Sunday, January 15, 2012

Challengers: Forgerock

One very interesting trend over the last couple of years is the rise of a number of challengers in the IAM space that has unsettled the oligopoly of IBM/Oracle/CA. Sailpoint, Aveksa and Courion keeps scoring very well in the waves and quadrants but there is also a number of smaller companies that simply don't have the market presence to be noted by Gartner and Forester and I thought it could be interesting to take a look at some of the companies that I think have an interesting viewpoint or interesting products.

First up is Forgerock. Forgerock largely consists of ex Sun employees that left during or just after the Oracle take over. Forgerock has managed to pick up some of the very brightest Sun talents as well as some of the most interesting concepts and ideas from the now defunct Sun IDM community.

Forgerock's main differentiator is the fact that their products are open source. The company has also been very good at leveraging various open source products as a part of their platform which has resulted in the creation of a quite rich product stack in a short period of time. The open source philosophy plus a very impressive list of implementation partners also means that the long term product support is safe which is one of the major issues with buying an IDM product from a small player.

The stack consists of four major components:
  • OpenAM
  • OpenDJ
  • OpenIDM
  • OpenICF
OpenAM supplies or will shortly supply most of the functionality that you would like to see in an SSO product including federation and risk based authentication. The product currently supports an agent based approach for policy enforcement with a reverse proxy becoming available during Q1 2012.

OpenDJ gives you a competent Java based LDAP server with a very interesting web service interface.

OpenIDM offers a very flexible provisioning platform with lifecycle events, workflow support (BPMN 2.0 based), password synchronization, self service interface as well as auditing and reporting support. The main strengths is the flexibility and modularity offered by the OSGI based framework.

OpenICF is a framework to create connectors with a quite impressive list of currently available connectors.

If you look at the components the main strength is that they are Java based, very flexible and service oriented from the ground up and has integrations with some very interesting open source products. There is no legacy core that consists of tons of magic built on top of a data model with three letter table names or a huge install footprint (you all know what products I am talking of).

The main issue with Forgerock is the same thing that doomed Sun. It is a technology and engineering driven company that builds excellent products which is great if you are an end user company is mature enough to take a flexible platform and shape it to what you need. Forgerock has managed to cultivate a very impressive list of implementation partners but most of the partners are small boutique shops. Most of the products still need a bit more depth and lacks flashy user interfaces so if you are looking to implement an IAG solution or a massive cloud provisioning solution against a very tight timetable you should probably look elsewhere.

On the other hand if you are a technologically mature company or are comfortable with trusting a system integrator to do your technology work for you Forgerock offers a very competitive IAM platform that can be customized to fit your needs without breaking the core application. In the end it is much easier to build a nice front end for a stable, flexible and strong back end than doing the reverse exercise.

2 comments:

  1. Thanks for taking a closer look! I can assure you that we have big plans and will not repeat some of Sun's mistakes. The right underpinnings give us a lot of options in engineering a thoroughly modern and responsive user experience. If you're interested you could have a peek at the new OpenIDM UI prototype to get a flavor of things in the pipeline. Please keep up the good work in keeping the ear to the ground!

    ReplyDelete
  2. Interesting and I am stuck with three lettered tables and huge install footprint. :-) Nice post.

    ReplyDelete