ID security essential for Web services.

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. Buffer Group's latest Report, 'Identity and Access Management--Building a Security Framework using Single Sign-On An identification system that lets users log into multiple Web sites on the Internet with one username and password. Single sign-on systems are also used within an enterprise, enabling users to access all authorized resources in the local network using the same username and password. and Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.

(2) Verifying the identity of a user logging into a network. Technology', without a streamlined and effective identity management process, organisations will never be able to fully utilise the Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. model.

It is essential that enterprises move to an identity-centric approach to security where the focus is on authentication to reduce risk, rather than relying on the current mechanisms of perimeter The boundary of a system or network, which defines the inside and outside. It is typically determined by firewalls and addresses. See DMZ. control and detection.

Identity and Access Management refers to a technology field encompassing areas such as authentication mechanisms, password management, Web- and enterprise-SSO, user account provisioning, integrated identity repository (1) A database of information about applications software that includes author, data elements, inputs, processes, outputs and interrelationships. A repository is used in a CASE or application development system in order to identify objects and business rules for reuse. , access control software, and Web services security.

Comment:

In the pursuit of cost efficiencies many enterprises are evolving to an Interact-based business model. However, without a mechanism for efficiently processing identities the Web services paradigm will never gain widespread adoption in the market place. It is important that an enterprise is able to simply and inexpensively establish the identities of requiring access. On its own the password is no longer a secure authentication See authentication token and SecurID card. mechanism. Organisations must adopt a multi-tiered authentication strategy to protect information assets. Governments have started, and continue, to focus on an individual's personal privacy, and in the future organisations will have to be able to demonstrate that personal information is secure, and not been shared with any other organisation without the individual's express approval. The Report states that, in addition to regulating in this area, governments must take the lead in being the catalyst for widespread adoption of common authentication mechanisms, There will be no e-government without superior, e-security.

The Report reveals:

* Why a streamlined and effective identity management process is vital in order for organisations to meet the user's needs in the future.

* Which industry standards will form the basis of an Identity and Access Management solution.

* The benefits accrued ac·crue
v. ac·crued, ac·cru·ing, ac·crues

v.intr.
1. To come to one as a gain, addition, or increment: interest accruing in my savings account.

2. from the implementation of a unified security framework.

* How the development and utilisation of a security policy is an essential component of Identity and Access Management.

* Why Governments should be role models for deployment of common identity mechanisms in the mass market.

* Why the adoption of the federated identity In information technology, federated identity has two general meanings:

The virtual reunion, or assembled identity, of a person's user information (or ), stored across multiple distinct identity management systems.

model must be the eventual goal for all organisations.

* Which vendors meet the requirements of an end-to-end security solution. Buffer Group believes that over the next two years everyone will need to have a strategy in place to evolve to a security architecture including federated identity and better access management.

www.butlergroup.com

COPYRIGHT 2003 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	Security News
Publication:	Software World
Date:	Sep 1, 2003
Words:	404
Previous Article:	20M CAD Symbols.(Management News and Products)(Brief Article)
Next Article:	A sniff can turn into a cold.(Security News)
Topics:	Data security Analysis Internet Network management software Analysis

Related Articles
Essential Surfing Gear, Inc. Teams with TRADE.COM to Provide Instant Access to Extensive Investment Research.
Thomson Financial buys WorldStreet assets; starts service for bankers.(Brief Article)
Dow Jones Newsletters starts new pubs; DJ Newswire launches training program.(Brief Article)
Security: is your Firewall enough?
Connotate Completes Rights Offering; Enterprise Software Company Raises $2.6 Million in Private Placement.
Santy internet worm attacks thousands of bulletin boards.(Security Products)(Perl/Santy-A worm )
Factiva Deploys Tacit Networks'(R) Microsoft-Based WAN Optimization Solution to Securely Centralize Data and Speed Information to Field Offices.
ContentWatch Teams with RealNetworks to Deliver Powerful Internet Protection.
Michigan State University Brings SANS Computer Security Training to Lansing.
Travel Security Update.