IBM unveils Web services security tools
IBM today moved to boost Web services security with the unveiling of a set of
tools that officials said can secure applications built using multiple
IBM's unveiling of Web services security tools for both its WebSphere and
Tivoli product families marks the latest effort by top firms to overcome what
many experts say is the key shortcoming to Web services technologies -- a lack
of corporate-level security capabilities. Microsoft last spring unveiled a
security system for Windows-based Web services applications.
IBM officials said the new security software supports most industry standards
for Web services security, including the WS-Security specification
co-authored by IBM. Thus, businesses can develop Web services applications that
are secured beyond the firewall and facilitate secure transactions with partners
in a supply chain, regardless of the Web services or security technologies used
by other partners.
IBM officials said WebSphere Application Server Version 5 will support
WS-Security in the fourth quarter and that the Tivoli Access Manager will
support the spec early next year. This specification defines a standard set of
Simple Object Access Protocol (SOAP) extensions that can be used to provide
integrity and confidentiality in Web services applications.
IBM also plans to support new federated identity management capabilities in
its WebSphere and Tivoli software, which would let Web services and enterprise
applications share identity information across multiple networks of suppliers,
partners and customers.
IBM officials also said that over the long term, the company will provide
fine-grained authorization for SOAP transactions in Web services environments,
allowing businesses to control access to Web services applications based on a
user's identity and associated entitlements.
For more information, click on http://www.ibm.com
Mike Bucken is former Editor-in-Chief of Application Development Trends magazine.