Software Brings User-centric Identity and Security to SOA Environments, Improves Interoperability and Eases Business Partner Collaboration

ARMONK, NY – 20 May 2008: IBM (NYSE: IBM) today announced details of new application security software designed to help clients securely manage employee, partner and customer IT users and their access to company applications and information.

The new release of IBM Tivoli Federated Identity Manager software focuses on enabling a company’s separate business divisions to deploy secure software applications using open standards and a wide range of security credentials without needing to embed complex security logic into each application. The solution simplifies application integration using many forms of user credentials and facilitates the secure sharing of information between trusted parties — such as business partners or separately managed divisions within an organization operating in an SOA environment.

IBM, the current leader in Identity and Access Management software revenue, according to analyst firm IDC (1), bolsters its existing portfolio with this new release that provides new management capabilities, user-centric identity technology and substantially extended interoperability with several open industry standards and other vendors’ software.

“With its extended interoperability, IBM Tivoli Federated Identity Manager is uniquely positioned to simplify application security integration, enabling business process and application owners to deliver their services without being constrained by IT security and compliance issues,” said Venkat Raghavan, director of product management, IBM Tivoli security, risk and compliance software. “This enables clients to tie together various organizational and business silos while also simplifying the integration between their company and partners’ Web sites.”

The vexing challenge for developers building applications is how to deal with the multitude of user credentials that need to be managed while providing end-to-end security. Using an office building analogy, end-to-end security could entail electronic locks opened by employee badges on the front door and keys for individual offices and file cabinets that store business critical information. Similarly, in the IT environment, it is common to have a single application that needs to support many forms of user credentials as business processes and organizations are linked across many facets of a company, including mainframe applications. Managing and securing access to a company’s many services, applications and data are needed to meet security and compliance requirements.

This new IBM Tivoli software release automates the management of user credentials across applications without the application specialists needing to be security experts. Application owners define the type of credential needed based on an application’s risk profile, and end users who present their credentials are automatically signed-on and given access to the various parts of the applications as appropriate. The software also provides auditors with a single view of the credentials used to help validate that the user access matches policy.

IBM Software Brings New User-Centric Identity to SOA Applications
The new IBM Tivoli Federated Identity Manager now provides businesses the flexibility to integrate with leading user-centric identity management technology and frameworks, including OpenID, Microsoft Windows CardSpace and Eclipse’s Higgins Identity Frameworks.

User-centric identity management provides a means for users to control what information they share about themselves. Similar to a college id, driver’s license and a passport, the user is able to choose which identification claims will be used when a situation requires it. IBM software now enables organizations to bring these identities into one central, federated identity management system that supports traditional identities in addition to the emerging user-centric frameworks.

While reusing existing applications and Web services can dramatically reduce SOA implementation costs, applications are often developed independently and have different formats to define, share and audit user identities. IBM Tivoli Federated Identity Manager’s built-in SOA Identity Service provides the ability to manage and audit identities across a wide range of formats and vendors’ applications to help maintain identity context throughout use in an SOA environment. This helps provide clients a unified approach to manage and report on user identities across shared applications, including portal environments.

The software now supports various user and application credentials such as RACF Passticket, Kerberos, SAML, WS-Security and platform specific credentials used by Microsoft .NET, IBM WebSphere, SAP NetWeaver, Oracle and CA. When combined with leading user-centric identity management technology and frameworks, including OpenID, Microsoft Windows CardSpace and Eclipse’s Higgins Identity Frameworks, the software provides the required flexibility for business process and application owners to quickly and securely provide services to their business.

“Already a recognized leader in federated identity management, one should expect IBM’s ability to extend its integration with other vendors’ Web access management software and the major open standards and user-centric identity management approaches to help speed the adoption of secure SOA and federated identity around the world,” said Sally Hudson, research director within IDC’s security products and services group.

IBM’s Tivoli security software helps prevent unauthorized access to valuable customer, employee and business data and facilitates compliance with corporate security policy and regulatory requirements. It is part of IBM’s portfolio of service management software which automates some of the most challenging processes associated with managing complex IT environments, such as managing storage devices and deploying new software releases and patches. The software helps customers fight rising IT costs, manage constant change and meet the demand to stay competitive.

The new IBM Tivoli Federated Identity Manager will be generally available worldwide in June 2008.

For more information on IBM Tivoli Federated Identity Manager, visit

Leave a Reply

Your email address will not be published. Required fields are marked *