Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

Authentication Gets Tough

May 28, 2001
By Michael Ross and Jeff Rubin

Baltimore Technologies SelectAccess

SelectAccess fell short of Securant's product but narrowly edged out Entrust's getAccess, thanks to SelectAccess' management capabilities and fine load-test performance. Its Java-management console provides excellent features, such as resource discovery and a drag-and-drop policy design. And the product's policy grid lets you see immediately who has access to resources, but it is cluttered with a vast array of "granted" and "denied" icons. Logging and reporting for SelectAccess fall far behind those of ClearTrust, but its performance was excellent.

Installation and configuration are simple. We installed the Policy Validator as a Windows NT service on our product server and had no major issues installing the Enforcer plug-in on our Web servers. First, we secured our administration ASPs within our Web site using the SelectAccess management tool. Next, we used the SelectAccess personalization features to customize our Web pages dynamically based on user profile.

SelectAccess' Java-management client impressed us the most, with top-notch features such as server and resource spidering. With this tool, SelectAccess could browse our local network for available servers running standard protocols. We also used the resource-discovery tool to import our Web servers' existing directory structure. This tool is a great time-saver for administrators who need to secure an extensive list of existing resources. In addition, the Policy Builder tool gave us drag-and-drop control over building policies with a great visual hierarchy of how each policy processed individual rules.

SelectAccess uses pop-up authentication for user credentials. This information is stored within individual browser software; therefore, cookies are not used by default. To test our forms-based authentication, we enabled cookies. SelectAccess uses RSA signatures to prevent cookie tampering.

SelectAccess easily held up in our performance tests. Even with no local caching on the Web server, the central Policy Validator service handled more than 2,000 concurrent sessions processing authentication, cookie signing and protected resource lookups. When we stopped the load test at 2,400 client connections, our response time per page was 5.3 seconds and the transaction per second rate was 399. RadView's WebLoad 4.51, our load-generator software, logged several instances of request time-outs to the Web server, but out of more than 100,000 total connections, none was dropped. This placed a considerable load on the Policy Validator server, averaging 65 percent CPU usage when the test was stopped.

SelectAccess, starts at $20 per user. Baltimore Technologies, (781) 455-3333, (877) 228-9574; fax (781)455-4005. www.baltimore.com