- Online Backup.
- Password Recovery.
- Webservice layer
- Identity federation
- System metrics
- Certificate management
Besides user add ons, Soffid provides a set of addons that extend the functionality offered by the product. These are:
The backup addon provides an online backup of user attributes and permissions that each identity has had over time. This way, the authorized operators can query at any time the status of each identity over time, and they can go back to a previous state of the user, just before an operation or configuration error.
This module does not eliminate the need for full system backups, but provides an additional level of audit information and human error tolerance.
The administrator can define a number of questions and answers that the user can fill in so to recover the password without help desk assistance. Optionally, the user can define its own questions and answers or choose administrator proposed ones.
Web service access layer
With this add-on, Soffid can be remotely managed through XML web services, allowing the authorized accounts to create, add or modify any Soffid object. This functionality is fully integrated into the built-in security mechanisms, so that no user can perform via webservice, any task that could not be performed directly from the console.
- Provies a powerful graphical interface to manage federation members.
- Define security policies for any user attribute.
- Can act as Identity Provider (IdP) in the SAML federation, implementing single logion and single logout profiles.
- Can act as a bridge to identify users using other federation protocols such as OpenID and OAuth.
- Allows user self-registration.
- Allows recovery of passwords based on an trusted e-mail address.
- Allows the use of strong authentication mechanisms.
- XACML Access Control
XACML module features a console page to define access control rules to perform actions on certain resources. These rules can be built based on the attributes and permissions of the user, the source IP address, date and time and other attributes provided by the application.
According to the XACML noming Soffid implements the following roles:
- Policy Administration Point (PAP) is the soffid console, used to write and test XACML rules and policies.
- Policy Retrieval Point (PRP): Serves as source for access policies, which are actually stored in Soffid database.
- Policy Information Point (PIP): Soffid can provide information about users, theri attributes and their authorizations.
- Policy Decision Poing (PDP): Soffid can decide, based on a request, whether the identified user can access or not to the requested resource. For this task, Soffd uses the PRP and PIP modules.
- Poing Enforcement Policy (PEP): Soffid implements its own PEP to ensure the effective enforcement of the defined policies within the scope of Soffid. External applications should implement their own PEP or reuse an existing one. This PEP is responsible for transferring the requests to Soffid PEP in order to grant or deny the requested access.
The metric addon collects information regarding Soffid performance. For each component and period registers its availability and the number and type of actions performed. This information can be used to evaluate the performance and service level of the platform.
Soffid is able to manage the electronic certificates issued for any user. Soffid can be integrated with external validation of certificates, either by OCSP, CRL, LDAP or other protocols.
Soffid also supports the user to generate its own certificates by creating a custom certification authority. For this certificates, users and system operators have the tools to generate certificates for their mobile devices and to revoke them when needed.