CA sketches security architecture plans

Computer Associates International Tuesday said it would roll out a series of software packages to help users manage corporate security environments.

While details of the company's eTrust Security Management Architecture were sketchy at best, the company said its initial server-based products and toolkits, expected by the end of the year, will be used to aggregate and track identity and security assertions, create policies and grant authentication on platforms that call for it without modifying underlying applications.

The concept of supporting a way to unite diverse identity and authorization schemes, such as SAML and Kerberos, figure prominently in CA's plans, says Toby Weiss, CA's senior vice president.

CA said its goal is to give customers a way to establish trust models and enforce them across multi-platform applications. Weiss said what happens in terms of identity and authorization in one part of a large intranet is often lost across these heterogeneous systems.

In outlining CA's plans Weiss said the basic problem CA wants to solve is how to preserve user identity and the specific level of "trust" accorded to it after the user has authenticated at a Web site and gained access to an internal, multi-vendor network. As the user moves from Web to mainframe to database applications and more, it's hard to enforce appropriate levels of authorization or capture a comprehensive audit trail associated with the user's movements, Weiss says.

Analysts said CA is targeting a real problem, but voiced skepticism on how easy a problem it is to solve.

CA is looking at the problem of "loss of accountability which happens in a multi-tier architecture where lots of applications are treated as silos," says Phil Schacter, vice president and service director at The Burton Group consultancy.

There is today no product set that can achieve multi-vendor end-to-end audit and accountability in the way CA is proposing, says Schachter. "This kind of functionality typically doesn't come out of a box," he said. More commonly, it would entail the burden and expense of custom coding.

He voiced doubts whether CA could achieve this without a lot of industry partners.

CA claims to have spent two years mulling the difficulty of audit and authorization in a heterogeneous network before stepping out publicly to declare it will conquer it through the eTrust Security Management Architecture.

Join the newsletter!

Error: Please check your email address.

More about Burton GroupCA Technologies

Show Comments