Netegrity Inc., a Web access management platforms provider in Waltham, Mass., today released a new version of its TransactionMinder product built specifically for Web services and service-oriented architectures.
Version 6.0 supports the recently ratified WS-Security 1.0 specification and now is capable of producing and consuming SOAP messages using three different security tokens: Username/Password digest, X.509 certificates and SAML tokens. It also supports WS-Security Encryption to encrypt and decrypt tokens and message elements. It can also protect Web services hosted on IBM WebSphere and BEA WebLogic platforms.
TransactionMinder can also run on top of Netegrity's SiteMinder platform, which secures access to Web applications.
"There's a pent-up demand for the ability to leverage SiteMinder with Web services," said Burton Group senior analyst James Kobielus.
Security remains a top concern of enterprises deploying Web services. Companies need assurance that messages are not only safely transported, but are sent and received by the intended parties. Netegrity's Merritt Maxim, XML product marketing manager, said the company is seeing more RFIs related to Web services, which he said is anecdotal evidence that budgets are loosening up and companies are investigating Web services seriously.
"Security is one of the first hurdles you have to deal with regarding Web services. Identity management is a prerequisite of anything you do," Maxim said. "Identity is not only a strong security component, but there's also a very important business aspect to it."
He added that companies cannot conduct business without knowing who they're dealing with.
"Identity management provides not only risk reduction, but offers better visibility of IT processes," Maxim said. "It helps you track issues and enables you to be flexible enough to serve users."
Previous iterations of TransactionMinder have supported WS-Security, but its ratification by OASIS this spring established it as the fundamental security specification for exchanging credentials between applications in SOAP messages.
"WS-Security defines a standard place where to put credentials in a SOAP message," Maxim said. "An application then knows where to look for the security credentials and knows what to do with it."
This version of TransactionMinder, available in late September with pricing starting at $40,000 per CPU, also adds support for more Web services architectures. It can run as an agent natively on .NET, or in proxy mode on application servers like WebSphere and WebLogic.