BEA Launches Secure Integration Offering

WebLogic Enterprise Security is an infrastructure for adding security across enterprise applications.

BEA Systems Inc. on Monday announced an infrastructure and partner ecosystem for security.

WebLogic Enterprise Security is a cross-enterprise application security infrastructure that provides security services to applications—authentication, authorization and auditing, for example—through native integrations, plug-ins and partnerships with security vendors, according to officials of the San Jose, Calif., company.

BEA announced partnerships with VeriSign Inc. and RSA Security Inc. for authentication capabilities; Semantic Corp. for auditing and intrusion detection; and Wave Set Technologies Inc., Business Layers Inc. and Thor Technologies Inc. for user identity capabilities.

Using the WebLogic integration platforms distributed architecture, WES manages application security across applications. It integrates into existing IT infrastructure and platforms—including Web services, application servers and custom apps—so companies can utilize a common, consistent security infrastructure, officials said.

How it works is rather than replacing what security applications or hard coding a company may already have in place, WES abstracts existing code from the applications and turns that into distributed enterprise security services that can handle and manage security requests on behalf of applications. So instead of maintaining security functions redundantly within each individual application, applications can delegate these functions to the shared WES infrastructure.

Out-of-the-box, WES offers authentication, identity assertion, credential mapping, dynamic role mapping, rules-based parametric authorization and auditing.

At the same time, WebLogics provisioning capabilities are such that policy updates can be distributed to applications in real time, with minimal network traffic and bandwidth requirements, officials said.

Because its based on open standards, WES can fit into an existing infrastructure, company officials said. At the same time, security services can be provided to applications via something BEA calls a resource container that frees developers from hard coding application integrations.