Web Services Security Tightens

 
 
By Darryl K. Taft  |  Posted 2002-04-29 Email Print this article Print
 
 
 
 
 
 
 

At the heart of two tools that will be unveiled this week is SAML, a standard that promises to ease the exchange of credentials on the Web.

Since security remains among the key challenges that must be met before Web services can become pervasive, some companies are moving to answer the call. Baltimore Technologies plc. and Hitachi Computer Products Inc.s Quadrasis business unit this week will each deliver tools to help meet Web services security challenge. At the heart of these technologies is SAML (Security Assertions Markup Language), an XML-based standard for exchanging security credentials among online business partners.
Nearing ratification by OASIS, or the Organization for the Advancement of Structured Information Standards, SAML enables users to sign on to one site and have their security credentials and information transparently transferred across affiliated sites.
"Security for Web services is the biggest single issue in the [lack of] maturity of Web services standards," said Randy Heffner, vice president and research leader at Giga Information Group Inc., in Stamford, Conn. Baltimore, of Dublin, Ireland, will announce SelectAccess 5.0, which is the first access control and authorization product based on SAML, said Joyce Fai, vice president of Baltimores Authorization Solutions Group. In addition to delivering SAML-based affiliate services, SelectAccess features centralized management, reporting and alerting capabilities, multiple-directory support, and wireless authorization. Fai called SAML a "very important" standard the industry needs, but not everyone agrees its ready.
"The hype about Web services kind of leaves you breathless," said Andrew Nash, director of technology and standards at RSA Security Inc., in Bedford, Mass. "All of these efforts like SAML and ... WS-Security [Web Services-Security specification] are not yet mature. ... I think there will be less security than would be desirable in a lot of [vendors] solutions. There are no completely agreed upon ways to do this yet." Kim Vertucci, manager of engineering operations at CommWorks, 3Com Corp.s carrier unit, in Rolling Meadows, Ill., said she is less interested in SAML maturity than Baltimores SelectAccess in general "because it works." CommWorks is implementing SelectAccess 5.0 in an intranet environment to keep its research and development data out of the hands of other business units. Quadrasis this week will announce its Enterprise Application Security Integration Developer Tool. It enables users to link security solutions via SAML wrappers and combine them to form a front-line defense for Web services security. The EASI tool is part of the companys EASI Security Unifier, which is based on SAML. Bret Hartman, chief technology officer of Quadrasis in Waltham, Mass., said the EASI Developer Tool is like "[enterprise application integration] for security." Additional reporting by Dennis Fisher Related stories:
  • Spec Secures Web Services Apps
  • Here Be Dragons: Web Services Risks
  • SAML: Sign-On-And-Go Security
  • Baltimores Survival Plan
  •  
     
     
     
    Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel