The glue that binds
Ahh, the good old days of putting together that 1:1,000,000 scale F-14 with my Dad. And it wasn't just for the aroma. There was something about the entire process, which almost always ended up in random things sticking to my nose (of all things) and miscellaneous pieces remaining even after the "model" was complete, that made me feel like the 10-year old boy I was. A fuselage here, a wing there -- I was just glad I wasn't flying the thing.
What do model airplane glue and security's two A's -- authentication and access control -- have in common? These days, it appears, the answer is putting the pieces together. [I digress here slightly to emphasize that there are, in fact, only two A's -- not three, four, or five, as some purport. Any other "A" -- audit, admin, etc. -- actually fits into one of the Four Disciplines of Security Management.] As the world moves more and more toward the Web and Web services, the longstanding concepts of integration and interoperability in the security space are arising again and taking the form of single sign-on (SSO). Two such companies (among others in development) that are providing the "glue" to link together disparate platforms' authentication needs are Quadrasis, with its Web services model that can actually be used even more generally in security, and Caradas, with its expertise in smartcard deployment.
THE HURWITZ TAKE: Anytime I hear the word "glue" or more popularly "middleware" I get a bit nervous. The implication of the work and effort required to tie components together are not pleasant thoughts. The concept of middleware assumes two things:
- There's a need to interconnect components that is not being met by existing products. This concept is perhaps most painful because at their core authentication and access control operate so similarly across platforms that it is unfortunate that we even need to consider middleware, and yet we do.
- There is enough traction in certain technology platforms (pick one) that they will become ubiquitous and, therefore, rewarding. The Web has secured this status for EAI vendors.
A part of me gains comfort in the fact that this "glue" is being offered more and more frequently. Web services, in particular, can demonstrate its power here, but where's the beef? I want a complete solution that ships with the parts and the glue, together in a cohesive package. Only then will I feel more secure, and not like I'm sniffing glue.
Copyright 2002 Hurwitz Group Inc. This article is excerpted from TrendWatch, a weekly publication of Hurwitz Group Inc. - an analyst, research, and consulting firm. To register for a free email subscription, click here.
For More Information:
- Looking for shortcuts and helpful tips? Visit our Tip Exchange for time-saving and informative tips.
- Visit our Best Web Links for Web Services for quality resources selected by our editors.
- Discuss this article, voice your opinion or talk with your peers in our Discussion Forums.
- Visit Ask the Experts for Web services, SOAP, WSDL, XML, .NET, Java and EAI answers.