IBM's Web Services Security Answer Lies with Tivoli

Download the authoritative guide: Cloud Computing 2019: Using the Cloud for Competitive Advantage

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
IBM will release new software in its Web services suite of applications early next year to address the problem of data security, officials announced Wednesday.

The Tivoli Access Manager is scheduled for release in the first quarter of 2003, in what officials said would "provide integrity and confidentiality in Web services applications."

Tivoli's upcoming version 4.1 in November lays the groundwork for incorporating the different security standards found today. In early 2003, Leo Cole, Tivoli director of security solutions, expects all security standards to be supported under the Access Manager's single-user, single-authentication application.

Cole said the challenge in today's Web service applications is bringing disparate enterprises together, companies that don't necessarily use the same system.

"Before, it was just a single enterprise, the next step is to include supply-chain management," he said. "That's more difficult, because you might have one customer on WebSphere and another on .Net."

A standard for Web services security, dubbed WS-Security, has been in place for months now after ratification by the Organization for the Advancement of Structured Information Standards (OASIS), and Web services providers have been scrambling to incorporate the security enhancements on its platform.

But WS-Security is just one of several standards used to secure a company's information passing back and forth on the Internet; other include Kerberos, X.509 and SAML.

The promise of Web services have many corporations eager to get their intranet enabled, which would streamline its inventory and order processes, among other efficiencies. The problem, to date, has been the fact always-available information makes it easy for crackers (malicious hackers) to exploit.

IBM and Microsoft , two of the major Web services platform vendors in the U.S., have been working on a WS-Security standard for more than a year. Both have a vested interest in its success -- IBM with WebSphere and Microsoft with .Net -- and have spent considerable time looking for solutions.

It boils down to identifiers (called tokens) that certify the people accessing the real-time database of information. WS-Security implemented new headers in the Web service lexicon to meet those security needs, and the other security standards used their own "branding" method.

This certification process makes it possible for information to reside securely behind a firewall, regardless of the vendor (i.e., WebSphere or .Net). IBM officials said its upcoming WebSphere Application Server version 5 would support WS-Security by the end of the year.

Submit a Comment

Loading Comments...