Lately I’ve been franctically busy with couple of my ISVs and an SI helping them out on a Citizen-scale National Healthcare Identity Infrastructure solution pilot for one of the populous countries in the Atlantic region – Sorry I cannot disclose the country’s name to abide their privacy laws and to protect my job :-). The solution aims to deliver an Unified Desktop/Voice Infrastructure via Sun Ray environment and fortified by Biometrics and Smartcard PKI based authentication to access the exposed services. Using Smartcard/PKI and Biometrics for Sun Rays has been deployed in production (at few customers) and in practice for a while now… but in my current project the interesting thing is the complete Sun Ray solution will be hosted as a SaaS environment (~Private Cloud) and other complexities are related to legal/privacy issues with performing citizen’s biometric enrollment and storing the biometric information with a private organization (Especially, when the Country’s privacy laws forbids storing citizen’s biometric samples). Keeping those nail biting legal issues aside, the Govt folks are still very enthusiastic and excited about adopting to Biometric authentication for Sun Ray based desktops to access their SaaS hosted Web-based healthcare applications.
Biometric Authentication on a Sun Ray environment
Looks cool, Is’nt it. If you are curious to know the secret sauce of the Sun Ray biometric authentication solution, here is the bill of materials, to put together in place:
- Sun Ray Session Server 4.x or above
- Solaris 10 X64 or SPARC
- Sun OpenSSO (Biometric SSO for Web applications)
- Sun Identity Manager (Provisioning Biometric Samples during enrollment)
- Sun Directory Server
- Sun Secure Global Desktop (Support accessing Windows, Mac, Linux, Solaris Desktops)
- Oracle 11g or MySQL 5.x database
- BiObex Authentication Middleware (Advanced Biometric Controls)
- Hamster Plus – USB Biometric Scanner (SecuGen) – For supporting Desktop/Web authentication
- CrossMatch Verifier E – Biometric Scanner for supporting Biometric enrollment
Shortly, I will update this blog entry with a detailed architecture and deployment cheatsheet… as soon as I wrap up my current project deliverables. If you are a Sun Ray enthusiast, I know you will be having some burning questions ! Feel free to send them, I will try to answer them quick…. otherwise please stay tuned for my unofficial deployment guide.
This stateless infrastructure could be your next generation client for securely accessing your virtual desktops hosted on the cloud π
Ramesh,
This is great stuff. But the problem I’m having understanding is how the EE components in an Application Server environment would communicate with the USB device. There is a PDF (J2EEBiometrics.pdf) that mentions a browser plug-in to support this.
What have you found to be the best approach? A plug-in or access to the device from the application server via network? Where did the plug-in come from?
Thanks for the information you’ve already provided.
Todd.