BEA is expected to announce WebLogic Enterprise Security, extending WebLogic’s existing security framework through APIs and XML to secure applications running on application servers from IBM Corp [IBM] and Microsoft Corp [MSFT].
Enterprise Security will also work on popular web servers Internet Information Services (IIS), Apache and Netscape Sun in addition to securing legacy, non-WebLogic code.
BEA’s hopes to build a network of security companies around WebLogic, companies it claims feel threatened by security services and software offered from platform vendors like IBM when selling their own application server into clients.
Expected to supporting the initiative are Symantec Corp [SYMC], VeriSign Inc [VRSN], Business Layers, Thor Technologies Inc, and WaveSet Technologies Inc.
BEA has also thrown down the gauntlet to IBM, Oracle Corp [ORCL], Microsoft and Sun Microsystems Inc [SUNW], by daring them to offer the same level of security to WebLogic and applications running on WebLogic that Enterprise Security is offering to applications on their application servers, portals or operating systems.
Enterprise Security provides distributed, application-level authentication, authorization, identity assertion, role mapping and credential mapping via a set of service modules that plug into application servers, web servers and legacy code.
Enterprise Security uses the Java JNI API and Security Assertion Mark-up Language (SAML). BEA hopes to eventually use XML Access Control Markup Language (XACML) to define access controls, Secure Provisioning Markup Language (SPML) for provisioning and KMS key management service. Connection to IIS and NetScape Sun web servers is via ISAPI and NSAPI.
This article was based on material originally published by ComputerWire.
