One of the biggest impediments to true productivity in an enterprise is the inability of applications to share data across domains. So much of a typical worker’s effectiveness relies on applications that are both internal and external, but because security is a critical issue, it often enforces roadblocks to the flow of the needed data. Users are able to access data from different sources, but they aren’t truly able to manipulate and work with the data in a meaningful way because the data itself isn’t talking or transacting among one another. To put it another way, it’s like being given the key to the front door of a great house, but then having to go get a separate key for each room inside the house.
Obviously, the easier way to do this is to have data being shared, but remaining secure in the process. Going back to our analogy, we want users to have one key to get into the house, and to then the ability to roam freely from room to room (while being able to effortlessly keep the unwanted neighbors from getting in). So, to address this need, we’ve announced at the RSA Conference the first true product of its kind in the market - SOA Software OAuth Server, which offers a security server that integrates with identity and access management systems. It includes all updated Web services and API security standards including OpenID and OAuth. But the key thing about it is it’s ability to be the central monitor for secure data transactions across internal and external environments.
We’ve been working closely with customers and partners to define what’s necessary to provide a full service set of security and authentication capabilities in one complete product. We realized that it’s not enough to provide an out-of-the-box solution that delivers our own version of access control and identity management tools; rather, it was far more valuable to provide a flexible solution that could leverage the work that’s already been done by product development teams to integrate with existing security frameworks. So with that in mind, SOA Software OAuth Server provides some interesting and highly useful elements:
- Enterprise to cloud single-sign-on – customers, employees and partners can use their existing enterprise managed user information for single-sign-on with cloud applications
- Centrally managed access control – users can centrally manage the applications they choose share their private data with
- Secure Mobile Identity – a way for mobile device users to securely access enterprise and cloud applications without having to share their passwords
You’ll see here the importance of including cloud-hosted and mobile applications as part of our OAuth solution. We don’t anticipate many organizations operating without these types of requirements. Again, working with our customers and partners provided us with insight into their immediate needs and strategic vision for how their APIs will function over time. It’s our goal to meet the needs of our customers immediately, but to be flexible enough with our products that they’ll be able to continue using OAuth as their products change and evolve.
Think about the implications – sitting down to access Google Apps, Workday, Office 365, Salesforce, Marketo, or any cloud-based enterprise apps and be able to securely share authentication and data. Companies who can leverage this will be moving into an incredible new world of productivity, and it’s our goal to help make that happen.