The two sides are said to be negotiating on a multiyear partnership to deliver secure e-business services via the Web. The overall goal is to marry VeriSign's authentication and payment services technology to IBM hardware and applications.
IBM and VeriSign will create a new Entitlements Management Service based on VeriSign technology and Tivoli Policy Director.
The new service will secure ebusiness environments by combining online authentication and digital credentials with policy management and authorisation, backed by updating of trusted customer and partner information.
IBM Global Services and VeriSign's Consulting Group will offer customers a range of managed services and will assist companies with public key infrastructure (PKI) implementations, though officials at IBM and VeriSign declined to comment on their plans.
The companies' joint PKI and architecture expertise would be good news for customers wrestling with PKI but bad news for others, said John Pescatore, an analyst at Gartner.
"Certainly [a deal] would accelerate the tough times for any kind of stand-alone PKI vendor," Pescatore said. "If IBM pushes [VeriSign technology] into products, the Entrusts and Baltimores are really standing there naked."
Managed security providers could also be vulnerable. Noting VeriSign's acquisition of managed services vendor Telenisus' technology assets in December, Pescatore said IBM could bolster its offerings in this area.
A potential IBM and VeriSign collaboration could target Web services by pushing emerging standards into products and solutions.
Pescatore said an integrated IBM and VeriSign service served through IBM WebSphere could bode ill for Sun's iPlanet application server.
"Today, when you try to add security, PKI, and authorisation, it's something you have to graft on and integrate with applications. [With VeriSign] they have the opportunity to make things like a portal the equivalent of Lotus Notes," Pescatore said.