IBM and Verisign Team Up for Security

Web services enterprise security in future

Big Blue and one of the leading security services providers announced a partnership today that will eventually lead to Web services offering enterprise security. IBM Corp. said it and its Tivoli Inc. subsidiary have partnered with Verisign Inc. to extend the reach of their security offerings.

The partnership involves four facets of Tivoli and Verisign’s security business.

First, Verisign will deploy Tivoli Policy Director as a core component of its forthcoming Entitlements Management Service, a hosted service Verisign plans to deploy in the second half of this year.

Entitlements Management Service will enable administrators to create a repository of permissions and authentication information with Verisign that allows users to sign-on once for multiple applications in the enterprise. User permissions will be able to be set with regard to business roles and status within the organization, allowing simple management of users.

The service will be based on Public Key Infrastructure (PKI), a security system that uses encrypted keys for authentication and authorization.

Second, Verisign and IBM have agreed to co-develop security-focused Web services based on the XKMS and SAML specifications.

XML Key Management Services or XKMS uses XML to describe PKI transactions to improve the interoperability and robustness of PKI systems. Older PKI systems are more narrowly defined, requiring each bit of the key to reside in a specific place, while systems based on XKMS use XML schema to define the location of relevant material, making each transaction stand alone.

“It becomes much more self-describing, and, next, it's much more flexible,” says Arvind Krishna, vice president of IBM's Tivoli security products. XKMS also defines the way a user repository is created, so integration work is less complex than earlier PKI standards.

Security Association Markup Language or SAML is another XML specification for security issues. It allows end users to use the same authentication information to log on to different partner sites.

Krishna anticipates early products based on XKMS and SAML to reach the market in the second half of this year.

Thirdly, Verisign has chosen IBM Global Services as a preferred partner for providing integration services for its hosted PKI service. Starting today, IBM consultants will offer its expertise to enterprises, so they can quickly deploy Verisign’s service. This is a non-exclusive arrangement: IBM offers a similar service for other PKI providers.

Krishna says that although there is a 50/50 split between users of hosted PKI services and internally deployed PKI frameworks, he believes that hosted services will eventually take a bigger slice of the pie. “Managed [services] will appeal to a more people,” he says.

Finally, Verisign will move its servers from the Sun platform to IBM’s competing pSeries Unix servers. This announcement reflects the current media battles between IBM and Sun Microsystems Inc., over benchmarks, sales figures and high-profile customers. Although Verisign will hardly rip out its existing infrastructure in favor of AIX, it will upgrade machines to the pSeries line.

About the Author

Chris McConnell is Product and Technology Editor for Enterprise Systems.