Friday, July 30, 2021

IBM’s Web Services Security Answer Lies with Tivoli

IBM will release new software in its Web services suite of
applications early next year to address the problem of data security,
officials announced Wednesday.

The Tivoli Access Manager is scheduled for release in the first quarter of
2003, in what officials said would “provide integrity and confidentiality
in Web services applications.”

Tivoli’s upcoming version 4.1 in November lays the groundwork for
incorporating the different security standards found today. In early 2003,
Leo Cole, Tivoli director of security solutions, expects all security
standards to be supported under the Access Manager’s single-user,
single-authentication application.

Cole said the challenge in today’s Web service applications is bringing
disparate enterprises together, companies that don’t necessarily use the
same system.

“Before, it was just a single enterprise, the next step is to include
supply-chain management,” he said. “That’s more difficult, because you
might have one customer on WebSphere and another on .Net.”

A standard for Web services security, dubbed WS-Security, has been in place
for months now after ratification by the Organization for the Advancement
of Structured Information Standards (OASIS), and Web services providers
have been scrambling to incorporate the security enhancements on its
platform.

But WS-Security is just one of several standards used to secure a company’s
information passing back and forth on the Internet; other include Kerberos,
X.509 and SAML.

The promise of Web services have many corporations eager to get their
intranet enabled, which would streamline its inventory and order processes,
among other efficiencies. The problem, to date, has been the fact
always-available information makes it easy for crackers (malicious hackers)
to exploit.

IBM and Microsoft , two of the major Web services
platform vendors in the U.S., have been working on a WS-Security standard
for more than a year. Both have a vested interest in its success — IBM
with WebSphere and Microsoft with .Net — and have spent considerable time
looking for solutions.

It boils down to identifiers (called tokens) that certify the people
accessing the real-time database of information. WS-Security implemented
new headers in the Web service lexicon to meet those security needs, and
the other security standards used their own “branding” method.

This certification process makes it possible for information to reside
securely behind a firewall, regardless of the vendor (i.e., WebSphere or
.Net). IBM officials said its upcoming WebSphere Application Server version
5 would support WS-Security by the end of the year.

Similar articles

Latest Articles

How FedEx, Pizza Hut,...

Companies of all sizes analyze operational data at a surface level, but the growing availability and sophistication of data analytics tools have expanded the...

How Big Data is...

A growing number of enterprises are pooling terabytes and petabytes of data, but many of them are grappling with ways to apply their big...

Data Transformation Trends 2021

Gathered data is one thing. But useful data is quite another. Once data is collected, it has to be transformed in order to be...

Data Collection Trends 2021

Data collection trends tend to vary tremendously over time. With so much data now available in the enterprise, how data is collected can be...