The software is intended to manage high-volume business transactions as well as integrate critical functions within Tivoli and WebSphere. It will adhere to the WS-Security specification, which IBM co-authored with Microsoft.
IBM said the announcement represents its efforts to deliver software that allows developers and users to deploy federated identification-based services from within its key middleware products.
"For the first time you are seeing a public statement from IBM on this topic of federated identification. We have not been very public about our stance in this space but now we are making it clear we are going to play here," said Arvind Krishna, vice-president of security products. "We will better know what the standards for these products will be for next year and the new software will modify the code to match the standards," he added.
Although IBM's move into federated identification represents a step forward, some observers said it still does not resolve the questions about how competing technologies will come together under one standards banner.
"The outstanding question relating to federated identification is how are federated identity standards going to come together when you have The Liberty Alliance, the IBM-Microsoft WS-Federation, which is part of WS-Security, not synching up. There is still a lot to be figured out about how federated identity standards are going to come together," Heffner said.
One of the benefits to the software that it will allow companies to create Web services-based applications that are secure outside of the firewall, Krishna noted. This means they can conduct secure transactions with partners across a supply chain regardless of the Web services and/or other security technologies used by such business partners.
IBM Tivoli Access Manager 4.1, is scheduled for release in November. It will feature federated identity management interfaces that enable customers to plug in support for identity standards. This next release will, initially, feature out-of-the box support for the XML Key Management Specification (XKMS).
IBM will extend this capability to include support for various identity standards such as the Security Assertions Markup Language (SAML), Kerberos, XML Digital Signatures, and other security tokens formats as they mature in standards organisations. Additionally, IBM will support secure token management, trust brokering, integrated identity mapping and credential mapping services.
Version 5 of WebSphere Application Server will support WS-Security in the fourth quarter and in IBM's Tivoli Access Manager 4.1 early next year. This specification defines a standard set of Soap extensions that can be used to provide integrity and confidentiality in Web services applications, IBM said.
The Web services trust broker software can allow organisations to automate the process of entering into trusted business relationships, regardless of the type of security mechanism used by the other company. IBM's intends is to support the broadest range of brokering methods such as Microsoft TrustBridge, Kerberos tokens, Public Key Infrastructure (PKI) credentials and other means of delegating trust that develop in the future. IBM plans to deliver this software in Tivoli and WebSphere software.