IBM and Systinet Write Next-Gen Tools

 
 
By Timothy Dyck  |  Posted 2002-05-27 Email Print this article Print
 
 
 
 
 
 
 

While web services security standardization gets hammered out, IBM and Systinet Corp. are allowing organizations to experiment on Java-based Web services with next-generation security systems.

While web services security standardization gets hammered out, IBM and Systinet Corp. are allowing organizations to experiment on Java-based Web services with next-generation security systems.

IBMs Web Services Toolkit 3.1, released last month, is the first implementation of the WS-Security (Web Services-Security) specification that IBM co-authored with Microsoft Corp. and VeriSign Inc.

Posted on the companys Alphaworks site (www.alphaworks.ibm.com/tech/webservicestoolkit), Web Services Toolkit can be downloaded for free but can be used only for evaluations, not for production deployment. Typically, IBM folds Web services software released on Alphaworks into its WebSphere application server once the related standards have stabilized.

The tool kit supports Apache Software Foundations Tomcat application server or IBMs WebSphere application server. (A stripped-down version of WebSphere is included in the download; this is the application server that we used.)

Although WS-Security is supported, we would like to see more documentation and example code included.

Systinets upcoming WASP (Web Applications and Services Platform) Secure Identity product implements a distributed authentication server and single-sign-on service for Web services. It uses OASIS, or the Organization for the Advancement of Structured Information Standards, Security Assertion Markup Language as one of its protocols.

WASP Secure Identity is available in beta now (downloadable from www.systinet.com/eap/wasp_card) and is expected to ship in August. It requires Systinets WASP Server 3.0.3 Advanced for Java, Systinets Web services server.

Using WASP Secure Identity, organizations can centralize Web services authentication in a single place and take advantage of user directories they already have. The beta will look up user names and passwords from a database, but the final version will also allow authentication using LDAP and Microsoft Active Directory user directories.

Systinets WASP Server 4.0 will also include significant Web services security enhancements. It will have a much more flexible authentication system that will allow users to identify themselves using HTTP basic or digest authentication, Secure Sockets Layer or Kerberos, or through WASP Secure Identity.

Systinet expects to post a beta of WASP Server 4.0 on its Web site (www.systinet.com) by the end of this month and to ship by the end of next month. Pricing hasnt been announced, and the server wont include WS-Security support, although it is planned for a future version.

Related Stories:
  • Web Services Secure?
  • Web Services Security: A Political Battlefield
  • Web Services Edged Forward
  •  
     
     
     
    Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...

     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel