IBM plans to add an instance-based authorization function, which would provide system access to more specific sets of data, to its WebSphere Web services environment, according to IBM officials.
The function would enable narrowed access to specific data objects based on instances, rather than focus on entire data sets related to an object, according to Anthony Nadalin, IBM senior technical staff member and lead security architect in the company's Tivoli Software group, in Austin, Texas. Nadalin spoke following a presentation at the Software Development and Expo Conference in San Jose, California, on Wednesday.
With instance-based authorization, for example, a health care provider could access instances of data pertaining to patient "Mary," rather than gaining access to all related objects and methods, Nadalin said.
"Basically, we want to get this notion into J2EE [Java 2 Enterprise Edition] itself" through the Java standards process, known as JSR (Java Specification Request), Nadalin said,"Meanwhile, we're working on something in WebSphere," said Nadalin, noting 2003 as the target date for inclusion of the instance function.
Additionally, IBM is moving toward a Kerberos-based token security model for authorization in WebSphere to enable tighter links to other Kerberos-based security systems in IBM offerings such as CICS middleware, the DB2 database, and OS/390 mainframes, Nadalin said.
"Kerberos gives us the ability to have end-to-end delegation" of requests between different servers and divide workloads, said Nadalin.
Kerberos is due in WebSphere some time this year, some time after the Release 5 of WebSphere, which is expected in June, said Nadalin.