DENVER, Colo. -- Mar. 10, 2010 -- Ping Identity today announced open registration and a full lineup of sessions and speakers for the 2010 Cloud Identity Summit. Change leaders, visionaries, architects and business owners will converge at Colorado's Keystone Resort July 20-22, 2010, to forge a new era of cloud security via identity.

As the ecosystem develops in cloud computing, security emerges as the primary issue impeding widespread adoption. When companies evaluate the risks and opportunities, Internet identity surfaces as the central component for enabling secure access to services of the Cloud.

At the Cloud Identity Summit, industry leaders will share their thoughts and plans for identity and security in the Cloud. No other event will provide more insight into the converging worlds of identity management and cloud security as the Cloud Identity Summit. Join other change leaders in three full days of workshops, vision, architecture and implementation presentations as well as hands-on demos showcasing the standards, trends and the role of identity in securing and harnessing the Cloud.

Cloud Identity and Security Visionary Speakers:

* Cloud Security Alliance Executive Director Jim Reavis
* Google Security Product Manager Eric Sachs
* Microsoft Technology Fellow, Cloud Identity and Access, John Shewchuk
* PayPal Senior Director of Identity Services Andrew Nash
* SafeNet Chief Technology Officer Russell Dietz
* SuccessFactors Vice President of Cloud Computing Tom Fisher

Pre-conference Technology Workshops

* Cloud Security 101 with Arctec Group Managing Principal Gunnar Peterson
* Implementing SAML for SaaS Single Sign-On with Ping Identity Solutions Architect Ian Barnett
* Implementing OpenID & OAuth for Consumer Identity with Google's Open Web Advocate Chris Messina and Google's Social Web Engineer Joseph Smarr
* Implementing XAMCL & Authorization for Cloud Computing with Axiomatics Americas Division President Gerry Gebel

The Cloud Identity Summit is sponsored by Ping Identity and SafeNet. Visit www.cloudidentitysummit.com for more information and to register for the event.

My foray into identity actually began at Jabber in 2001, after writing an internal memo on the significance of Microsoft Passport.

The notion of an internet-scale identity system captured my imagination then, and it hasn't let go since. Several years into the development of the identity meta-system, we're on the cusp of identity 'dial-tone' for the Internet.

Yesterday Google announced the Google Marketplace, a way for SaaS vendors to allow their users to authenticate to Google and then access their applications via single sign-on and the OpenID protocol. Google as an Identity Provider to the identity disenfranchised makes a ton of sense, as does the notion that your email is essentially as close a proxy for your 'identity on the internet' as anything else.

In the grand landscape, identities will enter the 'cloud' from many places, some from the enterprise directory, some from corporate portals, some from partner/customer portals, some from hosted IdPs (like Google). Ping exists to provide technologies and on-demand offerings which connect to these existing and new identity systems to move identity from point A with point B in whatever combination they are arranged. We like to think of ourselves as the Cisco of identity routers. Plumbing for making connections.

Our market is about to move into overdrive, as enterprise, consumer, prosumer and mobile use-cases begin to connect into one incredible ecosystem of the identity-aware Internet.

Exciting times, but I sense the starting bell has only now been rung.

I read with interest this morning about OIX (Open Identity Exchange), a non-profit trust framework that Google, Equifax and the US Government are working on.

http://www.informationweek.com/news/software/web_services/showArticle.jhtml?articleID=223101402

When Ping started back in 2002, we (Linda, Eric, Bryan and Bill Reid) all spent a lot of time defining what we called the 'Identity Network', modeled after VISA and the PLUS ATM Network, we actually went so far as to create a member owned legal entity and a set of governance rules which defined how Identity Providers and Services providers would interact in identity and attribute interchange.

We were a bit early, but much of that thinking is now returning as identity networks and agreements and minimum standards are now defined amongst the participants.

A bit later I think I'll pull up some of our old thoughts and post them in the hopes that others may find them useful as we enter a new stage in the identity ecosystem.

ReadWriteCloud: http://www.readwriteweb.com/cloud/2010/03/rsa-identity-cloud-kantara.php

Patrick Harding of Ping Identity spoke about his company has learn about cloud computing in this session, "How the Cloud is Changing Federated Identity Requirements". A few of his observations:

* Software is no longer build vs. buy. It now includes subscribe, which by definition is a shorter term relationship. * Cloud computing is an evolution of architecture. It arrives after Web services, which evolved from Web, client server, and mainframe. * Complexity of the identity layer is harder than ever for the simple reason that there are more apps per user than ever before. * Services are becoming any-to-any, where internal (employee) and external (customer) classifications don't matter nearly as much as before. Because of this firewalls are losing their usefulness. * Audit is no longer an afterthought. Auditors don't care how or where applications hosted, but hey do need their reports! This includes Sarbanes-Oxley, HIPAA, Gramm-Leach, Bliley, and more.

A core theme of this session was how the consumer mindset is driving requirements for application experience. Consumers expect it to work on any device, be secure, and be portable. To deliver on this, it must be easy to use. At the same time, password risk must be reduced.

A key trend that Harding pointed out is moving identity systems from "push" models into "pull" models. Instead of updating partners and directories by batch services, companies need to be building real-time identity resolution in applications.

We asked Harding if he had any predictions for where that type of service will come from. His response led us to the conclusion that the leader will be a brand and service that people trust and understand the motivations of. It will likely enter the market from a higher realm of credentials than Twitter or Facebook - perhaps from financial services.

PingFederate v6.2 and Google Apps Connector v2.0.1 are now available for download. 

PingFederate 6.2 - New Audit Log

PingFederate 6.2 expands capabilities targeting the operational aspects of managing and monitoring PingFederate in Enterprise deployments.   This version improves upon the scripting interface (also known as the configcopy tool) for automating migration and deployment activities, as well as expands our existing logging capability with the addition of an Audit log.  This new log is focused specifically on capturing information which answers the typical Auditor questions, who accessed what application, from where and when did they access it…for cloud based applications.

For additional details on version 6.2 of PingFederate, refer to the Release Notes.

Google Connector v2.0.1 - New Mobile Client Support

The new Google Connector 2.0.1 incorporates additional capabilities in support of Gmail provisioning, as well as the addition of support for mobile and desktop clients.  This version adds the ability to provision Groups from your on-premise LDAP directory to Google and synchronize the membership of those Groups based on user membership in the directory.  Support for mobile and desktop clients is enabled by creation of a ”secure passcode” that can be stored in the client as the user’s password.

New GoogleApps SaaS Connector Features:

• Support for mobile and desktop clients:  This version includes a web application that allows a user to retrieve a ”secure passcode” to be used with mobile and desktop clients.   Once retrieved, the user stores this “secure passcode” in the mobile or desktop client software as a long-term credential.  Browser based Single Sign-On is not affected, and LDAP passwords remain secure behind the firewall.
  

• User Account Management Updates: GoogleApps user account management has been enhanced to provide more robust support for Groups and Group membership.  Google user account management will now provision Groups contained in the authoritative LDAP directory, including creation and deletion of Groups as necessary.  In addition, Group membership will be synchronized, adding, deleting or updating users as changes take place in the on-premise LDAP directory.  GoogleApps Groups provide a convenient way to email a list of users and control user access to Sites, Docs, Calendar, and more.
  

Back in July, 2009, we announced our teaming with Google to enable the Google login as a universal SaaS login. Today, we announced the Salesforce.com Universal SaaS login.

The Problem

Users and applications are becoming increasingly separated from one another. No longer can it be assumed that a user in domain A is going to access all of his or her applications in the same security domain. This distancing is being accelerated by the proliferation of SaaS, mobility, virtualization, cloud computing and work from anywhere initiatives. The net result is that users have been inundated with user accounts which must be managed and logged into, each with separate passwords. With each new application comes additional complexity and friction to what should have been a more efficient model of business application delivery.

The Solution

As this separation (of users & their apps) continues, technologies such as federated identity come into play, effectively providing a method of re-uniting users with the applications and data they need to access over the Internet. The key to federation is that it does so leveraging open and scalable standards, and is 100% secure.

What Ping Can Do for You

With this announcement, Ping is enabling the Salesforce login to be used as the initial authentication into the world of SaaS. For those companies who operated entirely virtually (e.g. no Active Directory), now you can benefit from single sign-on by using nothing more than your Salesforce login. The new offering from Ping can be purchased both on-demand (PingConnect) or as on-premise software (PingFederate). Over 80 SaaS vendors rely on Ping to provide single sign-on to their customers. Ping is now allowing users of Salesforce to plug into this established fabric of enabled SaaS vendors with a simple turn-key solution.

To find out more about our award winning Internet Single Sign-On solutions, contact Ping today!

Today we announced a partnership with Conformity to extend our existing Salesforce & Google Apps SaaS provisioning services to include more robust cloud identity gonvernance capabilities and provisioning to additional enterprise-class SaaS applications.

Conformity provides centralized visibility and control over user access to SasS and cloud-based applications. Together with Ping's SaaS single sign-on, we can help enterprises automate the entire identity management lifecycle to SaaS and cloud-based applications.

Conformity has demonstrated some real deep expertise and capabilities that compliment our strengths. We're looking forward to working with them and our joint customers to solve some really thorny problems for enterprises.

Mark Diodati of Burton Group wrote an interesting piece this morning which describes the trials and tribulations facing adoption of SPML (Service Provisioning Markup Language).

We've watched SPML closely over the years here at Ping, just as we watch the development of all standards which touch within the realm of Intra-company identity management. A few years back in fact, we even wrote our own SPML engine, which was our first step towards full-blown support of SPML to facilitate federated provisioning. We postponed the project after doing deeper market research, and discovering that we were a bit too early to market, and that enterprises weren't quite ready for it.

The market has matured significantly since then, and the need for centralized control over SaaS and cloud provisioning events is needed more than ever, however, having spent several years seeing SAML get to where it is today, I completely understand the challenges of getting markets to hit that tipping point of standardization.

What Mark refers to as the need for a SPML lite is the equivilent of the SAML happy path which over hundreds of customers and thousands of connections, we were able to effectively create here at Ping for the B2B Internet SSO marketplace.

Importance of Independent Pure Play

It's interesting to watch how different markets, with seamingly very similar characteristics and dynamics, play out very differently. Personally, I believe that the independent pure play has an enormous influance on the early success or failure of these enterpise standardization efforts. It all boils down to motivations. The stack vendors are motivated to play a very different game. To them, vertical integration within their stack is their primary mission, because it's how they achieve differentiation, customer lock-in and maximize the value of each customer and deal. It leaves the 'intra-stack' interoperability a distant cousin to the priorities of their own integration requirements. I believe there is more lip service done to open standards by the larger players, especially interfaces that open the door to competing technologies, than real investment.  The niche pure play doesn't have these competing priorities, and thus can play a focused role on getting the standards across the chasm, whereby customer demand and momentum dictate that the standards-based interfaces be taken seriously.