Web Services Still at an Impasse

Technical disparities are old hat and legion for Web services, a space research firms like ZapThink estimates will balloon to reach several billion dollars over the next few years.

Read more at: InternetNews

Web services pose identity management challenges

“The better idea is that you’re really supposed to separate the notion of identity of who you are from the specific system,” said Schmelzer. “You should have an identity that is separate from the portal and the ERP system and the CRM system. But somehow [those applications] have to respect that identity.”

“There is this whole area of enterprise identity management that is really burgeoning because of this context issue,” Schmelzer added.

The key to separating the notion of identity from specific systems is implementing an architecture that supports policy-driven identity management, explained Jason Bloomberg, also a senior analyst with ZapThink.

“You need to have an enterprise-wide sense of who the users are and what they’re entitled to do that cuts across different applications,” Bloomberg said. “And it has to be a way that maintains the policies that apply to those users.”

Read more at: SearchWebServices

Datapower XS40 XML Security Gateway: Comprehensive XML & Web Services Security on a Hardened Network Device

XML appliances have recently emerged as a category of network device that can address XML and Web Services security and performance issues that traditional network appliances cannot. To properly secure XML traffic, a device must operate on the content of the messages that pass through the network, and take appropriate action on parts of each message.

Clearly, such content-based operations are resource intensive, which is the primary reason for solving such problems on dedicated hardware devices like the DataPower XS40 XML Gateway. DataPower’s XS40 appliance can handle a wide range of XML security, performance, transformation, and routing, functionality, all at wirespeed, in a security hardened appliance that requires little skill to install and administer.

Liberty Alliance Touts Adoption Of Identity Standard

Wednesday’s announcement showed that the alliance was making progress in building the foundation for widespread adoption of its technology, Ronald Schmelzer, analyst for ZapThink LLC, said. Beyond information technology products, Liberty will have to show that major retailers, banks, credit card companies and more are also adopting the technology, since those are the companies that will have direct contact with consumers.

That, however, is expected to take time, since companies have only recently started installing identity-management software, Schmelzer said. Those systems will have to be in place first, before they can start using Liberty standards in sharing customer data during transactions.

“Companies have yet to build good, robust identity management systems in general, but that’s rapidly changing,” Schmelzer said. “Companies are implementing them very rapidly. That’s a really hot growth area.”

In the meantime, Liberty Alliance has a potential competitor in the Web Services-Federation Specification under development by IBM, Microsoft Corp., BEA Systems Inc., RSA Security Inc. and Verisign Inc., Schmelzer said.

Nevertheless, IBM supporting Liberty is an “important step, and a positive one” he said. “There’s nothing negative about this announcement.”

Read more at: TechWeb

Creating a Network of Trust for Web Services

Download File

Intel to join Liberty Alliance

Intel’s membership in Liberty Alliance fits into the company’s strategy of generating demand for its chips by backing companies and technologies that drive usage of PCs and mobile devices, said Jason Bloomberg, an analyst at research company ZapThink. Intel does not sell a federated identity management software product.

Read more at: CNet

Fundamentals of XML, Web Services & SOAs for Financial Services

There is no trend that is grabbing the market and customers’ attention more so than the movement to standards-based, Service-Oriented Architectures. Yet, few companies understand what exactly are the critical elements to realizing the benefits of this trend. What are SOAs and how do they relate to Web Services and XML, and how is this relevant for me, a member of the financial services industry?

Key topics addressed:

• How are Web Services impacting Financial Services?
• How can we understand the landscape of emerging financial services
  standards?

• What are Service-Oriented Architectures and how are they radically changing the way we build, deploy, and manage IT functionality?
• What will happen to my job and my role as SOAs become widespread in the organization?

Identity, authentication key to Web services security

When people think of Web services security issues, they tend to think of hacking or other forms of traffic snooping, said Ron Schmelzer, founder and senior analyst of Waltham, Mass.-based consulting firm ZapThink LLC. But those problems are solved easily, he said, using SSL at the protocol layer, and encrypting SOAP messages.

Schmelzer said the most significant external Web services security problems lie in the realm of authentication and identity management, because Web services transactions are conducted between two computers.

As a Web services provider, Schmelzer said, “you’re not providing access to a human; it’s another system. If we expose an interface to our SAP system, how do we know whoever is making that Web service request is authorized to make it?”

So how can a requester’s identity be verified? It’s tricky, Schmelzer said, because there’s a lack of context in public, machine-to-machine communication, making it difficult to track what company or system is initiating a Web service call. “Plus, the request may not be made directly,” he said. “It may be made through a portal or other composite application. It gets complicated very quickly.”

Read more at: SearchWebServices

Application firewalls good enough — for now — for Web services security

While functions such as identity management will become increasingly important, “If somebody can just look at the content of a SOAP message and pick out your credit card number, it doesn’t help much,” says Jason Bloomberg, a senior analyst at ZapThink LLC, a Web services research firm in Waltham, Mass.

Read more at: SearchSecurity (TechTarget)

Microsoft, IBM Team on Spec

Jason Bloomberg, an analyst with ZapThink LLC, a Cambridge, Mass., market researcher, said a question surrounding WS-Federation is how it will play out alongside the Liberty Alliance’s ID-Federation Framework.

“Liberty is further along in its work on federation specifications, and there are a good number of companies–in particular, non-IT companies–that back Liberty. Clearly, because identity federation means getting dissimilar identity mechanisms to work together, it doesn’t make sense to have more than one identity federation standard,” Bloomberg said. “Only time will tell which approach will win out.”

Read more at: eWeek