IBM Corp. officials on Wednesday announced software that helps developers and corporate users build more secure Web services, which the company will incorporate into WebSphere Application Server 5.0 and Tivoli Systems Inc.'s Access Manager 4.1 later this year and early next.
The new software is essentially intended to manage high-volume business transactions as well as serve to integrate critical functions within Tivoli and WebSphere. It will adhere to the WS-Security specification which IBM co-authored with Microsoft, company officials said.
IBM said the announcement represents their first efforts to deliver on its promise of delivering software that allows developers and users to deploy federated identification-based services from within its key middleware products.
"For the first time you are seeing a public statement from IBM on this topic of federated identification. We have not been very public about our stance in this space but now we are making it clear we are going to play here," said Arvind Krishna, vice president of security products at Tivoli Software in Austin, Texas. "We will better know what the standards for these products will be for next year and the new will modify the code to match the standards," he added.
One of the benefits to the new software is it will allow companies to create Web services-based applications that are secure outside of the firewall, Krishna noted. This means they can conduct secure transactions with partners across a supply chain regardless of the Web services and/or other security technologies used by such business partners.
IBM Tivoli Access Manager 4.1, scheduled for a November release, will feature new federated identity management interfaces that enable customers to plug in support for identity standards. This next release will initially feature out-of-the box support for the XML Key Management Specification (XKMS), company officials said.
IBM will extend this capability to include support for various identity standards such as the Security Assertions Markup Language (SAML), Kerberos, XML Digital Signatures, and other security tokens formats as they mature in standards organizations. Additionally, IBM will support secure token management, trust brokering, integrated identity mapping, and credential mapping services.
Version 5 of WebSphere Application Server will support WS-Security in the fourth quarter and in IBM's Tivoli Access Manager 4.1, early next year, company officials said. This specification defines a standard set of SOAP extensions that can be used to provide integrity and confidentiality in Web services applications, they said.
The new Web services trust broker software can allow organizations to automate the process of entering into trusted business relationships, regardless of the type of security mechanism used by the other company. IBM's intent is to support the broadest range of brokering methods such as Microsoft TrustBridge, Kerberos tokens, Public Key Infrastructure ( PKI) credentials, and other means of delegating trust that develop in the future. IBM plans to deliver this software in Tivoli and WebSphere software.