Ashraf Motiwala of Identropy points to an interesting SaaS WAM offering from a company called Symplified. In praising Symplified, Ashraf makes this assertion:
Anyone who knows idenity knows that WAM infrastructures are rather complex. Agents, proxy servers, APIs, Policy Servers and a host of other moving parts.
Ashraf is correct that this is the case for most WAM products. But it’s not the case for all WAM products. The OpenNetwork/BMC WAM product (which was recently taken over by Symphony Services) could be deployed with nothing more than AD and access control agents on each web server. The access control agents served as both a PEP and PDP. No policy servers, APIs, or proxy servers required. The same accounts used for intranet login could be used for web access control and the policies could be expressed in terms of AD security groups.
In addition to AD, a slew of other LDAP servers were supported. No other databases were required, except if the customer wanted to audit web access, an RDBMS was needed in addition to the directory server.
None of this is intended as a criticism of Symplified. I can see a lot of value for companies in going with a SaaS WAM offering. Also I find their virtual appliance option to be very interesting and I would love to see them publish a study comparing the uptake between the two.
But for those that want do go with a more traditional software WAM solution should know that WAM doesn’t have to mean complex deployments. There are simpler ways.