Article

RSA announces security for Java Web services

Michael S. Mimoso, Editorial Director

Security leader RSA Security Inc. of Bedford, Mass., jumped into securing Java Web services today with its new BSAFE SecureWebServices-Java software that helps developers securely Web enable applications. The product will ship in August.

A longtime authentication software provider, RSA is taking its second leap into securing Web services after last year offering a version of BSAFE SWS for applications written in C.

BSAFE SWS-J has full Java implementation of the

    Requires Free Membership to View

WS-Security 1.0 specification recently ratified by OASIS. WS-Security is the foundation for securing Web services transactions and for many other Web services security standards.

The product also includes implementations of XML Encryption and XML Digital Signing specs, as well as using the Sun Java Cryptographic Extensions to ensure interoperability with any JCE provider.

For more information

Click here for a collection of links to Java information from around the Web

Get an introduction to hardware security

It also supports popular authentication methods from user name and password to x.509 certificates. Support is also included for RSA SecurID tokens, Kerberos tickets and SAML assertions.

"The cost savings and reduced development time benefits are in the Web services themselves," said RSA director of product marketing for BSAFE, Mike Vergara. "Our easy-to-use APIs included here mean non-security developers can roll this into their applications in a day or so. There's plenty of sample code included to simplify things."

Baking in security from the initial development phase helps ease concerns about Web services deployments.

"As we talk to developers, [we found] they are worried about unrealistic schedules and the pressure to get things developed and out the door. When it comes to security, they want features that are easy to use and implement," Vergara said. "When we talk to CIOs and managers, they're worried about developers getting it wrong, not understanding what they're doing and throwing things out there without security that will eventually punch holes in the firewall."

RSA's announcement also included other new products and partnerships around securing XML Web services.

RSA said it has also added Web services capabilities to its identity and access management products -- RSA ClearTrust, RSA Federated Identity Manager and RSA Keon software.

ClearTrust centralizes authentication and authorization decisions for Web services; Federated Identity Manager stores identities and policy information; and Keon holds certificate and validation services for Web services.

"Organizations are looking forward to a productive computing environment in which applications launched by a trusted user or system will be able to transact with multiple applications and enterprises across the Internet using Web services, thus streamlining business processes for competitive advantage," said Dan Blum, senior vice president and research director at the Burton Group, in a statement. "RSA Security is active in shaping strong authentication and Web services standards and technologies that will be required to ensure the adoption of Web services as way to extend identity management infrastructures."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: