RealTime IT News

BEA Touts New Security Framework

BEA Systems on Tuesday rolled out the general release of its WebLogic Server Version 7.0 J2EE-based application server product, touting a redesigned security framework as a key asset in its efforts to compete with offerings from IBM Corp. and Sun Microsystems .

To enhance its Web Services potential, WebLogic Server Version 7.0 has been equipped with full UDDI implementation to host public and private registries and BEA went at lengths in Tuesday's general release announcement to hype the new security framework, which promises to separate application development from application security management. (More security information available here.

"This frees developers to focus on integration and implementation, leaving the securing of applications to administrators and security experts, while providing the flexibility to change security policy without having to change application code," BEA said. The new framework would let administrators easily control and change user access privileges by using WebLogic Server 7.0's role-based and rules-driven authorization scheme.

The San Jose, Calif.-based BEA said the range of security capabilities include application access (authorization), user validation (authentication), access tracking (auditing), and application and data protection (public key infrastructure -- PKI).

Using the new menu driven policy tool in BEA WebLogic Server 7.0, administrators can easily define security policies, providing the flexibility and control needed to secure any component in the application, including Web Services.

The WebLogic Server application, which previously lent support to the Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL) standards, is now fully J2EE 1.3-compliant. This includes support for Java Secure Socket Extension (JSSE), Secure Sockets Layer (SSL) and Java Authentication and Authorization Service (JAAS).

As pr eviously reported, BEA said the upgraded WebLogic Server 7.0 would include fewer manual steps, cleaner code, and easy packaging. It also adds WebLogic Builder, a new graphical tool for assembling, packaging and deploying J2EE applications on the server. BEA said the tool, coupled with new command-line utilities, reduces the number of manual steps necessary to create deployable J2EE applications.

Other additions include tools to allow developers to automatically expose applications as Web services without additional skills or coding, as well as tools to simplify the management and configuration of clusters, code and content updates.

BEA's WebLogic Server is currently being using by third-party security firms like Baltimore, Entegrity, Entrust, Netegrity, PentaSafe, RSA Security and VeriSign.