New IBM software for secure Web Services

BANGALORE: IBM has launched the industry's first software that will help organizations build secure business relationships more efficiently with other organizations using Web Services applications.

IBM's WebSphere software would manage high-volume business transactions and integrating key business applications. The IBM Tivoli software enables the secure interaction of business applications that support key industry standards for Web Services security, such as the WS-Security specification, which IBM co-authored.

As a result, businesses will now be able to develop Web Services applications that are secured beyond the firewall -- meaning they can facilitate secure transactions with partners in their supply chain, regardless of the Web Services or security technologies used by other partners.

IBM is developing the first comprehensive open-standards based Web services infrastructure that extends enterprise-class security capabilities to Web services deployments running on a variety of platforms. New features across the WebSphere and Tivoli software portfolio can help IBM customers automate the process of extending customer and partner-facing Web Services applications to more organizations and users, helping reduce the reliance on proprietary technologies and costly manual integration.

"IBM is liberating customers so they are no longer confined to Web Services inside the firewall," said Frank Luksic, Country Manager, IBM Software Group and Developer Relations, IBM India. "By simplifying business integration across federated company boundaries using open standards, IBM is delivering software that can help customers link thousands of its business partners together while reducing custom integration costs."

IBM also plans to support new federated identity management capabilities in its WebSphere and Tivoli software to provide a way for Web services and enterprise applications to share identity information across multiple networks, helping businesses extend market reach by securely integrating with suppliers, partners and customers.

Specifically, IBM WebSphere Application Server Version 5 will be available to support WS-Security in the fourth quarter and early next year for IBM Tivoli Access Manager. This specification defines a standard set of Simple Object Access Protocol (SOAP) extensions that can be used to provide integrity and confidentiality in Web services applications.

IBM Tivoli Access Manager will feature new federated identity management interfaces that enable customers to plug in support for identity standards. This next release, scheduled for November, will initially feature out-of-the box support for the XML Key Management Specification (XKMS).

IBM plans to extend this capability to include support for various identity standards such as the Security Assertions Markup Language (SAML), Kerberos, XML Digital Signatures and other security tokens formats as they mature in standards organizations. Additionally, IBM will support secure token management, trust brokering, integrated identity mapping and credential mapping services.

New Web Services trust broker software can allow organizations to automate the process of entering into trusted business relationships, regardless of the type of security mechanism used by the other company. IBM’s intent is to support the broadest range of brokering methods such as Microsoft TrustBridge, Kerberos tokens, Public Key Infrastructure (PKI) credentials and other means of delegating trust that develop in the future. IBM plans to deliver this software in Tivoli and WebSphere software.

Additionally, IBM plans to provide fine-grained authorization for SOAP transactions in Web Services environments. This new feature will allow businesses to control access to Web Services applications based on a user’s identity, and associated entitlements.