However, Bishop says, the updated method introduced backward compatibility problems with many applications. So SNB asked Radiant Logic for assistance. The vendor came back with code, which Radiant Logic calls an interception script, to rectify the problem.
The interception script executes when VDS receives an identity data request from an application. The code makes sure the identity data is translated from the original format, schema and protocol into the specific format, schema and protocol the application can understand. This process allows normally incompatible identity sources and applications to communicate without the need to create, provision, maintain, and audit another identity store just for the application, according to Radiant Logic.
The fix helped SNB avoid hours of work modifying applications to deal with the new identity management system, Bishop says. "It saved us a lot of time and effort. We didn't have to go back and rework the applications."
Even if the changes turned out to be minimal, SNB would still have faced the task of changing and testing 150 applications to work with the new authentication model. Bishop says SNB didn't estimate the resulting cost avoidance but notes that the rework job would have taken four to six months at a labor rate of between $80 to $100 an hour (Canadian) and easily run between $54,000 and $100,000 to complete.
Federated Identity Management Grows With Infrastructure Layer
Dieter Schuller, vice president of sales and business development at Radiant Logic, says identity management systems that aren't able to present user information to the applications with the right schema, structure and protocols face a huge problem. In New Brunswick, Radiant Logic's technology provided an infrastructure layer that could connect SNB's various directories.
"They needed a layer that took what they had and make it usable by all the applications that needed to access user information," he says.
Schuller says SNB is fairly typical of the federated identity technology customers he sees in the market. "A lot of our government customers ... are experiencing the same set of issues," Schuller says, adding that commercial business face similar identity integration problems, too.
Against that backdrop, the federated identity service has evolved into an intermediary software layer in SNB's identity management system. When an app requests identity data, SiteMinder points to RadiantOne and the VDS pulls together all of the directory sources. Those include Microsoft's Activity Directory, CA Directory and a SQL Server database. SNB's Active Directory deployment, for internal users, consists of one forest and 10 domains. CA Directory is for external users, while the SQL Server database contains metadata regarding user roles.
Sign up for CIO Asia eNewsletters.