IBM looks to boost access control in WebSphere


IBM looks to boost access control in WebSphere

IBM plans to add an instance-based authorisation function, which would provide system access to specific sets of data, to its WebSphere Web services environment.

The function would enable narrowed access to specific data objects based on instances, rather than focus on entire data sets related to an object, according to Anthony Nadalin, IBM senior technical staff member and lead security architect in the company's Tivoli Software group.

With instance-based authorisation, a healthcare provider could access instances of data pertaining to patient "Mary," rather than gaining access to all related objects and methods, Nadalin said.

"Basically, we want to get this notion into J2EE (Java 2 Enterprise Edition) itself" through the Java standards process, known as JSR (Java Specification Request), Nadalin said,

"Meanwhile, we're working on something in WebSphere," said Nadalin, noting 2003 as the target date for inclusion of the instance function.

Additionally, IBM is moving toward a Kerberos-based token security model for authorisation in WebSphere to enable tighter links to other Kerberos-based security systems in IBM offerings such as CICS middleware, the DB2 database, and OS/390 mainframes, Nadalin said.

"Kerberos gives us the ability to have end-to-end delegation" of requests between different servers and divide workloads, said Nadalin.

Kerberos is due in WebSphere some time this year, some time after the Release 5 of WebSphere, which is expected in June, said Nadalin.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy