Netegrity Addresses Web Services Security With Release of TransactionMinder
Enables Companies to Use Web Services to Unlock and Integrate Mission Critical Applications For Internal Users and External Partners
Netegrity, Inc. (Nasdaq: NETE), the leading provider of application infrastructure for access, identity and portal management, today announced the release of Netegrity TransactionMinder . Companies are utilizing Web services to lower the cost and complexity of integrating applications and delivering services while improving customer and partner relations through real time access to business services. However, the lack of security for Web services has limited the scope of these Web services deployments. Netegrity TransactionMinder solves this problem by providing the first, enterprise scale solution for controlling access to Web services. With TransactionMinder, companies can now control who can access a Web service (authentication) and what can be done with the Web service (authorization).
“A flexible and manageable security infrastructure is critical for the success of any Web services strategy. With its out-of-the-box solution to secure XML documents and messages, Netegrity TransactionMinder will help Verizon speed up our Web services roll-out plan,” said Sudhir Agarwal, Senior Manager and Lead Architect, Single Sign On Services, at Verizon.
New Security Challenges With Web Services
Web services pose a new set of security challenges that traditional access control products were not designed to solve. Traditional access control solutions control users accessing applications on a Web site. With Web services, XML messages, not users, are now arriving at a Web site. These XML messages contain information that will be used to process a transaction at the Web site, such as a purchase order for buying steel or a request for a life insurance quote. In order to secure Web services, companies need a solution that can use the information inside these XML messages to determine the following:
Who is requesting access to this Web Service (authentication) – the solution must be able extract from the XML message information to determine who or what (application) is the originator of the message. Are they a trusted user or partner? What can be done with this Web service (authorization) – the solution must determine if this person, application, or service is authorized to process this Web service transaction based on the information inside the XML message. What reports or information should be recorded (auditing) – the solution must be able to provide detailed reports on the activity that has taken place with the Web service.
Netegrity TransactionMinder Provides Access Control for Web Services
Netegrity TransactionMinder is a Web services security solution that provides a policy-based platform to protect access to Web services based on the content of the XML documents and messages used in Web services requests. TransactionMinder provides authentication, authorization, and auditing services, ensuring that only authorized parties can access Web services by securing and validating the content of the Web service XML message and keeping track of who or what is trying to access that Web service.
TransactionMinder enables companies to:
Reduce Risk – with TransactionMinder, companies can now use Web services to rapidly integrate their back office applications and expose them to internal users and partners without putting critical corporate information at risk. Only authenticated and authorized users or partners can access information based on corporate policies.
Reduce IT Cost and Complexity – TransactionMinder eliminates the need to create “silos” of security in each Web service enabled application. This enables a company to reduce the cost and complexity of managing Web services and ensures that Web services security is uniformly enforced across the enterprise based on corporate policies.
Make Real Time Business Decisions – TransactionMinder enables companies to makereal time authorization decision based on the content of the Web service without having to write custom code or invoke any other authorization source outside of TransactionMinder.
Interoperate Through Industry Standards – TransactionMinder is based on industry standards. It is designed to work with standard Web services technologies such as SOAP messages and WSDL. The product also supports SAML and XML Digital Signatures for authentication and supports industry standard Web service frameworks such as Microsoft .NET, Apache, and Netscape servers.
Enterprise Class Scalability – TransactionMinder is based on the same Netegrity Policy Server that is used by the market leading Netegrity SiteMinder product deployed at over 400 Global 1000 companies today. TransactionMinder provides the same level of mission critical performance, scalability, and high availability for Web services that customers receive today with the SiteMinder product.
Netegrity will be holding a Web seminar on October 17th to discuss Netegrity TransactionMinder in more detail. To register, go to www.netegrity.com.
Netegrity has been working with key partners in the Web services space to provide customers with a complete platform for creating, deploying, managing and securing Web services:
“Web services hold the promise of easing integration and enabling companies to lower the cost of conducting business. Key to fulfilling the promise of Web services is security,” said Andy Astor, Vice President, Enterprise Web Services at webMethods. “Companies can easily create and deploy Web services using the webMethods integration platform, and by also using Netegrity’s TransactionMinder product, they can feel confident about the security of those services.”
“Digital Evolution has been very involved in the TransactionMinder Early Adopter and Beta Programs. We are extremely pleased to be working with the industry leader, Netegrity, to provide a fully integrated product for secure Web services management. The seamless integration between the DE Management Server and Netegrity TransactionMinder provides a solution that covers all aspects of Web services security and management within and between enterprises,” said Eric Pulier, CEO & Founder, Digital Evolution, Inc.
Netegrity TransactionMinder is available immediately.
About Netegrity, Inc.
For companies seeking to optimize on-line business relationships, Netegrity is the access, identity and portal management company that delivers a single, secure, and personalized point of entry to the enterprise and a single point of administration for enterprise-wide Web-based services. Unlike alternative approaches, Netegrity’s application infrastructure is designed to accommodate the most heterogeneous of computing environments. With its vast network of partners, Netegrity is securely managing e-business solutions for over 625 customers worldwide including Aetna, American Express, Bank One, E*TRADE, General Electric, the Internal Revenue Service, and Wells Fargo. More information can be found at www.netegrity.com.