IBM plans to add an instance-based authorisation function, which
would provide system access to specific sets of data, to its
WebSphere Web services environment.
The function would enable narrowed access to specific data objects
based on instances, rather than focus on entire data sets related
to an object, according to Anthony Nadalin, IBM senior technical
staff member and lead security architect in the company's Tivoli
Software group.
With instance-based authorisation, a healthcare provider could
access instances of data pertaining to patient "Mary," rather than
gaining access to all related objects and methods, Nadalin
said.
"Basically, we want to get this notion into J2EE (Java 2 Enterprise
Edition) itself" through the Java standards process, known as JSR
(Java Specification Request), Nadalin said,
"Meanwhile, we're working on something in WebSphere," said Nadalin,
noting 2003 as the target date for inclusion of the instance
function.
Additionally, IBM is moving toward a Kerberos-based token security
model for authorisation in WebSphere to enable tighter links to
other Kerberos-based security systems in IBM offerings such as CICS
middleware, the DB2 database, and OS/390 mainframes, Nadalin
said.
"Kerberos gives us the ability to have end-to-end delegation" of
requests between different servers and divide workloads, said
Nadalin.
Kerberos is due in WebSphere some time this year, some time after
the Release 5 of WebSphere, which is expected in June, said
Nadalin.