Netegrity Updates TransactionMinder
New software platform promises secure access management for Web services.
- By Matt Migliore
Security access and identity software provider Netegrity Inc. has released a re-architected product that provides a policy-based platform for accessing Web services. The solution, TransactionMinder 5.5, is an effort by the company to address some of the security concerns that have hampered early-stage adoption for the nascent technology.
Using the XML documents and messages on which the Web services concept is based, TransactionMinder allows users to control who can access a Web service and what can be done with it once it is called upon.
“[This] is the first and only access management solution that meets the security needs of the next generation of Web services,” says Bill Bartow, vice president of engineering for Netegrity.
According to Bartow, Web services pose security challenges that traditional access control products were not designed to solve. “In a typical Web-based transaction, a user attempts to access a resource. In a Web service, the transaction involves an XML document, not a user. Web services require that security is stored and managed separately from application data and business logic, and processed within the transaction.”
TransactionMinder is based on Netegrity’s access control solution for users, SiteMinder. Using specific XML agents in conjunction with a customized version of SiteMinder’s Policy Server, it intercepts XML messages sent to the components it is protecting and interacts with the policy server to execute a set of shared services for protecting and managing Web services.
With the TransactionMinder Client Toolkit, the Web service consumer creates a SOAP (Simple Object Access Protocol) message request. On the provider end, XML agents process the request based on the content type of the HTTP reader (text/xml). In turn, the XML agent gathers credentials from the SOAP message and authenticates the user based on the required authentication scheme.
TransactionMinder’s authentication scheme supports XML Digital Signatures and the Security Assertion Markup Language standard.
The product also offers auditing services for tracking access requests.
As part of the TransactionMinder release, Netegrity also announced a partner program, under which it will be working with other vendors in the Web services space to integrate TransactionMinder with products on the development and management side of the market.
Netegrity is currently working with WebMethods and Digital Evolution Inc to develop interoperability with TransactionMinder.
Matt Migliore is regular contributor to ENTmag.com. He focuses particularly on Microsoft .NET and other Web services technologies. Matt was the editor of several technology-related Web publications and electronic newsletters, including Web Services Report, ASP insights and MIDRANGE Systems.