Reporting is the largest and fastest-growing component of the business intelligence (BI) market. The business intelligence systems of most companies have a wide spectrum of user classes and needs and often have several sources of data on which to base reports. It is therefore not unusual for a single user to use different usernames or logon IDs which give that user different rights and privileges of access to data within the system. Often such logon IDs are not related within the system.
Already the need to manage and deploy the identities of the end users, applications and devices involved with accessing applications is a considerable burden, since companies need to centrally manage and enforce security policy to comply with legislative and corporate governance initiatives.
Secure identity management can be described as the comprehensive management and administration of how identities are managed and used across complex, heterogeneous environments. How identities are managed includes all aspects of provisioning, authentication, and authorization for use inside the organization. In addition IT departments must securely manage access to the administration portal, keep user data private, and be easily audited for accountability. Even with a comprehensive secure identity management solution in place it is apparent that the elimination of any additional association of userids will please IT managers.
IT departments must be able to offer users their desired reporting capability without using too many computing resources. Any move to reduce the complexity of operation would be welcome, especially if it also represented a significant improvement in a service offered to users.
It is not unusual for users to protest the existence of such separate logon IDs, and for the system administrators with information technology (IT) departments to wish that fewer, rather than more, authentication systems were in existence within a corporation or business.
U.S. Pat. No. 6,643,782 Jin, et al. “Method for providing single step log-on access to a differentiated computer network”—issued Nov. 4, 2003, provides a method for providing single step log-on access for a subscriber to a computer network in which a Server intercepts and manipulates packets of data exchanged between a Network Access Server (NAS) and an Authentication Authorization and Accounting Server to obtain all the information it needs to automatically log the user on when the user logs on to the NAS. An authorized user is thus spared the task of having to re-enter username and password data or launch a separate application in order to gain secure access to private areas of the network. It does not however allow users to maintain more than one username each having specific access rights.
A white paper by Entrust Corp., “Opening the Door to e-Business: Balancing Return and Risk with Secure Identity Management” describes several of the challenges facing this domain. Netegrity Inc. have Site Minder product that is a security and management foundation for enterprise Web applications with a centralized security infrastructure for managing user authentication and access. However, neither of these addresses the issue identified above.