Netegrity Announces TransactionMinder for Authentication and Authorization of Web Services
Netegrity Announces New TransactionMinder Product
Provides Missing Link for Authentication and Authorization of Web Services
Waltham, MA, USA. July 15, 2002.
Netegrity, Inc., the leading provider of application infrastructure for access, identity and portal management, today announced a new Web services security product, TransactionMinder. Global 2000 companies are now implementing Web services to provide customized and personalized services to customers, partners, and prospects. However, the full potential of Web services has been limited because of the lack of a robust security model. Netegrity TransactionMinder provides a scalable product for authenticating, authorizing, and auditing the documents used in Web service transactions, enabling companies to now securely deploy their applications as Web services. With the addition of TransactionMinder, Netegrity now provides a comprehensive platform for discovering, securing, and deploying Web services.
Securing Web Services
There are many new and emerging platforms for deploying Web Services, such as J2EE and Microsoft .Net. However, these platforms only provide basic transport level security, such as the Secure Socket Layer (SSL) used over HTTP(S), which simply secures the channel that is used to deliver the XML documents in Web services. In addition to this transport level security, companies also need to provide authentication and authorization services based on the content of the XML documents used in Web service communications. Companies need a way to identify and authenticate the user or application initiating the Web service and the authorization levels associated with these services. They require an open solution that addresses the need for policy based authentication, authorization, and auditing of Web services.
"Our customers and the industry are telling us that the one major roadblock to deploying Web services is security," said Deepak Taneja, chief technology officer at Netegrity. "TransactionMinder will enable companies to securely manage their Web services just as SiteMinder has enabled companies to securely manage their users."
Netegrity's new TransactionMinder product provides the market with the first centralized policy based platform for securing and managing XML based Web services. TransactionMinder goes beyond basic transport level authentication and provides a broad range of shared security services to secure Web service XML documents and messages. TransactionMinder delivers a range of innovative features including:
Content and message level authentication: With TransactionMinder, administrators can define policies for a range of authentication schemes, including XML digital signatures and SAML assertions, based on the content of the XML message. TransactionMinder can also authenticate based on fields within the XML document, such as user or service names, or any other attributes stored in the directory.
Fine grained authorization: Using eTelligent rules, technology which was introduced with SiteMinder 5.0, TransactionMinder can define dynamic authorization policies which use information extracted from any layer of the XML message including transport information, envelope, or payload information.
Auditing and reporting: TransactionMinder captures all activities associated with the Web service transaction in an audit log. Administrators can then create a broad range of audit reports from the log.
TransactionMinder will provide XML agents for leading Web service platforms, including Sun ONE, Apache, and Microsoft .Net.
Netegrity's Platform for Web Services
TransactionMinder is integrated with the Netegrity Platform to provide a comprehensive platform for discovering Web services, securing the service, and then deploying the service in Netegrity PortalMinder as a portlet. Additionally, the Netegrity platform will provide business process management for Web services to support the enterprise's existing processes. [See the related announcement "Netegrity Unveils Next Phase Of the Netegrity Platform."]
Netegrity PortalMinder provides a rich set of tools that allows customers to rapidly consume, integrate, and deploy application functions and business processes as Web services. With PortalMinder, Web services can be both consumed and exposed regardless of whether they reside inside the firewall or are hosted remotely by a third party. PortalMinder's Portlet Generator provides an easy mechanism to consume and integrate Web services described as WSDL into the portal. The portlet framework also allows portlets to be exposed as Web services.
Netegrity TransactionMinder is expected to be available in October 2002.
About Netegrity, Inc.
For companies seeking to optimize on-line business relationships, Netegrity is the access, identity and portal management company that delivers a single, secure, and personalized point of entry to the enterprise and a single point of administration for enterprise-wide Web-based services. Unlike alternative approaches, Netegrity's application infrastructure is designed to accommodate the most heterogeneous of computing environments. With its vast network of partners, Netegrity is securely managing e-business solutions for over 575 customers worldwide including Aetna, American Express, Bank One, E*TRADE, General Electric, the Internal Revenue Service, and Wells Fargo. More information can be found at www.netegrity.com.