BEA Adds Security Layer

New infrastructure from BEA Systems Inc. promises to provide a layer of security across an organization's software installations.

A new infrastructure from BEA Systems Inc., bolstered by a series of partnerships with security vendors, promises to provide a layer of security across an organizations software installations.

WES (WebLogic Enterprise Security), introduced last week, is a cross-enterprise application security infrastructure that provides security services to applications—authentication, authorization and auditing, for example—through native integrations, plug-ins and partnerships with security vendors, according to officials of the San Jose, Calif., company.

BEA formed partnerships with VeriSign Inc. and RSA Security Inc. for authentication capabilities; Symantec Corp., for auditing and intrusion detection; and Waveset Technologies Inc., Business Layers Inc. and Thor Technologies Inc., for user identity capabilities.

Using the WebLogic integration platforms distributed architecture, WES manages security across applications. It integrates with existing IT infrastructures and platforms—including Web services, application servers and custom applications—so companies can use a common, consistent security infrastructure, officials said.

Rather than replace security applications or hard coding that a company may already have in place, WES abstracts existing code from the applications and turns it into distributed enterprise security services that can manage security requests on behalf of applications. As a result, instead of maintaining security functions redundantly within each application, the applications can delegate these functions to the shared WES infrastructure.

WES builds on the WebLogic 8.1 integration offerings that BEA released last summer. Out of the box, the new software offers authentication, identity assertion, credential mapping, dynamic role mapping, rules-based parametric authorization and auditing.

WebLogics provisioning capabilities enable policy updates to be distributed to applications in real time, with minimal network traffic and bandwidth requirements, officials said.

Because it is based on open standards, WES can fit into an existing infrastructure, company officials said. At the same time, security services can be provided to applications via what BEA calls a resource container, which frees developers from hard coding application integrations.