IBM and Verisign Team Up for Security

Big Blue and one of the leading security servicesproviders announced a partnership today that will eventually lead to Webservices offering enterprise security. IBM Corp.said it and its Tivoli Inc. subsidiary havepartnered with Verisign Inc. to extend thereach of their security offerings.

The partnership involves four facets of Tivoli andVerisign’s security business.

First, Verisign will deploy Tivoli Policy Director as acore component of its forthcoming Entitlements Management Service, a hostedservice Verisign plans to deploy in the second half of this year.

Entitlements Management Service will enable administratorsto create a repository of permissions and authentication information withVerisign that allows users to sign-on once for multiple applications in theenterprise. User permissions will be able to be set with regard to businessroles and status within the organization, allowing simple management of users.

The service will be based on Public Key Infrastructure(PKI), a security system that uses encrypted keys for authentication andauthorization.

Second, Verisign and IBM have agreed to co-developsecurity-focused Web services based on the XKMS and SAML specifications.

XML Key Management Services or XKMS uses XML todescribe PKI transactions to improve the interoperability and robustness of PKIsystems. Older PKI systems are more narrowly defined, requiring each bit of thekey to reside in a specific place, while systems based on XKMS use XML schemato define the location of relevant material, making each transaction standalone.

“It becomesmuch more self-describing, and, next, it's much more flexible,” says ArvindKrishna, vice president of IBM's Tivoli security products. XKMS also definesthe way a user repository is created, so integration work is less complex thanearlier PKI standards.

SecurityAssociation Markup Language or SAML is another XML specification for securityissues. It allows end users to use the same authentication information to logon to different partner sites.

Krishnaanticipates early products based on XKMS and SAML to reach the market in thesecond half of this year.

Thirdly,Verisign has chosen IBM Global Services as a preferred partner for providingintegration services for its hosted PKI service. Starting today, IBMconsultants will offer its expertise to enterprises, so they can quickly deployVerisign’s service. This is a non-exclusive arrangement: IBM offers a similarservice for other PKI providers.

Krishna saysthat although there is a 50/50 split between users of hosted PKI services andinternally deployed PKI frameworks, he believes that hosted services willeventually take a bigger slice of the pie. “Managed [services] will appeal to amore people,” he says.

Finally,Verisign will move its servers from the Sun platform to IBM’s competing pSeriesUnix servers. This announcement reflects the current media battles between IBMand Sun Microsystems Inc., over benchmarks,sales figures and high-profile customers. Although Verisign will hardly ripout its existing infrastructure in favor of AIX, it will upgrade machines tothe pSeries line. Chris McConnell