IBM Backs Web Services Security Standards For WebSphere, Tivoli
11/06/2003
IBM announced new support for key industry standards for Web services security across IBM's WebSphere infrastructure and Tivoli identity management middleware. This extends IBM's middleware platform for Building a secure Services Oriented Architecture (SOA).
IBM will support the WS-Security roadmap, which the company co-authored, and standards for expressing identity information, such as the Security Assertion Markup Language (SAML) and Kerberos.
In an SOA world, business processes are exchanged as interchangeable
tasks or services -- such as Web services, Java adaptors, or older
APIs such as CORBA or SNMP (systems network management protocol). A
bank can use the same computing services infrastructure to handle
account transfer requests whether they are coming from a teller, an
ATM or a Web application, avoiding the need for multiple applications
that can be expensive and redundant to maintain.
However, as the scope and number of services flow through the system,
customers have a greater need to manage security and assign appropriate access to confidential data. The issue becomes even more critical for companies undergoing mergers or acquisitions or that have a big turnover of employees, since passwords and access are constantly in flux.
IBM says, “Organizations can use IBM's federated identity software to create a single, uniform way to set parameters for allowing access to Web applications, packaged software such as CRM and ERP applications, and legacy systems running high-volume transactions, such as CICS. By
automating the management of identities across the company and integrating it with core business processes, companies bolster
security while saving money on password administration. IBM's
middleware also provides customers with industry-leading flexibility
by supporting application servers from virtually every vendor and dozens of security ISVs.
“Together, WebSphere and Tivoli create a platform that helps
organizations securely integrate with customers and trading partners
in a heterogenous Web services environment. IBM's integrated
middleware is based on open standards, enabling rapid deployment and
integration of business applications and processes.
“WebSphere in 4Q03 will introduce security enhancements through an
upcoming version of Tivoli Access Manager (V5.1), which provides Web
single sign-on capabilities to access portals, applications and
back-end systems. Tivoli has long provided integrated security for
WebSphere, including federated identity interfaces for deploying Web
services.
New support in WebSphere will include, in IBM’s words:
- Security Assertion Markup Language, an industry specification for
identity assertion that enables authentication, authorization and
identity information to be exchanged between companies, trading
partners, etc. regardless of the security or Web services
infrastructure at the other end. While identification information is
today manually coded at each end of the transaction, future versions
of WebSphere and Tivoli will support advanced federated identity
management through WS-Federation that automates the process of
creating identifications for trusted users. Support for SAML in IBM
middleware is available through a free download on developerworks.com.
- Kerberos, a network authentication protocol that enables users to
sign on to a Windows desktop and then automatically access HR or other
applications through their Web browser -- without having to sign on
individually to each application. This improves the user experience
and drastically reduces password administration for customers. Future
plans include native support for Kerberos within WebSphere.
In other WebSphere security developments described by IBM:
- ”Upcoming features in WebSphere Business Integration and WebSphere
MQ will enable IBM's mainframe and distributed customers to improve
network performance by defining security policies for a select group
of Web or legacy applications, IBM says. For instance, a customer may want to limit access to 20 percent of their applications -- those that contain sensitive data - and provide more open access to other applications. This function improves network performance since systems won't be tied up by unnecessary security checks. This capability will be be available in 4Q03.
- ”WebSphere expands Web services support for software protecting
sensitive personal financial data in outsourced Web-based Java
applications, such as 401K or HR applications, without requiring
modifications to Java code. Using WebSphere and IBM Tivoli Privacy
Manager, customers can automate audit and enforcement of their
corporate privacy policies, now using Web Services SOAP over HTTP. A
new toolkit available on AlphaWorks (www.ibm.com/alphaworks), called
Declarative Privacy Management, provides native privacy automation
inside Websphere applications.”