IBM Backs Web Services Security Standards For WebSphere, Tivoli

11/06/2003

IBM announced new support for key industry standards for Web services security across IBM's WebSphere infrastructure and Tivoli identity management middleware. This extends IBM's middleware platform for Building a secure Services Oriented Architecture (SOA).

IBM will support the WS-Security roadmap, which the company co-authored, and standards for expressing identity information, such as the Security Assertion Markup Language (SAML) and Kerberos.

In an SOA world, business processes are exchanged as interchangeable tasks or services -- such as Web services, Java adaptors, or older APIs such as CORBA or SNMP (systems network management protocol). A bank can use the same computing services infrastructure to handle account transfer requests whether they are coming from a teller, an ATM or a Web application, avoiding the need for multiple applications that can be expensive and redundant to maintain.

However, as the scope and number of services flow through the system, customers have a greater need to manage security and assign appropriate access to confidential data. The issue becomes even more critical for companies undergoing mergers or acquisitions or that have a big turnover of employees, since passwords and access are constantly in flux.

IBM says, “Organizations can use IBM's federated identity software to create a single, uniform way to set parameters for allowing access to Web applications, packaged software such as CRM and ERP applications, and legacy systems running high-volume transactions, such as CICS. By automating the management of identities across the company and integrating it with core business processes, companies bolster security while saving money on password administration. IBM's middleware also provides customers with industry-leading flexibility by supporting application servers from virtually every vendor and dozens of security ISVs.

“Together, WebSphere and Tivoli create a platform that helps organizations securely integrate with customers and trading partners in a heterogenous Web services environment. IBM's integrated middleware is based on open standards, enabling rapid deployment and integration of business applications and processes.

“WebSphere in 4Q03 will introduce security enhancements through an upcoming version of Tivoli Access Manager (V5.1), which provides Web single sign-on capabilities to access portals, applications and back-end systems. Tivoli has long provided integrated security for WebSphere, including federated identity interfaces for deploying Web services.

New support in WebSphere will include, in IBM’s words:

• Security Assertion Markup Language, an industry specification for identity assertion that enables authentication, authorization and identity information to be exchanged between companies, trading partners, etc. regardless of the security or Web services infrastructure at the other end. While identification information is today manually coded at each end of the transaction, future versions of WebSphere and Tivoli will support advanced federated identity management through WS-Federation that automates the process of creating identifications for trusted users. Support for SAML in IBM middleware is available through a free download on developerworks.com.



• Kerberos, a network authentication protocol that enables users to sign on to a Windows desktop and then automatically access HR or other applications through their Web browser -- without having to sign on individually to each application. This improves the user experience and drastically reduces password administration for customers. Future plans include native support for Kerberos within WebSphere.

In other WebSphere security developments described by IBM:

• ”Upcoming features in WebSphere Business Integration and WebSphere MQ will enable IBM's mainframe and distributed customers to improve network performance by defining security policies for a select group of Web or legacy applications, IBM says. For instance, a customer may want to limit access to 20 percent of their applications -- those that contain sensitive data - and provide more open access to other applications. This function improves network performance since systems won't be tied up by unnecessary security checks. This capability will be be available in 4Q03.



• ”WebSphere expands Web services support for software protecting sensitive personal financial data in outsourced Web-based Java applications, such as 401K or HR applications, without requiring modifications to Java code. Using WebSphere and IBM Tivoli Privacy Manager, customers can automate audit and enforcement of their corporate privacy policies, now using Web Services SOAP over HTTP. A new toolkit available on AlphaWorks (www.ibm.com/alphaworks), called Declarative Privacy Management, provides native privacy automation inside Websphere applications.”




Our Popular Webinars

Best Practices in Moving Processes to the Clouds

How Can the Cloud Fit Into Your Applications Strategy?

Cloud Data Integration Best Practices

The Economics of Cloud Computing

Data Services Insight: Successful implementation of Canonical Information Models

More Webinars

More Top Stories

Identity Networking: Where Security and Compliance Meet

Get Smart About Database Security

SQL Injection Rears Its Ugly Head Again

Data Warehouses and Disaster Recovery

Expect the Unexpected with Data Security

Is Big the New Small in Application Security?

More Top Stories

Related News

Open Group Forms 'Trusted Technology Forum' for Supply Chain Security

Metalogix Announces SharePoint-to-Cloud Migration Manager

HP Unveils Business Assessment to Help CIOs Set IT Priorities

More News

Home
Webinars
Blogs
ebizQ Forum
All Topics
Subscriptions
White Papers
Analyst Corner
Follow us on Twitter
Fan us on Facebook

Explore Our Topics

BPM Strategy
BPM Solutions
Event Processing Strategy
Content-Centric & Collaborative BPM
Process-Centric BPM

About Us
Editorial Submissions
Feedback
FAQ
Advertise With Us
Site Map
Privacy Policy
Unsubscribe