HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

IPHONE APP

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON IPHONEDEVCON ANDEVCON ESDC PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Three non-programming books for your booklist
Aside from programming skills, developers should know how management works and how to oper...

Microsoft pushes Windows Phone 7 development tools
Ahead of the smartphone's release, Microsoft is letting developers download its tools in a...

Windows & .NET Watch: LightSwitch turns up
Microsoft's newest development environment will need to go a long way to fulfill its poten...

JavaOne returns with an Oracle twist
Oracle OpenWorld will be bigger than ever this year as the event adds JavaOne to the sched...

Microsoft pushes Windows Phone 7 development tools
Ahead of the smartphone's release, Microsoft is letting developers download its tools in a...

JavaOne returns with an Oracle twist
Oracle OpenWorld will be bigger than ever this year as the event adds JavaOne to the sched...

A fast start for an open-source cloud
Three developers from the OpenStack project talk about its already-thriving community and ...

Lattix introduces browser-based architecture management solution
Update offers ability for users in disparate locations to view software’s architecture, de...

VMworld hops to it
Data center operating systems play a big part at VMworld, but it's still too soon.

Certificate program for secure cloud computing
The Cloud Security Alliance introduces user certification.

What does the Army's Crusher tank and RIM's tablet computer have in common?
RIM plans to use Crusher tank technology on its yet-to-be-announced tablet.

Some helpful links
A list of links to example programs implemented across multiple languages.

Realize Effective Distributed Development via a Virtual Software Factory Explore the ways in which IBM Rational can make distributed development a reality in your...

Simplify Issue & Project Tracking - Free 30 Day Download Application development teams constantly find themselves under pressure to increase the s...

Agile Development Requires Agile Processes For far too long, the general demeanor for software development lifecycle (SDLC) process i...

Application Lifecycle Management in the Oracle Environment If your organization has invested in Visual Studio and you develop on Oracle databases, yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

GET THE APP!

IBM distinguished engineer talks SOA security

By David Worthington

August 12, 2008 — (Page 1 of 2)
In a service-oriented architecture, where boundaries are exposed and services are loosely coupled, identity management, policy enforcement and some automation are required to secure information, says an IBM distinguished engineer.

Raj Nagaratnam, IBM distinguished engineer and chief architect of identity and SOA security, discussed with SD Times the crucial role that he believes identity management plays in SOA security.

Nagaratnam said that federating identity across boundaries is important in a SOA pattern. One method of doing that is to utilize an ID service that acts as an identity medication hub. Different authentication is required along the spectrum of trust, he noted.

For instance, OpenID is suitable for authentication when no critical enterprise data is exposed, whereas SAML (Security Assertion Markup Language) enterprise-level scenarios provide stronger security, he noted.

IBM renders its Tivoli Federated Identity Manger software as a Web service, so it can integrate “into the SOA flow” with a third-party enterprise service bus or mediation appliance, he said. He added that identity information in a SOA context is necessary for providing service level agreements.

“The service can be used as part of a business process to render entitlements and [business] rules,” he explained.

By extension to identity as a service, IBM realized that developers also need a consistent way to enforce policies for compliance in a loosely coupled environment. Not only should users have identities, but services must have identities as well, he explained.

As an example, a claim service may need to access a credit check service on behalf of a company’s claims department. It will have its identity taken into account and be granted access. Policies provide for that capability at enforcement points like ESBs and token services.

Tying identity to policy-driven entitlements is the next level of granularity IBM will offer, Nagaratnam said. Big Blue will be introducing a product called Tivoli Security Policy Manager later this year that will offer policy management with WS-Policy and OASIS’ eXtensible Access Control Markup Language.

Policy management is particularly useful for composite applications, where different services are composed together, he noted. Security Policy Manager will use metadata as context for managing entitlements. Policies factor in metadata about services, the service provider and the environment that is being used to access it, he explained.

Related Search Term(s): identity management, security, SOA & SaaS, Tivoli, IBM

Pages 1 2

Share this link: http://www.sdtimes.com/link/32695

News Briefs: January 15, 2009 Cigital and Coverity partner together to improve each other's products, Scio Consulting creates services for SaaS environments and AmberPoint integrates its SOA governance and management precuts with Microsoft the Microsoft platform.

IBM expands WebSphere's framework support WebSphere Application Server 7 also implements runtime provisioning and OSGI-enabled dynamic deployment to lower the number of resources consumed. New management functions for multi-component applications are included in a long list of new features.

Red Hat prepares complex events processing for SOA Updates to JBoss Enterprise SOA Platform and JBoss Operations Network lay the groundwork for enhanced CEP and rules management. Beyond that, new security features have been implemented in Enterprise SOA Platform.

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 9/1/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

VMworld hops to it
Data center operating systems play a big part at VMworld, but it's still too soon.
09/02/2010 01:42 PM EST

Certificate program for secure cloud computing
The Cloud Security Alliance introduces user certification.
09/01/2010 04:20 PM EST

What does the Army's Crusher tank and RIM's tablet computer have in common?
RIM plans to use Crusher tank technology on its yet-to-be-announced tablet.
08/25/2010 04:16 PM EST