Wednesday, 7 May 2008
PingFederate Chinese
Gamatek (a reseller) in Hong Kong converted our PingFederate 5.0 datasheet to Chinese. Cool.
Monday, 5 May 2008
SSO Summit Speakers
We've finalized a great list of speakers and case-studies for this years SSO Summit, taking place in Keystone CO on July and 25th. Case Studies on everything from ESSO to Federated SSO will be presented by the likes of General Motors, Chrysler, Deloitte, Rearden Commerce, Prudential Insurance, Wyeth and 3M. In 30 minutes, each case study will cover:
o Project scope and time line
o What defined success
o What specific problems were being addressed (business & technical)
o Who owned the project, who was involved in the decision making process
o How high up in the organization was this project being actively managed by?
o Hurdles (technical and business) that had to be overcome
o What technology was used
o What worked
o What didn’t work
o What would you have done differently if you had the opportunity
o Lessons learned
o Suggestions for others
In addition to the above, you'll learn from the experience of others and industry experts as we openly discuss the following SSO topics:
1. Single Sign-On, Reduced Sign-On, Simplified Sign-On, Zero Sign-On – which is right for you?
2. Describing the business value of your SSO initiatives to the CIO
3. What’s next for Web Access Management SSO?
4. Kerberos everywhere – true statement?
5. What’s the ‘holy grail’ for Enterprise SSO – we‘ve been trying for 20 years!
6. SSO for Web services?
7. Single Sign-On’s role in Governance, Risk and Compliance (GRC)
8. PKI or Federation -- which is right for me?
9. SSO for non-browser clients – PDA’s, RIA’s, Phones
10. Leveraging NAC Authentication for Single Sign-On to Apps
11. Where do OpenID and InfoCards fit?
12. SSO implies a central authentication authority – does this need strong auth, what are the risks, what controls do I need
13. How do I get SSO when my enterprise has no perimeter?
14. SSO for partners and customers – why bother?
15. Enterprise 2.0 and the Web 2.0 mash-up – how do we do SSO for these?
16. Strengthening Authentication for Single Sign-On
17. How to leverage Virtual Directories
18. What is Oauth and where does it fit into your web services SSO initiatives.
19. The role of claims and the security token server in web services SSO
Thursday, 1 May 2008
Identity's Role in Cloud Computing
Chris Ceppi of Ping forwarded me a recent CNBC interview with Eric Schmidt of Google. If you wish to read the entire interview, it's here. When asked about corporate customers of Google's cloud services, like email etc., Eric described the need for "...greater security, for all the obvious reasons. And they also need better integration with all of the other services that their companies have."
Sounds like a great time to be in the business of identity federation, as I firmly believe the users identity, the portability of that identity, and the portability of user-context to be at the heart of securing a distributed world.
Customer Service. Get it while it's hot!
We've been working with a large bank who purchased one of our smallest PingFederate offerings (a single connection). We like these customers, because we have the opportunity to prove ourselves -- and we do have something to prove! Until recently, this customer considered success with Internet SSO to be a 9 month ordeal -- for a single connection no less!
We had a call with them the other day to better understand their strategic vision around federated SSO. They stated they want to expand their use of PingFederate from a “point solution” to an enterprise solution and have 2008 budget to do so (we love to hear that!).
Anyways, when asked if there was anything lacking in our current support of their efforts, they responded, “Absolutely nothing. Your service and support (kudo's Ryan and Paul) is amazing. We don’t know how you guys do it, but keep doing what you’re doing.”
They weren't used to such hands-on and proactive support -- and it's left them baffled. We continue to invest in our support and services team for just this reason. Support isn't the back of the train, any more than quality. It's often times the front of the train.
Wednesday, 30 April 2008
PingFederate 5.1 now available!
A new version of PingFederate is available for immediate download. The new version has some great new features, including simple, SAML attribute-based just-in-time provisioning, a feature many have asked for over the years. Other features include:
- Enhancement to HSM Support, encrypt/decrypt XML
- Addition of JMX support for Runtime Monitoring
- We also fixed a few security related issues identified in a recent external security review
- and lot's of other small things
You can get it now at: http://www.pingidentity.com/products/downloads.cfm
Tuesday, 29 April 2008
"Piss Off"
A gentleman came by our booth at Software 2008 and asked Andrea how long it took make a federated connection. He was with a large insurance company that had 40 people dedicated to a federation project with 40 connections to make. He said they had been working on it for years.
When Andrea responded, "...less than 30 days", he replied, "...piss-off! You're kidding right? They lied to me!". We got a good laugh out of that one. Yea, we'll do it in less than 30 days. Try us.
Monday, 28 April 2008
Federation as Commodity
We recently participated in what effectively amounts to a reverse auction for one company looking to federate. If you're not familiar with reverse auctions, the concept is to have vendors compete on price. Reverse actions are an interesting way to negotiate the price when all other variables are equal. This applies to well-defined goods that have reached a certain level of product and market maturity or inherently offer little room for differentiation to begin with. When this is the case, then accelerating a negotiation on price makes sense, and a reverse auction is one way to manage that process.
I was a little surprised when I heard this had happened. On the one hand, it's a good sign that people think federation has reached a level of maturity where they could apply this technique of price negotiation. But on the other hand, nothing could be farther from the truth when comparing federation software and services.
While the initial use-case of federated SSO using the SAML specification is well-known and widely supported, implementation quality, completeness, integration capabilities and flexibility of deployment vary widely between open source, stack vendor solutions and solutions from best-of-breed companies like Ping. Nearly by definition, contemplating a reverse auction for federation will most definitely land you with the solution fraught with hidden cost.
Hiding cost during the initial purchase of a project is a well known tactic often employed by those selling more complex solutions that require significant cost to integrate and operate. Ping's approach to the market couldn't be more opposed. We're all about exposing hidden costs up-front, and charging a fair price for our value in reducing complexity that overall, saves an enterprise money. Both real and perceived value are derived from an alignment of expectations. By allowing companies to download our software before speaking with a representative, we allow companies to draw their own conclusions around the value and quality of our software before any expectations are set by speaking with us.
Thursday, 17 April 2008
Enabling Organizational Agility
In a recent customer meeting, our contact in Information Security had organized an audience that included a group that is responsible for translating business requirements into IT requirements, and communicating relevant cost/benefit details back into the business from IT. At many of our customers, this kind of group helps analyze the business impact of acquisitions and divestitures, as well as the cost/benefit of outsourcing non-core services.
The immediately apparent benefit (to them and us) of investing in a federated identity infrastructure (think of it as a lightweight abstracted integration layer between disparate businesses) was that they could pull time and uncertainty out of the process of putting together & pulling apart discrete businesses as the economics dictated. In other words, they need to be agile as an organization, and the federated approach Ping provides is not a nice to have, but a “must have” technology that helps them accomplish the goal of maintaining agility.
I guess this all makes sense. For organizations that grow through acquisition, or that are constantly spinning off various divisions, any time spent centralizing and consolidating your infrastructure works against the organizational mandate.
So, the question is, who performs the “Integration Services” function within any organization that is in flux (and who isn’t in flux these days)? We're working hard to uncover those groups in as many companies as possible, and to help those organizations understand the huge value-add potential from including Ping as part of their solution.
Monday, 14 April 2008
Bigger
Ping had a small 10x10 booth at the RSA Security Conference last week. It's always entertaining to walk the floor and see how much money is spent on corporate puffery. As a practical matter, money spent on a show floor hardly ever makes sense from a dollars per lead analysis. Companies such as us do it only because it is a convenient way to meet face to face a number of customers, prospects and partners who'd otherwise take months to see individually. But, these people seek us out, so it doesn't really matter if we're in the back with a 10x10, or in the front with a 20x20.
Personally, I think it's smarter to have a consistent presence than to pretend to be bigger than you are. I know a number of the companies on the exhibit show floor were spending VC dollars to afford their 20x20 and I just have a hard time relying on a show floor presence being the most efficient way to generate leads. I think the war is won the 360 days you're NOT exhibiting.
That said, we had an amusing little thing happen to us. Someone wandered by our booth and when they saw the Ping logo, they stopped and paused, looking perplexed. When one of our sales team inquired, the gentleman said, "I thought you guys were bigger than that."
At first, I wasn't sure how to take that comment. But I've since decided it's really a compliment in disguise. I'm now decided we should keep our booth to 10x10, no matter how big we get. We'll spend the money we save on great software.
The Identity Federation Layer
I really enjoy watching Patrick Harding (our CTO) think and work. He's got an incredible intuition for the future, and he's been honing his skills as a CTO for the past few years. As a small company amongst giants, it's important that we be ever on the lookout for what the future holds, and that we have a roadmap for getting us and our customers there safely.
Amongst other things, Patrick has developed a nice thesis on the parallels between what happened with 'the networking layer' and what will likely happen with 'the identity layer'. He writes about his ideas here.
Monday, 31 March 2008
Dynamic SAML
Our very Patrick Harding (CTO of Ping) along with Leif Johansson and Nate Klingenstein of the Shibboleth project wrote this great article recently which has been published by the IEEE computer society.
The article details what we've implemented in PingFederate 5.0 as 'auto-connect', the ability to automatically establish a trusted, secure SAML connection with a partner with NO configuration.
Nice work Patrick!
Tuesday, 25 March 2008
External Pressure on the Firewall
I was talking with a friend from Rearden Commerce yesterday and he made a comment which struck me as particularly interesting.
"I'm intrigued with how companies will respond to all of the pressure their firewall is coming under and their need to secure all their partner and SaaS provider interactions. Federation's approach to distributed identity management seems like the only logical way to respond."
Tuesday, 11 March 2008
Ping Identity Acquires Sxip Access SaaS Business from Sxip Identity
In the past year, I've come to appreciate something many CEO's at one point learn in their careers. And that is, there are stages in the growth of a business, which though not exciting, are normal, and are in fact indicative of growing viability and maturity. The stimulation so abundant by default with a startup, simply gives way over time to a different sort of reward, that of doing something really well, repeatedly, and satisfying the needs of your customers, one customer at a time. Building a real business requires that you never tire of simply listening to customers and committing to their support after the initial sale. This stage entails a lot of patience and endurance.Every once in a while however, an opportunity comes along that allows you to really accelerate your business. In the six years that I've dedicated myself to Ping Identity, I've only seen a few of these opportunities, but none so aligned with what we were trying to achieve here at Ping Identity as today's announcement.
So it's with great pleasure that we announce the acquisition of the Sxip Access business from Sxip Identity.
The Sxip Access business consists of:
- the single sign-on, provisioning and de-provisioning software,
- appliance
- and hosted services of Sxip Identity,
All of these assets serve enterprises using software-as-a-service applications.
The acquisition will strengthen our relationship with existing Sxip Access partners such as salesforce.com and Google, and will accelerate our commitment to enabling secure SSO to SaaS providers, an area we believe enterprises increasingly will value as they extend their identity and security infrastructures to encompass these new services.
I've known Dick Hardt the founder and CEO of Sxip Identity for several years now, and have a tremendous amount of respect for his intelligence, fortitude and contributions to the education and protocol development of identity industry. He has single handedly educated the universe of people beyond the identity ecosphere with his world-class presentation on Identity 2.0, something I feel Ping Identity and many others in this industry should be very thankful for.
As part of the acquisition, we will take over the existing customer relationships and support contracts of Sxip Access users, and will work with these businesses, and our existing PingFederate customers, to understand how the new Sxip Access software, appliance and hosted technology can help solve a growing portion of their immediate and future problems.
Also worth mentioning is that while the opportunity to acquire both customers and technology was certainly attractive, none of these would have been of value to us without the opportunity to work with the talented people behind the technology, sales and support. The opportunity to hire and work with these individuals is highly valued, and our new team members will no doubt help us manage and grow the business in the coming months.
Technorati Tags: sxip ping identity sso single signon saas salesforce googleapps
Wednesday, 20 February 2008
SSO Summit Launched
In cooperation with our sponsors (Covisint, Passlogix & Sun Microsystems), Ping Identity today launched the Single Sign-On Summit, a new industry event dedicated to single sign-on deployments and success. The event will take place in Keystone Colorado in July. We're really excited about this event, because for the first time, we're going to have enough time to go deep into all things single sign-on, the most widely deployed use-case of Identity Management.
For complete details, visit the website.
Syndication
Ping Identity Blogs
CTO Talk
By Patrick Harding
Identity in Motion
by Andre Durand
Identity Ticker
by Ashish Jain
Recently:
- PingFederate
Chinese - SSO Summit Speakers
- Identity's Role in
Cloud Computing - Customer Service.
Get it while it's hot! - PingFederate 5.1
now available! - "Piss Off"
- Federation as
Commodity - Enabling
Organizational Agility - Bigger
- The Identity
Federation Layer - Dynamic SAML
- External Pressure
on the Firewall - Ping & Covisint Mix
it up at RSA - Ping Identity
Acquires Sxip Access SaaS
Business from Sxip Identity - SSO Summit Launched