IBM Corp. and Verisign Inc. on Tuesday unveiled an ambitious deal that will see development of a managed entitlement service based on the Tivoli Policy Director, as well as a tight working relationship between VeriSign and IBM's Global Services and hardware groups.
The new managed entitlement service is designed to secure e-business environments by combining online authentication, digital credentials and signatures, policy management and authorization backed by updating trusted customer and partner information, according to officials from both companies.
Under the joint product development, sales and distribution deal, the two companies will also collaborate on Web services by working to move key programming standards forward including XKMS, UDDI, and SAML, thereby making it easier to enable them. For instance, IBM plans to embed XKMS into the Tivoli Policy Director, Websphere Application Server and those applications built using the Websphere platform.
"To both strengthen and mature Web services can only be a win-win for us and the industry. To make that happen we need people to jump on developed standards and roll them into products everyone can depend on," said Arvind Krishna, IBM's vice president in charge of security products.
As part of a two-tiered sales and distribution approach IBM Global Services and VeriSign's Consulting group will offer users a number of managed services and offer to assist companies with public key infrastructure (PKI) implementations.
"Our (IBM's Global) service arm will provide all the integration services as well as determine how they should be integrated into our customer's infrastructure and applications. We think that is a pretty key value beyond the deployment of the PKI itself," Krishna said.
Also as part of the deal VeriSign will acquire IBM hardware, including Big Blue's Unix-based servers and Linux-based mainframes to run its large hosting centers, most of those centers are currently run by servers from Sun Microsystems, according to spokesmen from both companies.
Explaining the integration of VeriSign's technology with Tivoli's Policy Director, Krisha said to think of the two as Tivoli's access management solution.
"The Policy Director is an active management solution that is aimed at both Web single sign-on as well as authorization services for enterprise application integration, as well as back-end identification infrastructure," Krishna said.
The companies combined expertise in PKI and architectures is good news for most users wrestling with PKI, but could be bad news for some of the much smaller competitors each company faces.
"Certainly this deal accelerates the tough times for any kind of stand-alone PKI vendor," said John Pescatore, vice president and research director of network security at the GartnerGroup, based in Stamford, Conn. "With IBM pushing VeriSign into products, the Entrusts and Baltimore's are really standing there naked."
IBM officials admit that many users have had concerns about deploying PKI on their own. To soften those concerns the two companies will deploy the technology as an option through the new partnership.
"But on the other hand many users just want the software and not the service. For them, we will remain strong supporters if they want to go ahead and deploy it on their own," Krishna said.
Noting VeriSign's acquisition of managed services vendor Telenisus' technology assets in December, Pescatore said IBM's commitment to bolstering its own managed security could pose a formidable offering.
Pescatore noted that an integrated IBM and VeriSign one-two punch served through IBM Websphere could bode ill for Sun's iPlanet Web server.
"Today, when you try to add security, PKI and authorization, it's something you have to graft-on and integrate with applications. (With VeriSign) they have the opportunity to make things like a portal the equivalent of Lotus Notes," he said.
The new partnership could also make a splash in the dormant business-to-business marketplace, he added.