Abstract: One or more methods of translating identity protocols and a device and a system implementing such methods are described herein. One such method comprises configuring a gateway to communicate with a first identity protocol and a canonical representation, with the canonical representation being different than the first identity protocol. The method may further comprise: including the first identity protocol in a first communication between a first computing device and the gateway, and translating at least a portion of the first communication from the first identity protocol to a canonical representation. The gateway may then translate the at least a portion of the first communication from the canonical representation to a second identity protocol and sending the first communication to a second computing device, including the first identity information in the second identity protocol in the communication.

Abstract: A system, method and apparatus for managing access across a plurality of applications is disclosed. The system may include a user store connector configured to connect to one or more user stores to retrieve attributes; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a policy engine configured to retrieve attributes from the user store connector corresponding to a user and use the attributes to evaluate access policies, if any, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources; an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and a policy store configured to store the access policies.