Honoring its commitment to incorporate disparate security standards in
its Web services software, IBM
officials have announced
support for SAML
as well as an extended edition of its mainframe-security service,
The two security standards will be supported in Tivoli Access Manager
v5.1, due out by the end of the year.
One of the highest priorities for Web services vendors — like IBM with
Tivoli and Web Sphere, Microsoft with .NET
that its framework would stay free of interlopers.
Given the nature of Web services
corporate intranet to another, the risk of sensitive and critical
information getting intercepted between the end points has always been
an issue with IT managers. Allowing unauthorized employees
access to restricted information is another concern.
IBM relates that information to its services oriented architecture
(SOA), where components of its Tivoli and Web Sphere products pass
information from one to the other millions of times a day.
SAML and Kerberos handle these authentication and identification
procedures, and are now rolled into both IBM programs as a standard
feature, though it plans on expanding that to its entire software line.
“In the larger picture, we’re doing this to support the On Demand
operating environment,” said Bob Sutor, IBM director of Web services
As Sutor puts it, Web services is the second generation of the World
Wide Web, hooking together not consumer sites but corporate intranets.
One of the biggest concerns when Web services were getting rolled out
was security, though it seems to have taken a back seat to cost-cutting
measures and integration.
“I think (security should be) their number one concern,” he said, “not
as a problem, but a concern.”
The SAML, Web Sphere MQ and Kerberos support isn’t an end point for
security on the Web services framework, Sutor said, but a stepping
“This marks pretty much a stake in the ground where we’re saying this is
where we are in implementing the Web services security roadmap, which we
helped author last year, this is where we are on the Tivoli roadmap that
we published last year and this is where we’re going,” he said.
The next step in the roadmap is providing native support for these
security standards in Web Sphere and Tivoli. Currently, SAML needs to
be manually coded at both ends to gain authentication, while Kerberos
isn’t embedded into Tivoli.
Using federated identity software, however, IBM plans to put Kerberos in
Tivoli natively, while using SAML to automate the creation of identities
for trusted users.
While federated computing is still in its infancy, IBM officials
consider it the next step in Web services security. Having a single,
uniform way to set parameters, officials say, is the most secure method
to use when tying together customer relationship management (CRM),
supply chain management (SCM) and legacy systems.
This next step will be to roll it out sometime next year. IBM’s Web site, called AlphaWorks (http://www.alphaworks.ibm.com), lets users work with the federated