Cover Pages Logo SEARCH
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards

RSA BSAFE SWS-J for Java Supports OASIS Web Services Security (WSS) 1.0

RSA Security Announces New Products and Partnerships To Help Customers Embrace Web Services

RSA BSAFE SWS-J Software Enables Developers to Create a Trusted Environment for Application-to-Application Transactions

Bedford, MA, USA. July 20, 2004.

RSA Security Inc. today announced new products and partnerships as part of its strategy to enable organizations to maximize their competitive advantage when deploying XML web services. [See related July 20, 2004 press release.] As the use of web services increases, the need for comprehensive security solutions becomes even more critical. An efficient web services infrastructure can benefit enormously from leveraging and interacting with an identity management system, as well as lead to increased business opportunities and reduced costs. RSA Security has added these web services capabilities to its current identity and access management and authentication solutions — RSA ClearTrust software, RSA Federated Identity Manager and RSA Keon software — and is also introducing RSA BSAFE SWS-J software to help developers web service-enable applications.

RSA Security helps customers with the dynamic and changing environment of web services by offering a variety of products and services that support web services, and which meet the requirements for integrated and coordinated policy management and enforcement.

RSA Security provides:

  • Centralization of all authentication and authorization decisions for web services via RSA ClearTrust software to provide a way to consistently manage security policy for both web and web service-enabled applications

  • Federated identities and policies information via RSA Federated Identity Manager.

  • Certificate and validation services for web services (which are critical to closing and solidifying the "trust" model) via RSA Keon software

  • Developer solutions for web services, providing a trusted party to bridge the interoperability gap of different or incomplete implementations from multiple vendors via RSA BSAFE software

  • In conjunction with RSA Secured business partners, complementary security capabilities such as schema validation, malicious content detection, message routing and crypto-acceleration of web services transactions

"Organizations are looking forward to a productive computing environment in which applications launched by a trusted user or system will be able to transact with multiple applications and enterprises across the Internet using web services, thus streamlining business processes for competitive advantage," said Dan Blum, senior vice president and research director at the Burton Group. "RSA Security is active in shaping strong authentication and web services standards and technologies that will be required to ensure the adoption of web services as way to extend identity management infrastructures."

As part of its strategy, RSA Security is announcing the availability of RSA BSAFE SWS-J software, one of the first commercially available Java solutions to support the OASIS Web Services Security (WSS) 1.0 standard. WSS is the fundamental standard providing security for web services transactions, and it forms the basis of security for emerging standards from OASIS and the WS-* specifications. RSA BSAFE SWS-J software is designed to help developers quickly and cost-effectively implement standards-based, interoperable security to enable web services.

The new product also includes high-performance implementations of XML Encryption and XML Digital Signing in compliance with the WS-Security 1.0 specification. Also, RSA BSAFE SWS-J software uses the Sun Java Cryptographic Extensions (JCE) architecture and so can use any JCE provider. If an application requires a FIPS 140 compliant mode (to allow the product to be used by a US government agency), a developer can use the FIPS-validated RSA BSAFE Crypto-J 3.5 JCE provider with the RSA BSAFE SWS-J software.

"RSA Security is leading the way for software developers to secure web services applications and the transactions those web services exchange," said Robert Ford, CTO of CyberSource, a leading provider of electronic payment and risk management solutions based in Mountain View, Calif. "Cybersource helps our customers safely make millions of online transactions. We rely heavily on application-to-application transactions to empower our customers and one of the differentiations for our service is that we create an end-to-end trusted environment for our customers. RSA BSAFE SWS-J software will simplify the process of adding standards-based, interoperable security to our web services applications."

RSA BSAFE SWS-J software is engineered to enable acceptance and validation of widely used authentication methods, such as username/password and X.509 certificates. Additionally, the software is extensible to support other authentication methods — including RSA SecurID two-factor authentication tokens, Kerberos tickets and SAML assertions. Also, RSA BSAFE SWS-J software is standards-based to help ensure interoperability between an organization's web services implementations and those of their partners, customers and other third parties.

"Broad adoption of web services in business-to-business or business-to- consumer environments is dependent upon reliable, strong and transparent security," said Rick Welch, vice president of developer solutions and professional services at RSA Security. "RSA Security helped create the standards and infrastructure to enable Internet-based commerce, and we are continuing our innovation by creating new products to web service-enable applications, establishing technology partnerships for seamless integration, and assisting in the development of new web service security standards."


RSA BSAFE SWS-J software is available immediately for a pre-release version, with the final version to ship in the third quarter of 2004. For more information about RSA BSAFE SWS-J software, please visit or call 1-866-432-7233.

About RSA Security Inc.

RSA Security Inc. helps organizations protect private information and manage the identities of people and applications accessing and exchanging that information. RSA Security's portfolio of solutions — including identity and access management, secure mobile and remote access, secure enterprise access and secure transactions — are all designed to provide the most seamless e-security experience in the market. Our strong reputation is built on our history of ingenuity, leadership, proven technologies and our more than 14,000 customers around the globe. Together with more than 1,000 technology and integration partners, RSA Security inspires confidence in everyone to experience the power and promise of the Internet. For more information, please visit

For More Information

Roger Fortier or Amy Barney
McGrath/Power Public Relations
Tel: +1 (408) 727-0351

Tim Powers
RSA Security Inc.
Tel: +1(650) 295-7630

See also "RSA Security Partners with Five Leading Organizations to Provide Customers Variety of Web Services Security Solutions. Certified Products Assure Interoperability and Off-The-Shelf Implementations to Save Time, Money." - "RSA Security Inc. today announced further advancement of its web services security strategy — work that stretches across its extensive product lines and embraces a broad set of partners with certified solutions. This announcement offers customers a comprehensive web services security solution that is delivered through a variety of best-of-breed products which include RSA Security's authentication, authorization and validation solutions, as well as through tight integration with technology partners, such as XML gateway solutions. Partners in this offering include XML gateway leaders DataPower, Forum Systems, Reactivity, Vordel and Westbridge... The RSA Secured web services gateway partners including, DataPower, Forum Systems, Reactivity, Vordel and Westbridge, offer complementary technology that centralizes identity, access and network policy enforcement, including schema validation, cryptographic acceleration, rogue or malicious XML message protection, and message routing capabilities. RSA ClearTrust software coupled with an RSA Secured web services gateway partner solution offers fortified security, easier maintainability, greater productivity for administrators and scalability inside and across the organization..."

Prepared by Robin Cover for The XML Cover Pages archive.

Globe Image

Document URL:  —  Legal stuff