Entrust Secure Transaction Platform
Entrust Unveils Comprehensive Vision And Product Delivery Roadmap For Web Services Security
Entrust Secure Transaction Platform Provides Open, Interoperable, and Flexible Security Solutions for Web Services Applications - BEA, IBM Support
Dallas, TX, USA. October 07, 2002.
Entrust, Inc., a leading global provider of Internet security solutions and services, today announced a new product portfolio providing open, standards-compliant security capabilities for Web services applications. The Entrust Secure Transaction Platform helps enable organizations to securely integrate automated business processes while leveraging the return on investment and efficiencies inherent in using Web services.
The Entrust Secure Transaction Platform enables more trusted transactions through foundation security services, such as identification, entitlements and verification. These services are required to integrate and automate business processes within and between organizations in a trusted fashion. According to a Forrester Research report, titled, "Start Using Web Services Now," security is the biggest obstacle to overcome to make Web services useful for most firms. The report also notes to guard against snooping and fraud in system-to-system connections, Web services need security features like encryption, authentication, and non-repudiation that go beyond SSL.
The Entrust Secure Transaction Platform will provide support for leading application servers and platforms to extend interoperable security services across an enterprise's existing infrastructure. These services provide organizations with flexible options for integrating security into Web services environments.
"Entrust's leadership in delivering enhanced security services via a Web services application built on BEA WebLogic Platform, allows BEA customers to further secure and extend the return on their e-business investment enabling deeper business process integration with other businesses and governments," said Scott Edgington, vice-president and general manager, global software partners, BEA Systems, Inc.
"Entrust is an important technology partner for IBM Global Services and its new server-oriented product strategy is in alignment with our view of the evolving market," said Rusine Mitchell-Sinclair, general manager, safety and security, IBM Global Services. "Entrust provides a key enabling technology -- security -- which provides more trusted integration and greater business efficiencies for our customer's projects."
Initially, the Entrust Secure Transaction Platform will deliver a modular set of foundation security services for adding security to Web services applications. Developed using open industry standards, these services include:
Entrust Identification Service to enable validation of federated and non-federated identities across a spectrum of standards-based identification methods, including digital certificates and UserID/passwords. This capability enhances Web services application security by managing multiple identification methods. It also allows organizations to centrally specify which identities are accepted for Web services transactions.
Entrust Entitlements Service which implements the Security Assertion Markup Language (SAML) standard protocol that enables applications to validate that an identity has a right to interact with specific Web services.
Entrust Verification Service to provide evidence to help support accountability and integrity for more trusted transactions through centralized digital signature and time stamping capabilities implemented using standards-compliant XML Digital Signatures.
Entrust is committed to Web services and the industry standardization efforts that will drive adoption. For example, the upcoming release of Entrust Authority 7.0, which is the core administrative infrastructure for Entrust's award-winning solutions, will use secure Web services for administration. These Web services will enable customer and partner applications, such as identity provisioning systems, to integrate with Entrust administration through open Web services interfaces.
From a standards perspective, customers and partners today implement the Entrust Authority Security Toolkit for Java to add security to Web services transactions using the "XML-Signature Syntax and Processing" (XML Digital Signature), a W3C recommendation and IETF draft standard that Entrust helped initiate and co-author in 1999. The Secure Transaction Platform also provides support for major Web services and Internet security standards, including SAML, XML Digital Signatures, WS-Security, X.509v3 digital certificates, Secure Sockets Layer (SSL), and many others.
"Entrust, as well as its installed customer base, look to bridge existing and future solutions, architectures and security with Web services," said Bill Conner, chairman, president and CEO of Entrust. "Now, with the introduction of the Entrust Secure Transaction Platform, we are extending the ways organizations can flexibly integrate security into their Web services applications to enable more trusted transactions."
A technical white paper on the Entrust Secure Transaction Platform is available for download at the following link: http://www.entrust.com/stp/.
Availability
The Entrust Verification Service is scheduled for availability in the fall of 2002 and the Identification and Entitlements Services are scheduled for availability in Q1 2003. After commercial release, these products will be available directly from Entrust and authorized channels.
About Entrust
Entrust, Inc. (Nasdaq: ENTU) is a leading global provider of Internet security solutions and services that make it safer to do business and complete transactions over the Internet. Entrust has the industry's broadest set of identification, entitlements, verification, privacy and security management capabilities. More than 1,500 major corporations, service providers, financial institutions and government agencies in more than 40 countries use the privacy, security and trust provided through Entrust's portfolio of award- winning technologies. For more information, please visit http://www.entrust.com.
Industry Analysts Supporting Comments for Entrust Secure Transaction Platform
"Entrust's announcement of its vision and product roadmap for Web services security is an important milestone for IT buyers", said Jim Hurley, vice president of security and privacy for Aberdeen Group. "Entrust's 'vendor-neutral' entry makes it possible for an enterprise to safely push the Web services usage envelope for core business processes and transactions."
--Jim Hurley, Vice President and Managing Director, Security and Privacy Aberdeen Group, Inc.
"One of the challenges business application architects and developers face is the complexity and hard work involved in leveraging a common security infrastructure. By creating a family of security services that can be consumed as Web services, Entrust delivers a much simpler interface and targets specific business requirements in the areas of digital signatures, confidential messaging, and federated identity and entitlement services. Just as it led in the early stages of standardizing public key infrastructure, Entrust is a key contributor and leader in developing the next generation of Web services security standards, and in making such services accessible to enterprise customers."
--Phil Schacter, VP and Director, Directory and Security Strategies, Burton Group
"Web Services will require a comprehensive security infrastructure in order to deliver trusted transactions within and between organizations. Features like strong authentication, advanced entitlements, and non- repudiation between applications will allow Web services to be safely deployed both inside and outside the firewall. Vendors that can deliver a broad suite of standards-based services will gain end users the most immediate benefits."
--Ray Wagner, Research Director, Gartner Inc.
According to a recent Giga Information Group's report entitled "Web Services Adoption Delays: What to do about them" April 2002 by Utam Narsu and Phil Murphy:
"Giga's surveys have consistently identified security as the No. 1 limitation of current Web Services initiatives." In addition the research also states, "Without robust and proven directory and security features that address authentication, authorization and audit requirements, there will be no public trust. Without public trust, widespread adoption will not occur, however compelling the technology."
"Web Services and PKI were made for each other. All the problems of interoperability eventually disappear and make PKI the foregone conclusion it always should have been. It is no surprise that Entrust will lead the way for building web services security solutions for enterprise customers."
--Pete Lindstrom, Spire Security
"As web services moves from concept to reality, the relationship between an application's resources and the security infrastructure for them must undergo significant change. Security and performance must be addressed effectively with a comprehensive and standards-based approach if such service deployments are to succeed. A solid track record for providing effective security infrastructure is a definite advantage to vendors wishing to be considered as web services security suppliers."
--Earl Perkins, Sr. Program Director, Global Networking Strategies, META Group, Inc.
"Enterprise security must be comprehensive for it to be truly effective. Unlike many Web Services security point solutions now coming to market, the Entrust Secure Transaction Platform covers all the bases by offering identification, entitlements, and verification services across the enterprise."
--Jason Bloomberg, Senior Analyst, ZapThink LLC
[Source: http://www.entrust.com/news/files/10_07_02.htm]
Prepared by Robin Cover for The XML Cover Pages archive. See: (1) "Security Assertion Markup Language (SAML)"; (2) W3C XML Signature Working Group.