HOME Site Map Contact Us
News | About NTT COMWARE |

Home > News > NTT COMWARE Introduces COM-CA OPEN EDITION, the Open Source Solution for Implementing Security-enhancing SINGLE SIGN-ON at a Low Cost



NTT COMWARE Introduces COM-CA OPEN EDITION, the Open Source Solution for Implementing Security-enhancing SINGLE SIGN-ON at a Low Cost

On March 1, NTT COMWARE Corporation (hereinafter, NTT COMWARE; Head Office: Minato-ku, Tokyo; President: Yuhji Imai) will introduce COM-CA Open Edition, a service which utilizes an Open Source Software (OSS) authentication platform that allows users to implement the security enhancing Single Sign-on environment in a cost-effective manner. This service, which allows for implementation of Single Sign-on through an authentication platform that utilizes only OSS, is the first of its kind. In anticipation of the demand for solutions such as this following the coming-into-force of the Japanese Personal Information Protection Law on April 1, NTT COMWARE has set a sales target for orders of 1.2 billion Yen by the end of fiscal year 2007 from business entities including corporations of 1000 or more personnel, the logistics industry which utilizes a common information system amongst two or more companies, as well as business groups. NTT COMWARE intends to further develop this solution so that biometric information such as fingerprints may be used.

[ Single Sign-on and Authentication Platform ]

Single Sign-on is a system which allows users to access a system multiple times without having to perform user-verification procedures such as password entry each time. Single Sign-on has a number of benefits: 1. increased utility for users and managers; 2. increased security; and 3. reduced capital and implementation costs (*1). In order to implement Single Sign-on, an authentication platform is used which provides shared authentication functions to multiple systems so that independent authentication functions are not required by each individual system.

[ Overview of COM-CA Open Edition ]

NTT COMWARE currently provides COM-CA, a service which allows users to implement Single Sign-on. The COM-CA authentication platform (hereafter, the current authentication platform) utilizes commercially-available software packages. This has led to the emergence of problems including the higher licensing fees incurred when the number of users increases. These problems have in turn dissuaded some businesses from adopting this product (*2). With these problems in mind, NTT COMWARE has added the new COM-CA Open Edition to its line-up. COM-CA Open Edition incorporates an authentication platform which uses only OSS (hereafter, OSS authentication platform). There are two main benefits to the OSS authentication platform.

(1) Reduced Implementation Costs
  The costs for implementing Single Sign-on through the current authentication platform existing stem from three sources: licensing fees for the authentication software, server construction costs, and customization or architectural costs for connection with the business system. Because COM-CA Open Edition utilizes an OSS authentication platform however, licensing fees are not incurred, and this translates into low-cost implementation and value that increases with the number of users. When compared to the current authentication platform, the OSS authentication platform allows users to implement Single Sign-on for approximately half the cost.
(2) Increased Reliability
  In contrast to commercial software packages, the source code for OSS is made available to the public. Accordingly, it is difficult for security holes or illegal programs to be inserted into the source code which, in turn, ensures the reliability of OSS. Furthermore, the OSS community is extremely diligent in the monitoring and debugging of OSS, and users are also able to debug the software themselves. For these reasons, users can be confident in the safety and reliability of OSS.

[ Implementation by the NTT COMWARE Group ]

The NTT COMWARE Group (roughly 10,000 users) currently utilizes the COM-CA solution which utilizes the current authentication platform. However, from September 2005, the NTT COMWARE Group will make a gradual switch from this solution to COM-CA Open Edition, which will be applied to internal corporate systems including employment management, decision-making support (electronic document approval), accounting, and purchasing.

*1 Benefits of Single Sign-on
  1.Increased Utility for Users and Managers
    Users can unify their account/password which eliminates the necessity to assign a separate account/password to each system. Furthermore, this eliminates the necessity for managers to manage the account and access rights for each system.
  2.Increased Security
    Because it is no longer necessary to assign multiple accounts/passwords, actions which may compromise security such as the utilization of simple easy-to-remember passwords or the attachment of paper copies of passwords to non-secure areas such as computer screens can be avoided. This also eliminates the accumulation of vacant accounts which remain after employees leave.
  3.Reduced Development and Maintenance Costs
    This solution eliminates the requirement to develop authentication functions for each system, which leads to an overall reduction in development costs. In addition, the costs associated with user verification management are also reduced.

*2 Problems with the Current Authentication Platform
  In addition to high licensing fees, the following problems have also been associated with the Single Sign-on architecture which utilizes the current authentication platform which uses commercially available software:
  1. Numerous cases exist where costs other than maintenance fees have been incurred, resulting from the requirement to purchase regularly updated versions of software.
  2. Unplanned expenses may arise from the business trends of software vendors (including discontinued sales and vendor mergers).
  3. The system construction schedule may be affected by the release schedule of specific vendor products.
  4. When problems occur, the service assistance for each software package used in the verification foundation may be different.

[ System Structure and Operations ]

The following illustration shows the structure of the COM-CA Open Edition authentication platform. Note that it is also possible to integrate all servers into one.

( Illustration of System Structure )
Illustration of System Structure

( Explanation of Server Functions )

1.  User DB Server (repository server): manages user information
2.  Certification Authority Server (PKI server): issues electronic certification
3.  Authentication Server: conducts initial authentication procedures for first-time users
4.  Authorization Server: conducts access control procedures during normal usage times for all users who have completed initial authentication procedures

( The OSS, operation conditions for each server )

COM-CA Open Edition operates on the hardware and operating system on which each OSS operates.
Server Software
User DB Server OpenLDAP-2.2.14 or later
Certification Authority Serer OpenSSL-0.9.7d or later
Authentication Server Apache-2.0.50 or later, mod_replace-0.1.0 or later
* For unspecified modules, Apache bundle version is used.
Authorization Server As above

[ Explanation of Functions ]

Function Basic Function Optional Functions
Initial Authentication Initial authentication through account ID/ password or electronic certification Through separate additional functions, biometrics, matrix authentication, one-time passwords are also possible
Access Control Controls access according to user role. Access can be assigned by role, and it is also possible to use AND and OR conditions to assign multiple roles  
Single Sign-on Gives users access to protected web servers of the same domain once initial verification has been completed. Allows users to institute time-out functions.  
User Management Allows for the bulk registration, change and elimination of all user data stored on User DB Server. Provides an information communication interface with other connected systems. Allows user to make settings through a GUI.
Issuance of Electronic Certification Issues web model electronic certification (terminal and server). Can also issues CRL (list which authenticates validity of certificates).  
Reliability Measures Improves reliability through duplification of the User DB Server.  
Trail Measures Outputs all types of access log. Outputs detailed access information.

[ COM-CA Open Edition Exhibit at RETAILTECH JAPAN 2005 ]

NTT COMWARE will exhibit the COM-CA Open Edition at RETAILTECH JAPAN 2005 (21st Logistics Information Systems Comprehensive Exhibition), the largest specialized logistics IT equipment/solutions exhibition in Asia, which will be held at the Tokyo Big Site from 1 March 2005.

NTT COMWARE Group RETAILTECH JAPAN 2005 COM-CA Open Edition Exhibit Information


* COM-CA is the registered trademark of NTT COMWARE Corporation.
* Product and company name are the trademarks and registered trademarks of their respective companies.

The information shown in this page is the latest as of the day of the release. It is subject to change without further notice. Thank you for your kind understanding and consideration.

Page Top

Home | News | About NTT COMWARE | Contact Us
Site Map | Privacy Policy | Legal Notice | Procurement Info. |