IBM Backs Web Services Security Standards For WebSphere, Tivoli

11/06/2003

IBM announced new support for key industry standards for Web services security across IBM's WebSphere infrastructure and Tivoli identity management middleware. This extends IBM's middleware platform for Building a secure Services Oriented Architecture (SOA).



IBM will support the WS-Security roadmap, which the company co-authored, and standards for expressing identity information, such as the Security Assertion Markup Language (SAML) and Kerberos.

In an SOA world, business processes are exchanged as interchangeable tasks or services -- such as Web services, Java adaptors, or older APIs such as CORBA or SNMP (systems network management protocol). A bank can use the same computing services infrastructure to handle account transfer requests whether they are coming from a teller, an ATM or a Web application, avoiding the need for multiple applications that can be expensive and redundant to maintain.

However, as the scope and number of services flow through the system, customers have a greater need to manage security and assign appropriate access to confidential data. The issue becomes even more critical for companies undergoing mergers or acquisitions or that have a big turnover of employees, since passwords and access are constantly in flux.

IBM says, “Organizations can use IBM's federated identity software to create a single, uniform way to set parameters for allowing access to Web applications, packaged software such as CRM and ERP applications, and legacy systems running high-volume transactions, such as CICS. By automating the management of identities across the company and integrating it with core business processes, companies bolster security while saving money on password administration. IBM's middleware also provides customers with industry-leading flexibility by supporting application servers from virtually every vendor and dozens of security ISVs.

“Together, WebSphere and Tivoli create a platform that helps organizations securely integrate with customers and trading partners in a heterogenous Web services environment. IBM's integrated middleware is based on open standards, enabling rapid deployment and integration of business applications and processes.

“WebSphere in 4Q03 will introduce security enhancements through an upcoming version of Tivoli Access Manager (V5.1), which provides Web single sign-on capabilities to access portals, applications and back-end systems. Tivoli has long provided integrated security for WebSphere, including federated identity interfaces for deploying Web services.

New support in WebSphere will include, in IBM’s words:

  • Security Assertion Markup Language, an industry specification for identity assertion that enables authentication, authorization and identity information to be exchanged between companies, trading partners, etc. regardless of the security or Web services infrastructure at the other end. While identification information is today manually coded at each end of the transaction, future versions of WebSphere and Tivoli will support advanced federated identity management through WS-Federation that automates the process of creating identifications for trusted users. Support for SAML in IBM middleware is available through a free download on developerworks.com.


  • Kerberos, a network authentication protocol that enables users to sign on to a Windows desktop and then automatically access HR or other applications through their Web browser -- without having to sign on individually to each application. This improves the user experience and drastically reduces password administration for customers. Future plans include native support for Kerberos within WebSphere.



In other WebSphere security developments described by IBM:

  • ebizQ Update
  • Contribute

Please pardon our appearance while we work out the remaining kinks of our new site. If you happen to find a bug, please let us know at support@ebizq.net

ebizQ is very interested in what you have to say. To contribute an article, an opinion, or to become a blogger, please contact Peter Schooff.

  • Virtual Conferences
  • Webinars
  • Roundtables

SOA In Action

Nov 19, 2008

This conference will teach business leaders what to expect, and what to avoid, to make their SOA journey a success. SOA is a long journey, not a single project, and distributed architectures are inherently complex. Success requires new ways of working, creating more efficient cross organization processes, adopting new tools, and building new skills.Register

View All Virtual Conferences

Create a Center of Excellence in SOA Governance


Date: Dec 02, 2008

Time: 12:00 PM ET- (17:00 GMT)

REGISTER TODAY!

Next-Generation BI


Date: Dec 03, 2008

Time: 12:00 PM ET- (17:00 GMT)

REGISTER TODAY!
View All Webinars

Create a Center of Excellence in SOA Governance


Date:Dec 02, 2008

Time:12:00 PM ET- (17:00 GMT)

REGISTER TODAY!

Next-Generation BI


Date:Dec 03, 2008

Time:12:00 PM ET- (17:00 GMT)

REGISTER TODAY!
View All Roundtables
  • White Papers
  • Podcasts
  • Blogs

Ten Reasons to Use a True ESB

A True ESB stands in stark contrast to the proprietary integration technologies of the past. As the ESB rapidly gains traction in the marketplace,...

Download Now

Dennis Byron: Revisiting Bill Miller of XAware, Open Source Data Integration Software

Almost a year after their first chat, XAware founder and CTO Bill Miller gives Dennis Byron an update on what's going on this year at XAware and how that "open source thing" is working out.

Listen Now

The Acceleration of SOA: iTKO Explains

Listen to Peter Schooff's podcast with Jason English, VP of Corporate Marketing for iTKO, where they offer a quick preview of ebizQ's upcoming SOA in Action Virtual Conference on Nov. 19.

Listen Now

Heading Off SOA Disillusionment With Progress

David Bressler provides Progress Software's customers and field teams with the expertise and experience to deliver SOA. In this podcast, Bressler gives an excellent introduction to ebizQ's Nov. 19 SOA in Action Virtual Conference, where he'll be a featured speaker.

Listen Now

Dennis Byron: VP of IONA/Progress Larry Alston on Functionality in OSS

Hear Larry Alston's unique perspective on the open source development model and how IONA is adopting a "functionality rules" open-source-as-a-tactic theme now that Iona is part of Progress.

Listen Now

Mike Rothman: Understanding Web 2.0 Attacks

In this podcast, Rothman flies solo and rants about Web 2.0 attack vectors, providing a primer on the types of attacks you're likely to see from social networks. Rothman also gives himself the "free association" treatment, discussing topics like Facebook and the impact of Web 2.0 on PCI.rnrnListen to or download the 11:39 minute podcast below:

Listen Now
  • Most Read
  • Most Discussed
  • Quick Guide

Building The Instantly Responsive Enterprise

Integrating BPM and CEP gives you intelligent business processes that can react to rapidly changing business conditions with continuous visibility. Learn More

Enterprise Linkage: New Change Management

Insurers need to think about creating "true linkage," which means linking business strategy to process to IT investments and thereby setting the foundation for true change. Learn More

The Invisible Hand of BI

To be effective, business intelligence technology must work behind the scenes to deliver relevant information when, where, and how it's needed. Learn More

Quick Guide: What is Enterprise 2.0?

A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More

Quick Guide: What is BPM?

Learn More

Quick Guide: What is Event Processing?

Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More

Product Spotlight

As you may know, technology is only part of an overall SOA governance solution. It is sometimes difficult to ensure visibility into all SOA assets and their relationships, end-to-end governance throughout the lifecycle of SOA assets, and analytics to help ensure organizations are reaping the rewards of their SOA investments. Download this spotlight report to review a solution to governing your SOA.

The Forrester Wave: Business Process Management for Document Processes

Read this Forrester report to see how vendors stack up regarding business process management. Forrester evaluated eight business process management suite (BPMS) suppliers best suited and most experienced for document-intensive processes across approximately 150 criteria. Download this paper to find out which BPM tools are right for your business.

Community Managers

David S. Linthicum

One of the founding fathers of modern distributed computing, David Linthicum is Community Manager for Information and Intelligence. This community covers BI, operational BI, MDM, and EII, among other topics.

Read David S. Linthicum's Blog
David S. Linthicum's Features:
Read More »

David A. Kelly

With twenty years on the cutting edge of enterprise infrastructure, David A. Kelly is Community Manager for Governing the Infrastructure. This category includes IT governance, SOA governance, and compliance, risk management, ITIL, business service management, registries and more.

Read David A. Kelly's Blog
David A. Kelly's Features:
Read More »

Deborah Smallwood

Top insurance industry advisors Deborah Smallwood and Cindy Maike are the Insurance Community Managers. Their focus is on transforming insurance companies into agile, business-driven enterprises where IT enables business value.

Read Deborah Smallwood's Blog
Deborah Smallwood's Features:
Read More »

Joe McKendrick

Author and consultant Joe McKendrick is Community Manager for Enabling Business Agility and Reuse . This community focuses on SOA, EDA/CEP, ESB, Open Source, Event Processing, Web Services, Application and Web Servers, and Legacy Integration, among other topics.

Read Joe McKendrick's Blog
Joe McKendrick's Features:
Read More »

Ronan Bradley

Financial services expert Ronan Bradley is Community Manager for Financial Services covering banking and capital markets.

Read Ronan Bradley's Blog
Ronan Bradley's Features:
Read More »

Dennis Byron

Dennis Byron brings three decades as a top analyst to his role as Community Manager for Improving Business Processes. This community encompasses Business Process Management (BPM), Process Modeling, Process Analysis, and Business Alert Monitoring (BAM), among other topics.

Read Dennis Byron's Blog
Dennis Byron's Features:
Read More »

View All Community Managers