In a major endorsement of security across its wares, IBM Corp. is working with VeriSign Inc. on a joint product development and sales deal that would marry VeriSign's authentication and payment services technology to Big Blue's hardware and application might, industry sources tell InfoWorld.
The two sides are said to be negotiating on a multiyear partnership to deliver secure e-business services via the Web. According to sources, Armonk, N.Y.-based IBM and Mountain View, Calif.-based VeriSign will create a new Entitlements Management Service based on VeriSign technology and Tivoli Policy Director.
The new service will secure ebusiness environments by combining online authentication, digital credentials and signatures, and policy management and authorization backed by updating of trusted customer and partner information.
As a two-tiered sales and distribution approach, IBM Global Services and VeriSign's Consulting Group will offer customers a range of managed services and will assist companies with PKI (public key infrastructure) implementations, according to industry sources. Officials at IBM and VeriSign declined comment.
If a deal between VeriSign and IBM is consummated, their joint PKI and architecture expertise would be good news for customers wrestling with PKI but bad news for others, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.
"Certainly [a deal] would accelerate the tough times for any kind of stand-alone PKI vendor," Pescatore said. "If IBM pushes [VeriSign technology] into products, the Entrusts and Baltimores are really standing there naked."
Managed security providers could also be vulnerable. Noting VeriSign's acquisition of managed services vendor Telenisus' technology assets in December, Pescatore said IBM could bolster its offerings in this area.
A potential IBM and VeriSign collaboration will target Web services by pushing emerging standards into products and solutions, sources said.
Pescatore said an integrated IBM and VeriSign one-two punch served through IBM WebSphere could bode ill for Sun's iPlanet application server.
"Today, when you try to add security, PKI, and authorization, it's something you have to graft on and integrate with applications. [With VeriSign] they have the opportunity to make things like a portal the equivalent of Lotus Notes," Pescatore said.