Friday, July 30, 2021

Ping Big on Transaction Safety

Ping Identity has reached something of a milestone in the quest to combine identity management and Web services technologies.

The Denver-based company, one of the last independent single sign-on software makers on the market, rolled out PingTrust, a WS-Trust Security Token Server.

PingTrust is an important step along the path to secure Web services and distributed computing paradigms such as service-oriented architectures (SOA), where disparate applications may be reused to execute business processes.

Why does the industry need such a technology combination?

Ping Vice President Mike Donaldson said applications typically employ user identities to protect resources and create audit trails to keep in step with regulatory compliance rules such as HIPAA and Sarbanes-Oxley.

If someone makes a purchase transaction on the Web, their identity is used as the linchpin of the billing process.

To this point, Web services and SOAs have lacked standard mechanisms for safely using peoples’ identities, making Web transactions tough or impossible to implement.

“There has not been a way with SOAP to communicate who the user is who made the original request,” Donaldson said.

For example, an employee at a bank or hospital that needs to contact another organization can use a Web service to call out for information. The problem is the organization cannot recognize the user in the SOAP-based transaction.

To skirt this issue, users have injected user identity into the body of a SOAP message, which involves proprietary extensions that create a tight coupling between the Web service provider and the client.

In the end, this raises security issues and violates the core tenets of Web service information exchange.

“Any time you have proprietary extensions, you are forcing requirements on people,” Donaldson said.

PingTrust solves this problem by creating and validating security tokens that are bound into SOAP messages based on the Web Services Security (WSS) standard. PingTrust leverages OASIS WSS 1.0 to embed security tokens in SOAP messages. WS-Trust establishes a mechanism for validating tokens from PingTrust, which supports Java and .NET applications, Web-based clients and rich clients. PingTrust can operate on the client side, provider side or both sides of a Web service transaction.

This article was first published on InternetNews.com. To read the full article, click here.

Similar articles

Latest Articles

Data Transformation Trends 2021

Gathered data is one thing. But useful data is quite another. Once data is collected, it has to be transformed in order to be...

Data Collection Trends 2021

Data collection trends tend to vary tremendously over time. With so much data now available in the enterprise, how data is collected can be...

Data Mining Trends 2021

In a world awash with data, true gems of knowledge are seldom discovered through surface-level digging; proverbial data “mines” are hard-won and must be...

Data Science Market Trends...

When famed mathematician John W. Tukey postulated that advanced computing would have a profound effect on data analysis, he probably didn’t imagine the full...