Wanted: Common Security

Vendors aim to ease services protection.

Netegrity Inc. and startup Layer 7 Technologies Inc. are each seeking to simplify the process of securing and managing Web services deployments.

Netegrity, which has been one of the major players in several Web services security standards efforts, this week plans to release a reference architecture for securely deploying Web services. The document lays out which components are needed for such an undertaking, as well as defining some deployment models. The architecture is designed to be technology-neutral and makes no recommendations about which products to use, Netegrity officials said.

"People are deploying all kinds of technologies for Web services, and the challenge is how to deploy it securely and in a way that it can scale for the future," said Prateek Mishra, director of technology and architecture at Netegrity, in Waltham, Mass. "The key point is the need to connect the enterprise identity infrastructure to the security architecture."

The hope is that the architecture will prevent enterprises from having to pore over the details of each specification from the World Wide Web Consortium or Organization for the Advancement of Structured Information Standards, each of which has released some specification or standard for Web services security.

"The need for this is absolutely there. Its loud and clear," said Rajiv Gupta, co-founder and chief technology officer of Confluent Software Inc., a security vendor in Sunnyvale, Calif. "The reference architecture will go a long way in terms of proposing one clear way that people should be adopting these standards."

Also this week, Netegrity is announcing the latest version of its TransactionMinder Web services security platform. Version 5.6 includes support for the WS-Security (Web Services Security) specification, one of the key standards in this area. The inclusion of WS-Security support means the product can produce and consume Simple Object Access Protocol messages that contain WS- Security headers.

With Version 5.6 also comes XML agents for Microsoft Corp.s Internet Information Services 6.0, which ships with Windows Server 2003, and the Apache Web server in both proxy and stand-alone modes.

For its part, Layer 7 next week will introduce Trust Foundation, the first part of its SecureSpan Gateway solution. Trust Foundation is designed to handle all operations involving management of credentials, cryptographic keys and user access rights involved in Web services transactions. Layer 7 officials said the solution is aimed at putting the responsibility for performing these functions on the administrator and not the developer writing the Web service.

Discuss this in the eWEEK forum.