Securing on-demand access

A Web 2.0 company with a product that'll appeal to ultra-cautious corporate IT types. How cool is that?

Sxip Identity (pronounced "skip") made its debut last fall with the announcement of the Sxip Network, a far-sighted concept for effective identity management in a decentralized Web 2.0 world. It'll be great when it happens, but first Sxip needs to achieve critical mass. So how does Sxip cross the chasm?

The answer came in July with the launch of Sxip Access, a drop-in-and-go network device that helps automate identity management for enterprise access to on-demand applications. What the people at Sxip have very cleverly figured out is that on-demand application providers are on the bleeding edge of distributed identity management. In an ideal world, of course, every organization has already set up an enterprise-wide identity services infrastructure that federates to external providers at the flick of a toggle or two. It beats going into the provider's management console and manually setting up individual users one at a time (and remembering to unset them when they leave). But of course the latter is exactly what most users of on-demand applications find themselves doing, and believe me, it doesn't scale.

The middle path is to use the provider's published APIs to connect into your existing identity management systems rather than manually duplicating the information. But even if the on-demand provider's APIs are up to the task (and often they aren't), the relative newness of standards like SAML and a host of WS-* specs that haven't even gained approval yet means that this is virtually guaranteed to be a custom programming task every time.

Sxip offers a much more palatable alternative — a prepackaged implementation that enforces consistent access security and keeps user data and access rights synchronized with the corporate directory.

Rightly or wrongly, security worries have always been one of the trickiest objections for on-demand providers to overcome. The Sxip box should help reassure even the most security-conscious.

At the same time as pleasing the suits, Sxip also delivers Web 2.0 street cred, thanks to its upcoming role at the heart of soon-to-be-launched GoingOn, the so-called "digital lifestyle aggregator" led by AlwaysOn founder Tony Perkins and digital media bull-in-a-china-shop Marc Canter. Security appliances rarely get this much kudos.