IBM's secure web services roadmap

IBM is to make available software to help companies build secure business relationships using web services applications early in 2003.

IBM WebSphere application server version 5 will support the emerging web services WS-Security specification in the fourth quarter of this year and will also support IBM Tivoli Access Manager sometime early next year.

This combination is set to greatly extend WebSphere's web services integrity and confidentiality capabilities, removing a barrier to inter-company web services deployment.

"IBM is liberating customers so they are no longer confined to web services inside the firewall," said Arvind Krishna, IBM Tivoli vice president of security products. Krishna added that the software would reduce integration costs.

Tivoli Access Manager will make use of a set of simple object access protocol (Soap) security extensions contained in the WS-Security specification, which IBM has co-authored. It will also include federated identity management interfaces to enable customers to plug in other identity standards.

A release of Tivoli Access Manager in November will support the extensible markup language (XML) key management specification, and later releases will expand on this to support other identity standards including: security assertions markup language, Kerberos and XML digital signatures.

IBM also plans to support broker methods such as Microsoft TrustBridge and public key infrastructure, and to offer fine-grained authorisation for Soap transactions in web services environments - designed to help control access based on a user's identity and entitlements. But no dates have yet been set for these capabilities.