RealTime IT News

IBM Honors Security Pledge

Honoring its commitment to incorporate disparate security standards in its Web services software, IBM officials have announced support for SAML and Kerberos , as well as an extended edition of its mainframe-security service, WebSphere MQ.

The two security standards will be supported in Tivoli Access Manager v5.1, due out by the end of the year.

One of the highest priorities for Web services vendors -- like IBM with Tivoli and Web Sphere, Microsoft with .NET and Sun with J2EE -- has been to reassure potential corporate customers that its framework would stay free of interlopers.

Given the nature of Web services architecture, which ties components from one corporate intranet to another, the risk of sensitive and critical information getting intercepted between the end points has always been an issue with IT managers. Allowing unauthorized employees access to restricted information is another concern.

IBM relates that information to its services oriented architecture (SOA), where components of its Tivoli and Web Sphere products pass information from one to the other millions of times a day.

SAML and Kerberos handle these authentication and identification procedures, and are now rolled into both IBM programs as a standard feature, though it plans on expanding that to its entire software line.

"In the larger picture, we're doing this to support the On Demand operating environment," said Bob Sutor, IBM director of Web services software.

As Sutor puts it, Web services is the second generation of the World Wide Web, hooking together not consumer sites but corporate intranets. One of the biggest concerns when Web services were getting rolled out was security, though it seems to have taken a back seat to cost-cutting measures and integration.

"I think (security should be) their number one concern," he said, "not as a problem, but a concern."

The SAML, Web Sphere MQ and Kerberos support isn't an end point for security on the Web services framework, Sutor said, but a stepping stone.

"This marks pretty much a stake in the ground where we're saying this is where we are in implementing the Web services security roadmap, which we helped author last year, this is where we are on the Tivoli roadmap that we published last year and this is where we're going," he said.

The next step in the roadmap is providing native support for these security standards in Web Sphere and Tivoli. Currently, SAML needs to be manually coded at both ends to gain authentication, while Kerberos isn't embedded into Tivoli.

Using federated identity software, however, IBM plans to put Kerberos in Tivoli natively, while using SAML to automate the creation of identities for trusted users.

While federated computing is still in its infancy, IBM officials consider it the next step in Web services security. Having a single, uniform way to set parameters, officials say, is the most secure method to use when tying together customer relationship management (CRM), supply chain management (SCM) and legacy systems.

This next step will be to roll it out sometime next year. IBM's Web site, called AlphaWorks (http://www.alphaworks.ibm.com), lets users work with the federated identity software.