, provisioning and federation functionality.
Simultaneously, customer requirements for cross-vendor, cross-company interoperability are driving new standards into each of these capabilities. The need for interoperability of authentication is what drove the need for federation ahead of the other elements within the identity management stack."
HP is acquiring Trustgenix just as SAML 2.0 is beginning to solidify as the protocol of choice for federation. The lone dissenter is Microsoft, which is supporting its own WS-Federation standard in its Active Directory Federation Services (ADFS), which is slated to ship in December. Microsoft, however, is supporting the SAML token format in ADFS but not the SAML protocol engine.
SAML 2.0 was approved as an official standard in March by the Organization for the Advancement of Structured Information Standards. Observers say vendors are now proving SAML interoperability among products just as early adopters are beginning to get serious about the technology.
This month, the Liberty Alliance, a consortium of companies and organizations that works on standards for federated identity, said products from IBM, NEC, NTT and RSA Security had passed its most recent interoperability tests using SAML 2.0, which Liberty has adopted.
In August, the Liberty Alliance hosted its first test for multi-vendor interoperability based on SAML 2.0 and the Liberty Identity Web Services Framework 1.1 specifications. Eight participants passed -- The Electronics & Telecommunications Research Institute, Ericsson, Novell, Oracle, Reactivity, Sun, Symlabs and Trustgenix.
In February at the RSA security conference, 13 vendors -- including CA, Entrust, HP, Oracle, RSA Security, Sun, and Trustgenix -- staged a SAML 2.0 interoperability demonstration that also included the federal government and its E-Authentication Initiative.
And in July, The Burton Group staged an interoperability demonstration among 14 vendors, including Trustgenix and Ping, using multiple protocols, including SAML 2.0, the Liberty Alliance specifications, the Shibboleth protocols developed for Internet2, and the WS-Federation protocol developed by IBM and Microsoft.