IBM's Web Services Security Answer Lies with Tivoli

UPDATE: The challenge in today's Web services environment isn't bringing one network online, it's bringing together disparate networks using different platforms.
Posted September 18, 2002
By

Jim Wagner


IBM will release new software in its Web services suite of applications early next year to address the problem of data security, officials announced Wednesday.

The Tivoli Access Manager is scheduled for release in the first quarter of 2003, in what officials said would "provide integrity and confidentiality in Web services applications."

Tivoli's upcoming version 4.1 in November lays the groundwork for incorporating the different security standards found today. In early 2003, Leo Cole, Tivoli director of security solutions, expects all security standards to be supported under the Access Manager's single-user, single-authentication application.

Cole said the challenge in today's Web service applications is bringing disparate enterprises together, companies that don't necessarily use the same system.

"Before, it was just a single enterprise, the next step is to include supply-chain management," he said. "That's more difficult, because you might have one customer on WebSphere and another on .Net."

A standard for Web services security, dubbed WS-Security, has been in place for months now after ratification by the Organization for the Advancement of Structured Information Standards (OASIS), and Web services providers have been scrambling to incorporate the security enhancements on its platform.

But WS-Security is just one of several standards used to secure a company's information passing back and forth on the Internet; other include Kerberos, X.509 and SAML.

The promise of Web services have many corporations eager to get their intranet enabled, which would streamline its inventory and order processes, among other efficiencies. The problem, to date, has been the fact always-available information makes it easy for crackers (malicious hackers) to exploit.

IBM and Microsoft , two of the major Web services platform vendors in the U.S., have been working on a WS-Security standard for more than a year. Both have a vested interest in its success -- IBM with WebSphere and Microsoft with .Net -- and have spent considerable time looking for solutions.

It boils down to identifiers (called tokens) that certify the people accessing the real-time database of information. WS-Security implemented new headers in the Web service lexicon to meet those security needs, and the other security standards used their own "branding" method.

This certification process makes it possible for information to reside securely behind a firewall, regardless of the vendor (i.e., WebSphere or .Net). IBM officials said its upcoming WebSphere Application Server version 5 would support WS-Security by the end of the year.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.