January 28, 2011

Introducing UnboundID Server SDK - Future-proof your investment

Rationale
UnboundID released the UnboundID Server SDK to future proof your investment in your technology choice for your identity and application data. There will always be something new the business has to react to, a new device that didn't exist 18 months ago your identity platform will absolutely need to support to make the targets, a new application you must bring to market within the quarter, unforeseeable things when making a decision on the technology to use for your platform. But there is one thing that you can chose: a technology partner that will commercially support you with your growing and changing needs, a product line that can grow with you and shoulder the complexity of keeping pace with innovation.


The Meat
The Server SDK is a Development Kit for all UnboundID current and coming products, empowering organization with great control on their most precious asset and industrial tool: the application data store and identity repository. It allows to extend and enrich the functionality of the products with custom tailored business logic to better interact with existing systems or simply deliver functionality needed closest to the data.


So in short, the UnboundID Server SDK brings an unprecedented tool in the IT architect's tool box. A tool that changes everything. You don't have to architect a monolithic platform that is so rigid your applications development teams have to do all the hard work of keeping your organization nimble and your business in the race with a competitive market place. You can rationalize this into the platform, by providing a rock solid, near real time platform that can adapt to new demands.


This is especially important when organizations typically have hundreds of applications, all with different needs and uses for the data, tapping in one common infrastructure for rapidly changing data like location, presence, identity (authentication, authorization) and such.


Let the platform do it, save on development costs by factoring changes in one central trusted place. Instead of having to modify each application when an enhancement is needed, which is often the case today, let the platform handle it. The platform naturally brings features that would be costly to implement in each application, most notably: distribution of data, security policies including authentication and authorization but also data encryption, tamper detection, reliable replication, breach detection and notification.
You need a single entity to manage all these aspects to let each application focus on the added value they bring to the business, the end user or the customer.


I'm going to use two examples to illustrate how powerful controlling the platform is:

  • Coming up to the recent events in Tunisia, Facebook realized that the government of Tunisia was eavesdropping (an eve attack in crypto parlance) in order to get Tunisian Facebook users credentials that they would later use to delete the user's account. Because Facebook has written their platform from the ground up, they have absolute control over it, they could quickly react to this new situation by introducing a new connection policy (forcing HTTPS) and a new password policy (requesting users to identify friends from their network in a social captcha-like scheme). All that with no interruption of service or any inconvenience to users anywhere.
  • A banking institution operates a large identity infrastructure serving both customers and collaborators. Among rising concerns, they decide to implement a new feature for their customers: a one-time-password that they can use when in riskier than usual situations (checking balances over an airport free wifi hotspot for example). They do so by writing the adequate extension and rolling it out without taking the service down. Not only customers are not inconvenienced but all the applications they know and love immediately benefit from the new feature without a single change on their part: everything is still the same from where they sit. Additionally, the banking institution implements a 2-factor extension for collaborators, once again, the usual tools they have to use remain unchanged, avoiding costly and lengthy internal staff trainings.
These are just two examples. There are a lot more.

I hear the open-source supporters say: "Well with open source software, I control the platform since I have the source, I can do anything I want!"

While this is true in absolute, stop a second and ask yourself: 
  • does my team actually have the knowledge required?
    In many cases, open source software comes with support only for vetted releases, any alterations and you are on your own. Also, without a clean interface to build extensions to the core product, you may need to delve into the product more than you may want. Do you have the time to learn the product THIS well? The want? When an organization gets to this level of involvement in an open source project, it often means that they become contributor to the project and have resources on staff dedicated to it. Bang goes the cost... it just exploded.
  • Where can I get commercial support for my much needed extension?
    For those open source projects that offer commercial support, you can only get the extension covered by its own commercial support if it has been developed by the company backing the open source project.
  • Indemnification?
    I will let yo make up your own mind on that.
So how is UnboundID Server SDK different?

  • Extension can be written by any organization's staff having undergone our qualification and training.
  • Writing extensions, as you will see in upcoming posts is very easy. You may write extensions achieving powerful features that the business may have delayed projects for in the past in as little as a week with testing a sandbox roll-outs. The complexity of the core is well insulated inside the core, the API to enhance the server shields the developer from it.
  • Extensions are supported. Period.
  • The Server SDK comes with our products. Use it to extend any product to do nearly anything you'd like.



Controling the platform is a great business enabler, as Google and Facebook can attest, and that's precisely what UnboundID brings to the identity sphere with its Server SDK.


Get it.


The official UnboundID Server SDK page can be found here.

No comments:

Post a Comment