News

IBM unveils Web services security tools

• By Michael W. Bucken
• September 18, 2002

IBM today moved to boost Web services security with the unveiling of a set of tools that officials said can secure applications built using multiple technologies.

IBM's unveiling of Web services security tools for both its WebSphere and Tivoli product families marks the latest effort by top firms to overcome what many experts say is the key shortcoming to Web services technologies -- a lack of corporate-level security capabilities. Microsoft last spring unveiled a security system for Windows-based Web services applications.

IBM officials said the new security software supports most industry standards for Web services security, including  the WS-Security specification co-authored by IBM. Thus, businesses can develop Web services applications that are secured beyond the firewall and facilitate secure transactions with partners in a supply chain, regardless of the Web services or security technologies used by other partners.

IBM officials said WebSphere Application Server Version 5 will support WS-Security in the fourth quarter and that the Tivoli Access Manager will support the spec early next year. This specification defines a standard set of Simple Object Access Protocol (SOAP) extensions that can be used to provide integrity and confidentiality in Web services applications.

IBM also plans to support new federated identity management capabilities in its WebSphere and Tivoli software, which would let Web services and enterprise applications share identity information across multiple networks of suppliers, partners and customers.

IBM officials also said that over the long term, the company will provide fine-grained authorization for SOAP transactions in Web services environments, allowing businesses to control access to Web services applications based on a user's identity and associated entitlements.

For more information, click on http://www.ibm.com