Mycroft

Mycroft speaks our clients’ language, whether their concern is dollars and cents or bits and bytes.

• Directory Services
• Web Access Management
• User Account Provisioning
• Federation

Directory Services

An identity repository is the basic component of Identity Management. It provides an organized way to store user data that becomes the foundation upon which other technologies and services are added to build increasingly comprehensive Identity Management functionality.

One of the first steps in developing an identity management solution is to identify the authoritative sources of identity data from the many databases, directories, applications and systems already in place throughout the organization. An authoritative source of data is one that will deliver information that is deemed to be the best and most reliable source of a particular attribute. This may be the human resources system for employee address information or the email system for email addresses. The source of the most reliable data will differ from organization to organization.

Directories are typically used as the repositories for storing and managing identity data: they are optimized for read operations and providing a look-up service for users and applications. They are frequently used to store authentication material (names, passwords, digital certificates, other identifiers) and provide that material to applications that can consume it.

But many companies have multiple directories active at the same time, each holding unique sets of information about users and permissions that control access to specific applications. As the number of directories within a company grows and as users from outside the company who need to access an application increases, organizations need to develop strategies for maintaining consistency and correctness across repository boundaries for user data.

Mycroft's team of Directory specialists works with organizations in identifying relevant data repositories that hold authoritative data, and designing and deploying safe and secure processes and controls for maintaining user data across disparate repositories with a key emphasis on data correctness and information privacy. Mycroft employ's a variety of key technologies including directory virtualization and meta-directory synchronization to achieve optimal results.          

Web Access Management

Web access management provides a standardized, policy driven enforcement for access to corporate applications and resources. Organizations are moving to decouple access control mechanics and its underlying logic away from the core application logic and into a centralized policy driven environment. Access Control infrastructures provide the foundation for such environment, allowing for the shift from programmatic security model to a declarative security model. Added benefits of access control environments include increased authentication and authorization performance, and single sign-on capabilities.

Mycroft provides the design, development, and integration expertise to allow organizations to leverage and incorporate Policy based Web access control capabilities into their existing Identity and Access Control infrastructures without having to rip and replace their in-place systems.

User Account Provisioning

Mycroft works with organizations in tackling their most complicated account provisioning problems, and possesses a unique ability that no other integration firm in the market today can match.

All organizations deal with account provisioning – the process of adding users to systems and assigning them the appropriate entitlements to do their job. Organizations today are also dealing with an ever-increasing number of systems and resources that a user must access on a daily basis. As the number of systems increases, manual account provisioning no longer meets the operational and regulatory requirements of most organizations.  As a result, many companies face inefficiency due to delays in account creation, and uncontrollable costs due to orphaned or unknown accounts.

From the inception of the provisioning technology marketplace, Mycroft has been a key player in the development and deployment of automated Account Provisioning infrastructures, having partnered with and developed for every major Provisioning vendor in the market. User Account Provisioning requires three main areas of expertise:
1. Understanding the selected provisioning technology
2. Understanding and capturing the organizational process for account management
3. Understanding the integration into the multitude of organizational resources that users need access to.

Mycroft can claim successful implementations and partnerships with Sun, Computer Associates, Tivoli, Oracle, and Courion. Mycroft has also developed a design and deployment methodology specifically designed around capturing and modeling identity management processes that can later be implemented as workflows within the chosen provisioning technology. Lastly, but no less important, Mycroft has extensive knowledge of most major commercial security and identity protocols. In fact, Mycroft maintains a wide range of target systems, from e-mail environments including Microsoft Exchange and Lotus Notes, Mainframe security environments including ACF2, RACF, and Topsecret, as well as every major RDBMS, and directory environments.

Federation

Federation provides organizations with a way to extend access to resources beyond their corporate boundaries. As companies form new business relationships, Federation allows users from different companies to share access to resources in their partners' organizations.

Federated identity management involves exchanging identity information across one or more trusted domains (either within a single company or between different companies) in such a way that the information is maintained only once - at its particular source. Federation is the ideal solution when it is necessary for users to gain access to multiple applications "owned" by other companies or business units. Federation also allows user Cross Domain Single Sign-On (SSO) by passing through their authentication and authorization credentials, as well as the ability to personalize the way the resulting information is presented, since any personal preferences set in their original environment will be carried forward.

Mycroft provides the design, development, and integration expertise to allow organizations to leverage and incorporate Federation capabilities into their existing Identity and Access Control infrastructures typically without having to rip and replace their in-place systems

Mycroft was an early adopter and active participant in the emerging Federated Identity space. Mycroft is an active member of the Liberty Alliance and has developed and demonstrated key Federation technology at both RSA World and The Burton Catalyst Conference.