Netegrity bolsters Web access

This week Netegrity Inc. will announce a version of its SiteMinder access-control software that lets customers centralize policy-security management for multiple Web servers and enforce e-commerce rules for things such as spending limits in Web-based purchasing.

Netegrity’s SiteMinder 5.0 uses Web-based agents placed on a Web server to require user authentication, such as a password, to access authorized pages. The security policy for these Web server agents is distributed through the Netegrity policy server and managed via a console. With SiteMinder 5.0, an IT executive can make, through a central console, changes to multiple policy servers and control enterprisewide Web access. In the past Web servers using SiteMinder had to be updated individually.

In addition, SiteMinder 5.0 will add SNMP-based management to share information about policy-server availability with enterprise network management packages from IBM Tivoli Systems Inc., BMC Software Inc. or Hewlett-Packard Co.’s OpenView, says Bill Bartow, a vice-president with Netegrity.

At least one beta-version user appreciates the ability to update multiple SiteMinder sites from one location.

“We have about 10 policy servers for hundreds of Web agents, for employees and customers to access either bank services or internal departmental information, such as human resources,” says Mike McCormick, systems architect at Wells Fargo in San Francisco, which has been beta-testing SiteMinder 5.0. “Before, we were in a position where people who understood SiteMinder had to call the people who have control over the Web servers and agents, and talk to them about making changes.”

McCormick is less interested in another new feature in SiteMinder 5.0 that will let the policy server become the central repository real-time transactions rule, such as spending limits, made at Web pages where access is controlled through SiteMinder. That’s mainly because Wells Fargo already has encoded extensive rule sets about transaction authorizations that are stored elsewhere and there’s no clear impetus to change all that.

“This is already embedded in our code in applications and databases, so it’s not clear to us what the value of centralizing this through Netegrity software would be,” McCormick says.

Another upgrade in SiteMinder 5.0 will provide tighter integration between SiteMinder and Microsoft applications, including Outlook, Windows XP and Internet Information Server 5.0. The feature will let users authenticating with SiteMinder have that information accepted by Microsoft applications so they don’t have to re-enter authentication, Bartow says.

SiteMinder competes against products from vendors that include RSA Security, Entrust Technologies and Oblix.

Pricing for SiteMinder varies based on whether the product is used in Internet, intranet or business-to-consumer environments, but in general costs between US$20 per user to US$1 per user for volume discounts.

Netegrity can be reached at