Building a universal Web services ID

By Michael Meehan, News Writer 19 Oct 2005 | SearchWebServices.com

News on SOA, EAI, Web services Digg This!     StumbleUpon     Del.icio.us

Has Web services security progressed far enough that it's safe to throw open your Windows?

Reactivity Inc. thinks it's achieved just that with the latest release of its XML operating system, which creates a framework for sharing Kerberos tickets and other security systems between Microsoft Windows applications and the rest of a corporate application stack. To date there's been a Web services security bottleneck created by the inability to share credentials between Windows and other back-end systems.

I don't like sending passwords in the messages. That's not a secure way of doing things. I prefer to drill down and get credentials. Larry Titus Manager of Web Services Infrastructure, Xerox Corp.

"Microsoft-based credentials only work if you've got Microsoft at the back end," said Larry Titus, manager of Web services infrastructure at Xerox Corp.

In the version 4.3 release of its XOS product, Reactivity has added support for Integrated Windows Authentication and Microsoft Office Information Bridge Framework, plus Liberty Alliance conformant SAML 2.0. Pooled together it creates a mediation point inside the DMZ where disparate authentication credentials can be mapped to one another.

"We can now pass a Kerberos ticket or other type of credential straight through from Windows to another platform with no re-authentication required," said Andrew Nash, chief technology officer for Reactivity. "The gateway does the transformation."

He added that the support for the Office Information Bridge Framework enabled the XML gateway to tie applications like Microsoft Exchange to other back-end applications.

Nash, a co-author of the proposed WS-Trust specification, said that much of the needed work in the industry centers around resolving these sorts of bottlenecks in order to create a seamless and transparent service-oriented architecture.

"You need to be able to get running now and be able to add new, more complex functionality later with the confidence that your infrastructure can grow with you," he said.

Titus plans on installing XOS 4.3 and believes it will solve some of his Web services security concerns.

"I don't like sending passwords in the messages," he said. "That's not a secure way of doing things. I prefer to drill down and get credentials."

Xerox already has Java connections into a Netegrity Inc. single-sign on directory, but many Microsoft client-side applications can't share those credentials.

"Once we get the gateway in place we'll be able to use more Office Web services features and .NET Web services," Titus said.

In addition to the federated authentication capabilities, Reactivity has also added PKZIP compression capabilities to help handle high traffic messaging environments and a new Java-based software development kit (SDK), which allows users to build business logic into the network.

For more information Learn about how IBM has entered the XML networking space with it acquistion of DataPower Check out our XML Security Learning Guide

Nash said the challenge for an XML gateway is far more than just streaming a message from one point to another; it has to be able to instantaneously pass credentials and virus scan attachments. Given the growing size of attachments, sometimes up to 4 GB, Nash said that it creates another potential bottleneck.

"If you have 10 of them arrive in a second you're probably in deep sneakers," he said. "We've built in functionality to help process those sorts of real-life messaging concerns."

The SDK is a first blush attempt at allowing users to code their own rules into their XML networks. Nash expects initial usage to center around functionality like filtering, transformation and routing for XML packets, but he's looking for leaps to follow those babysteps.

"I think you'll start to see some pretty interesting workflows built in the next year to year-and-a-half," he said. "The ability to build your policies into the gateways is an incredibly powerful concept in achieving a loosely-coupled architecture."

Tags: XML security,  SOA and Identity management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft .NET Web services Microsoft preps .NET 4.0 - framework improves on REST, MVC, JQuery support How do I balance throughput requirements and interoperability? APM software traces transactions across tiers, technologies How you can learn M Grammar for Oslo modeling Legacy modernization opens Windows for publisher Former .NET Web developers ride Ruby and Rails application framework Microsoft Oslo at PDC: Dial 'M' for modeling language Yahoo proxy fight looms New Microsoft site for architects LAMP coders go hybrid route Microsoft .NET Web services Research XML security Verizon uses BPEL app to cut down on code, check for fraud, and go green Layer 7 adds SPARC Oracle maps heterogeneous data services strategy for SOA Partnership aims at governance for SOA and Web 2.0 SOA, Web services create software security challenges Efficient XML Interchange tackles data verbosity XML to DDL imports, synchronizes database schemata The case against WS-Security Layer 7 offers SOA 'virtual soft-appliance' XQuery 1.0: A long time coming, now what? SOA and Identity management JBoss, CA Wily moves target SOA performance management Weak encryption creates SOA vulnerabilities Microsoft SOA strategy: A failure to communicate? SOA adoption marked by broad failure and wild success SLA management latest entry in Tibco's SOA portfolio SOA provides a test for QA, HP finds OpenID: Leveraging a widely accepted identity Web service IBM, Microsoft, Google join OpenID SOA needs RIA – Burton Group Boubez: SOA virtualization, SLAs and access control policy

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Common Language Infrastructure  (SearchSOA.com) Visual J#  (SearchSOA.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary