The glue that binds |
 |
By Pete Lindstrom, Director, Security Strategies
02 May 2002 | Hurwitz Group, special to SearchWebServices |
|
|
Market Commentary
The glue that binds
Ahh, the good old days of putting together that 1:1,000,000 scale F-14 with my Dad. And it wasn't just for the aroma. There was something about the entire process, which almost always ended up in random things sticking to my nose (of all things) and miscellaneous pieces remaining even after the "model" was complete, that made me feel like the 10-year old boy I was. A fuselage here, a wing there -- I was just glad I wasn't flying the thing.
What do model airplane glue and security's two A's -- authentication and access control -- have in common? These days, it appears, the answer is putting the pieces together. [I digress here slightly to emphasize that there are, in fact, only two A's -- not three, four, or five, as some purport. Any other "A" -- audit, admin, etc. -- actually fits into one of the Four Disciplines of Security Management.] As the world moves more and more toward the Web and Web services, the longstanding concepts of integration and interoperability in the security space are arising again and taking the form of single sign-on (SSO). Two such companies (among others in development) that are providing the "glue" to link together disparate platforms' authentication needs are Quadrasis, with its Web services model that can actually be used even more generally in security, and Caradas, with its expertise in smartcard deployment.
THE HURWITZ TAKE: Anytime I hear the word "glue" or more popularly "middleware" I get a bit nervous. The implication of the work and effort required to tie components together are not pleasant thoughts. The concept of middleware assumes two things:
- There's a need to interconnect components that is not being met by existing products. This concept is perhaps most painful because at their core authentication and access control operate so similarly across platforms that it is unfortunate that we even need to consider middleware, and yet we do.
- There is enough traction in certain technology platforms (pick one) that they will become ubiquitous and, therefore, rewarding. The Web has secured this status for EAI vendors.
The authentication space can be tricky -- it appears like a lucrative market until one understands the incredibly complex models introduced to meet the needs of every organization on the planet. What you have, what you know, and who you are -- the three "factors" of authentication, can be manifested in many different solutions, including Smartcards, at least a half dozen forms of biometrics, tokens, digital certificates, RADIUS servers, etc. Adding fuel to this fire is the fact that they can be combined in many ways to provide varying levels of strength. In the end, we have a highly complex model that still needs "glue."
A part of me gains comfort in the fact that this "glue" is being offered more and more frequently. Web services, in particular, can demonstrate its power here, but where's the beef? I want a complete solution that ships with the parts and the glue, together in a cohesive package. Only then will I feel more secure, and not like I'm sniffing glue.
Copyright 2002 Hurwitz Group Inc. This article is excerpted from TrendWatch, a weekly publication of Hurwitz Group Inc. - an analyst, research, and consulting firm. To register for a free email subscription, click here.
For More Information:
|
|
|
|
