ARMONK, USA: IBM has announced details of new application security software designed to help clients securely manage employee, partner and customer IT users and their access to company applications and information.

The new release of IBM Tivoli Federated Identity Manager software focuses on enabling a company's separate business divisions to deploy secure software applications using open standards and a wide range of security credentials without needing to embed complex security logic into each application.

The solution simplifies application integration using many forms of user credentials and facilitates the secure sharing of information between trusted parties -- such as business partners or separately managed divisions within an organization operating in an SOA environment.

IBM, the current leader in Identity and Access Management software revenue, according to analyst firm IDC, bolsters its existing portfolio with this new release that provides new management capabilities, user-centric identity technology and substantially extended interoperability with several open industry standards and other vendors' software.

"With its extended interoperability, IBM Tivoli Federated Identity Manager is uniquely positioned to simplify application security integration, enabling business process and application owners to deliver their services without being constrained by IT security and compliance issues," said Venkat Raghavan, director of product management, IBM Tivoli security, risk and compliance software. "This enables clients to tie together various organizational and business silos while also simplifying the integration between their company and partners' Web sites."

The vexing challenge for developers building applications is how to deal with the multitude of user credentials that need to be managed while providing end-to-end security. Using an office building analogy, end-to-end security could entail electronic locks opened by employee badges on the front door and keys for individual offices and file cabinets that store business critical information.

Similarly, in the IT environment, it is common to have a single application that needs to support many forms of user credentials as business processes and organizations are linked across many facets of a company, including mainframe applications. Managing and securing access to a company's many services, applications and data are needed to meet security and compliance requirements.

This new IBM Tivoli software release automates the management of user credentials across applications without the application specialists needing to be security experts. Application owners define the type of credential needed based on an application's risk profile, and end users who present their credentials are automatically signed-on and given access to the various parts of the applications as appropriate. The software also provides auditors with a single view of the credentials used to help validate that the user access matches policy.