IBM and Verisign announced managed authorisation service. According to the press release it ís sold in two flavours:

• VeriSign Access ManagementSM Service (AMS) - the first fully managed service for access control and authorization. Operated by VeriSign and based on IBM Tivoli Access Manager, the new service provides a single, Web-based console for automating the management of users, groups, roles, permissions and policies across multiple e-business applications.
• IBM-VeriSign Trusted e-business Integration Solution - an enterprise application integration (EAI) solution for trusted extranets. The solution, built on VeriSign's Digital Authentication Services, IBM WebSphere MQ and IBM Tivoli Access Manager, helps mitigate risk and improve collaboration with business partners, suppliers and preferred customers.

Several thoughs. The first service seems to be based on the web-based Access Manager, the second on the MQ Access Manager.

Why does this move make sense? High-end of the web access management market segment is allegedly saturated. This seems like a service to hit the mid-segment. The service will probably provide slightly worse overall service but at significantly lower TCO. Need to have a look at the costs.

Without dedicated network links between protected applications and the authorisation service, availability is going to be a huge problem.

I would be very much interested to know what will be the method for applications to talk to the authorisation service. Access Manager does not support XML yet. It has to be their implementation of aznAPI then. My guess is that this is going to have limited appeal.

9:13:33 PM