New Web Services to Run the Security Gamut

Entrust and WestBridge ready comprehensive packages of tools and standards support.

Entrust Inc. and Westbridge Technology Inc. are rolling out Web services security platforms designed to give enterprises a complete package of tools and support for a variety of standards.

Entrust on Oct. 8 will unveil its Secure Transaction Platform, which will offer features focusing on identification, entitlement, verification and privacy, according to sources close to the company.

Westbridge this week is announcing its own comprehensive security platform, said Kerry Champion, president of the Mountain View, Calif., company.

The Westbridge XML Message Server includes an XML firewall that intercepts XML traffic at the edge of the network, deciphers the content of that message and makes policy-based decisions based on the content as to whether to reject, reroute or transform the message. The server accesses the metadata associated with the message.

Mike Gerdes, research director at managed security company RedSiren Technologies Inc., said security will play a key role in the maturation of Web services and that standards will only be a part of whats needed.

"The new-generation tools are necessary, and well see the need for more advanced firewalling and application process control," said Gerdes, in Pittsburgh.

"Standards all by themselves arent technologies," said Jason Bloomberg, an analyst with ZapThink LLC, in Cambridge, Mass. "They dont tell you what you need to build; they just provide some of the ground rules. Its up to vendors to implement those standards and to provide the value-add on top of them."

According to sources, Entrust, a PKI (public-key infrastructure) vendor in Plano, Texas, will bundle a variety of features in its platform. For example, the identification offering will manage the identities of users in an enterprise environment via user names, passwords and digital certificates. The entitlement service will enable users to track which resources individuals can access. The verification service will include digital time stamps of transactions so that authorized parties will be able to see the details and time of a transaction.

Encryption will be offered in the privacy service so that messages can be secured in transit, sources said.

Entrust officials confirmed the details of the platform but declined further comment.

Westbridge XML Message Server provides many of the same capabilities as Entrusts offering, including such security management features as authentication, authorization, encryption, digital signature support, real-time monitoring and auditing, Champion said.

Both offerings will support many of the Web services security standards, including Web Services-Security, Security Assertion Markup Language, XML Key Management Specification—a way of leveraging the value of PKI digital certificates into a Web services infrastructure—and Secure Sockets Layer.

The new products come on the heels of an announcement by IBM, of Armonk, N.Y., last week that WebSphere Application Server Version 5 will support WS-S next quarter and that Tivoli Access Manager will have similar support early next year.

Related stories:

  • Web Services Impact
  • Commentary: Web Services Builds Industry Momentum
  • Review: Web Services Standards at Risk
  • W3C, OASIS Meet Over Web Security Standards
  • Microsofts New Web Security Play
  • Web Services Security: A Political Battlefield
  • Web Services Security Tightens