Security leader RSA Security Inc. of Bedford, Mass., jumped into securing Java Web services today with its new BSAFE SecureWebServices-Java software that helps developers securely Web enable applications. The product will ship in August.
A longtime authentication software provider, RSA is taking its second leap into securing Web services after last year offering a version of BSAFE SWS for applications written in C.
BSAFE SWS-J has full Java implementation of the WS-Security 1.0 specification recently ratified by OASIS. WS-Security is the foundation for securing Web services transactions and for many other Web services security standards.
The product also includes implementations of XML Encryption and XML Digital Signing specs, as well as using the Sun Java Cryptographic Extensions to ensure interoperability with any JCE provider.
It also supports popular authentication methods from user name and password to x.509 certificates. Support is also included for RSA SecurID tokens, Kerberos tickets and SAML assertions.
"The cost savings and reduced development time benefits are in the Web services themselves," said RSA director of product marketing for BSAFE, Mike Vergara. "Our easy-to-use APIs included here mean non-security developers can roll this into their applications in a day or so. There's plenty of sample code included to simplify things."
Baking in security from the initial development phase helps ease concerns about Web services deployments.
"As we talk to developers, [we found] they are worried about unrealistic schedules and the pressure to get things developed and out the door. When it comes to security, they want features that are easy to use and implement," Vergara said. "When we talk to CIOs and managers, they're worried about developers getting it wrong, not understanding what they're doing and throwing things out there without security that will eventually punch holes in the firewall."
RSA's announcement also included other new products and partnerships around securing XML Web services.
RSA said it has also added Web services capabilities to its identity and access management products -- RSA ClearTrust, RSA Federated Identity Manager and RSA Keon software.
ClearTrust centralizes authentication and authorization decisions for Web services; Federated Identity Manager stores identities and policy information; and Keon holds certificate and validation services for Web services.
"Organizations are looking forward to a productive computing environment in which applications launched by a trusted user or system will be able to transact with multiple applications and enterprises across the Internet using Web services, thus streamlining business processes for competitive advantage," said Dan Blum, senior vice president and research director at the Burton Group, in a statement. "RSA Security is active in shaping strong authentication and Web services standards and technologies that will be required to ensure the adoption of Web services as way to extend identity management infrastructures."