IBM is backing key industry standards for web services security that will better enable its products to fully embrace service-oriented architectures (SOAs).
"What is driving in interest in SOAs are the incredibly heterogeneous environments users have to support. Either through mergers and acquisitions or new software they themselves produce, they will have a patchwork of hardware and software they use to get their most important work done. And the best way to get efficiencies out of such an environment is to make it look more homogenous," said Bob Sutor, director of IBM's WebSphere software.
Typically within an SOA environment, business processes can be exchanged as interchangeable tasks or including web services, Java adopters, and older application programming interfaces such as Corba. This would allow a bank, for instance, to use the same computing services infrastructure to take care of account transfer requests coming from tellers, cash machines or a web-based application. This can help eliminate the need for multiple applications that can be expensive to maintain.
To help this effort along, IBM executives said they will support the WS-Security roadmap and standards for expressing identity information including the Security Assertion Markup Language (SAML) and Kerberos.
SAML enables authentication, authorisation and identity information that can be exchanged among companies and their trading partners. IBM will also support Kerberos, a popular Windows network authentication protocol, which enables users to sign onto a Windows desktop system and automatically access a range of applications using just their web browser.
IBM will add native support for Kerberos within WebSphere, a company spokesman said.
"These announcements are aimed to tie together the picture of Tivoli and WebSphere being linked arm and arm as we advance the underlying security management. We want to show what you can do through middleware and security policies, and then how you build these applications on the Websphere platform," Sutor said.
Corporate IT shops will be able to use IBM's federated identity software to create a single, uniform way to set parameters for allowing access to web applications, or packaged software including customer relationship management and enterprise resource planning applications, and legacy systems running high-volume transactions.
IBM will deliver a new version of WebSphere that will debut security enhancements through an upcoming version of Tivoli Access Manager (V5.1) by the end of the year. These improvements will provide web single sign-on capabilities to access portals, applications and back-end systems.
It will also build in features to its upcoming WebSphere Business Integration and WebSphere MQ products that will enable IBM mainframes to improve their network performance by defining security policies for a select group of web or legacy applications. This capability will also be available by the end of the year.
IBM will expand WebSphere's web services support for software protecting sensitive personal financial data in outsourced web-based Java applications.
Ed Scannell writes for InfoWorld