IBM, VeriSign Ink Internet Security Pact

Tech firms continue to batten the hatches on security and Armonk, N.Y.’s IBM Corp. and Mountain View, Calif.’s
VeriSign Inc. proved no different Tuesday as the firms inked a comprehensive agreement to help ensure trusted
commerce and communications over the Internet.

The deal, for which financial terms have not been made public, is multi-year, and will span technology, services and marketing. Not
surprisingly, it’s aimed at attracting the enterprise to its security offerings as the two companies have agreed to develop and
market a new Entitlements Management Service based on VeriSign’s managed public key infrastructure (PKI) services and technology and
Tivoli Policy Director, IBM’s security management and access control software.

In a teaming of technology whose purpose sounds not unlike Microsoft Corp.’s highly-touted PassPort, the new
service will combine online authentication, Web single sign-on, digital credentialing and signatures, authorization and policy

Moreover, the firms will collaborate on Web services standards, including VeriSign’s XML key management system (XKMS) and Security
Assertion Markup Language (SAML), a specification developed by OASIS’ Security Services Technical Committee (SSTC) to create a
standard for exchanging authentication and authorization information throughout a Web-based transaction across organizational
domains. Specifically, IBM plans to embed XKMS and leverage SAML in Tivoli Policy Director. This process would enable seamless XML
interfaces with VeriSign’s managed PKI and other trust services.

In terms of creating global awareness, IBM’s Global Services Group and VeriSign’s Consulting Services Group will work to provide
managed services and support for companies deploying PKI technology. Lastly, VeriSign will use certain IBM server and software in
its IT operations.

Rusine Mitchell-Sinclair, general manager of Safety and Security Services at IBM, called the alliance a turning point in Web

“Our alliance will present customers with an unprecedented combination of infrastructure services and security solutions to securely
transact e-business,” Mitchell-Sinclair.

The deal would certainly seem to fit under its ” two-pronged approach,” announced last November, whereby it will align security offerings
within its IBM Global Services Practice and create a new Global Solutions Office to address “broader” security issues.

News Around the Web