Web Services Security Tightens | eWeek

Web Services Security Tightens

Écrit par
Darryl K. Taft
Darryl K. Taft
Apr 29, 2002
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Since security remains among the key challenges that must be met before Web services can become pervasive, some companies are moving to answer the call.

Baltimore Technologies plc. and Hitachi Computer Products Inc.s Quadrasis business unit this week will each deliver tools to help meet Web services security challenge.

At the heart of these technologies is SAML (Security Assertions Markup Language), an XML-based standard for exchanging security credentials among online business partners.

Nearing ratification by OASIS, or the Organization for the Advancement of Structured Information Standards, SAML enables users to sign on to one site and have their security credentials and information transparently transferred across affiliated sites.

“Security for Web services is the biggest single issue in the [lack of] maturity of Web services standards,” said Randy Heffner, vice president and research leader at Giga Information Group Inc., in Stamford, Conn.

Baltimore, of Dublin, Ireland, will announce SelectAccess 5.0, which is the first access control and authorization product based on SAML, said Joyce Fai, vice president of Baltimores Authorization Solutions Group. In addition to delivering SAML-based affiliate services, SelectAccess features centralized management, reporting and alerting capabilities, multiple-directory support, and wireless authorization.

Fai called SAML a “very important” standard the industry needs, but not everyone agrees its ready.

“The hype about Web services kind of leaves you breathless,” said Andrew Nash, director of technology and standards at RSA Security Inc., in Bedford, Mass. “All of these efforts like SAML and … WS-Security [Web Services-Security specification] are not yet mature. … I think there will be less security than would be desirable in a lot of [vendors] solutions. There are no completely agreed upon ways to do this yet.”

Kim Vertucci, manager of engineering operations at CommWorks, 3Com Corp.s carrier unit, in Rolling Meadows, Ill., said she is less interested in SAML maturity than Baltimores SelectAccess in general “because it works.” CommWorks is implementing SelectAccess 5.0 in an intranet environment to keep its research and development data out of the hands of other business units.

Quadrasis this week will announce its Enterprise Application Security Integration Developer Tool. It enables users to link security solutions via SAML wrappers and combine them to form a front-line defense for Web services security.

The EASI tool is part of the companys EASI Security Unifier, which is based on SAML. Bret Hartman, chief technology officer of Quadrasis in Waltham, Mass., said the EASI Developer Tool is like “[enterprise application integration] for security.”

Additional reporting by Dennis Fisher

Related stories:

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.