Netegrity minding the Web services security store

Netegrity Inc. will announce Tuesday that it is releasing TransactionMinder, its new policy-based authentication and management product that ensures only authorized applications or parties can access Web services and keeps track of any access attempts.

The product validates the content of the Web services XML message, such as user name and password, PIN, or SAML (Secure Assurance Markup Language) assertion; provides digital signatures; and offers centralized policy and single sign-on between applications and Web services, said Amit Jasuja, vice-president of marketing at Waltham, Mass.-based Netegrity.

Sudhir Agarwal, senior IT manager and lead architect, single sign-on services, Verizon IT, of New York-based Verizon, said many of his business-to-business customers are demanding the enablement of Web services to give outside constituents access to internal systems and to protect sensitive XML documents.

“Without a reliable and flexible security solution, Web services will die its own death,” said Agarwal. “For Web services, there is a need for securing XML documents and messages in addition to transport layer security.”

A user of TransactionMinder as well as Netegrity’s SiteMinder software platform, Agarwal said he envisions secure Web services as a key to meeting Verizon’s objective of consolidation. More specifically, the telecom behemoth plans to consolidate and integrate various APIs created by disparate internal groups through trusted Web services.

According to Jasuja, Netegrity will support WS-Security once a draft of the specification becomes available. In addition, the Web access management vendor plans to extend SiteMinder support toward leading application and business-to-business servers in the near future.