Sun Microsystems has announced general availability of the Sun ONE Identity Server 6.0, described as "the industry's first open-standards based network identity solution. It provides a standards-based implementation that leverages Java technology, Liberty Alliance federated identity, Security Assertion Markup Language (SAML), and other industry standards (Java Authentication and Authorization Service - JAAS, JDK Logging, SOAP, HTTP/HTTPS, XML DSIG). A key component of Sun's overall identity management solution, Sun ONE Identity Server is built on top of the Sun ONE Directory Server which provides a central repository for storing and managing identity profiles, access privileges, and application and network resource information. It leverages the consolidation capabilities of the Sun ONE Meta Directory which consolidates and integrates identity information spread throughout the computing environment into a single profile. Core services include access management, identity administration, federated authentication, and service management. A key capability of the Sun ONE Identity Server is the ability to federate identities, via either SAML or the Liberty Specification (Single Sign-On and Federation Protocol; Federation Termination Notification Protocol; Name Registration Protocol; Single Logout Protocol; Identity Provider [IDP] Introduction Protocol), both internal and external to the organization's firewall."

From the text of the announcement:

Increasingly, organizations require the ability to enable their employees, business partners and customers to easily and seamlessly access information and services via the Web in a secure, privacy-protected, non-proprietary, cost-effective manner. By providing a foundation based on SAML standards, Sun provides a complete identity and access management foundation that helps secure the delivery of business information today through open standards such as Liberty and provides organizations with the ability to adapt to changing business requirements. The Sun ONE Identity Server 6.0 is the first commercial-grade identity management solution that fully integrates access management, delegated administration, directory and federation services into a single product. A key component of Sun's overall identity management solution, it is built on top of the market-leading Sun ONE Directory Server and leverages the consolidation capabilities of the Sun ONE Meta Directory.

The Sun ONE Identity Server 6.0 integrates the Sun ONE Directory Server and includes the following core services:

Access Management: Delivers single sign-on for Web-based resources and centrally controlled access services. Flexible authentication mechanisms including LDAP, RADIUS, X.509v3 certificates, SafeWord token cards, and UNIX platform authentication services. APIs in C, Java, and XML allow customization and easy integration for policy, authentication, auditing/reporting, and client interfaces.

Identity Administration: Provides centralized administration of identities, policies, and services. A flexible model of delegation enables administrators to provide users with self-administration for management of their own profile attributes. N-levels of delegation support organizations by domain, roles, groups, applications, or services.

Federation: These services enable shared authentication with affiliate organization Websites and are supported through the Liberty Alliance and SAML (Security Assertions Markup Language) specifications. These specifications will help establish an open, single sign-on standard with decentralized authentication and authorization.

Service Management: These capabilities help manage configuration data of external applications and services and provide a solution for customizing and registering management parameters for external applications, such as service-delivery via a portal or mail quota on an e-mail server. These parameters or attributes are grouped into services that can then be managed using the Sun ONE Identity Server.

ROI on Automated Identity and Access Management: The Sun announcement references a study conducted by Gartner Research on ROI derived from identity and access management (IAM) solutions.

"IAM is defined as automated provisioning of user accounts and access rights, extranet access management (EAM) and end-user self-service password reset solutions. According to the study, ROI of nearly 300 percent and savings of $3.5 million can be achieved over three years by a business of 10,000 employees implementing an automated provisioning solution. User provisioning is the combined business and technical solution that companies use to manage user access to systems, Web and non-Web applications including accounts, access rights and the access request approval process... Another finding of the study concluded that EAM implementation also delivers a high ROI. For a business supporting 50,000 external users, ROI of 375 percent can be achieved over three years. EAM is the technology companies use to control user access to Web-based applications including authentication, authorization and single sign-on... A company implementing EAM solutions for 50,000 external users would save 24,000 hours per year in security administration and 17,800 help desk hours per year, according to the study... With EAM and user provisioning, the study found the volume of users and applications drives ROI benefits. Companies with a large number of users and applications would achieve a higher ROI and cost savings compared to companies with fewer users or applications..." See "Gartner Consulting Study: Automated Identity and Access Management Solutions Can Yield 300 Percent ROI Ernst & Young LLP, Microsoft, Netegrity and Protiviti Sponsored the IAM Gartner Consulting Multiclient Study."