Monday, November 19, 2007

Securent and Cisco When Cisco acquired Securent, the first question of course was "after Securant and Securent, who owns Securint.com?" Well, that is a joke, sort of [if you're wondering, LexisNexis owns Securint.com]. But, hey, there are five vowels and the other two variations are available: [BTW - ever thought about phoning up the Register.com "Web Services Consultant" and asking "Where do you stand on SOAP and REST?"] But the second question was "If Cisco owns both Securent and Reactivity, i.e. both the PEP and the PDP, will they not be tempted to forget about standards and connect the two in a proprietary way?". i.e. At the moment, any XML Gateway can act as a PEP for Securent (Vordel, Datapower, Layer 7, or the Cisco ACE Gateway as they call the Reactivity product now). Would they be tempted to add some functionality which would make the Reactivity product "more equal than others" when it comes to talking to Securent. The answer seems to be "No", as reported by Anil John and Phil Schacter. Cisco apparently are not putting the Reactivity and Securent products into the same business group. SAML, XACML, PEPs and PDPs are subjects close to Vordel's heart. I explain here about part of how we provide his XACML and SAML support. We've support them for a long time and we have one of the earliest live XACML PEP/PDP implementations live up in Canada, and it's been in production for over 2 years now. All of the IAM vendors support SAML and XACML to some degree. It will be interesting to see how the Securent acquisition plays out for Cisco.     4:36:00 PM    comment []

Drizzly Dublin or Drizzly Boston I missed Jon Udell who visited our Dublin office today. I was at home in drizzly Boston instead, having swapped one drizzly place for another. Jon chatted with our VP Engineering about SOAP vs REST (where better than Ireland for a discussion about religious wars, don't get us started on Emacs vs vi). Dave pointed out that within the enterprise, especially in Message Queue environments, SOAP and WS-* are very much alive. After all, they are transport neutral. But, if you want to maximize your client reach, REST is the way to go. Vendors have to be neutral like Switzerland (or, um, Ireland) in this matter. With our XML Gateways you can support SOAP and REST with the same Web Services, and apply the same policy umbrella to both: http://radio.weblogs.com/0111797/2007/10/05.html. 3:54:42 PM    comment []

OWASP San Jose Last week I was at the OWASP Conference at San Jose in Ebay. Because of an IBM cancellation, I ended up giving two presentations - the one I was scheduled for, and a presentation in the IBM Datapower timeslot. For the second slot, I talked about 8 of our customer case studies and the problems which our products addressed for these customers. I find that it's a lot more useful to talk about concrete things like this, rather than "here is a vulnerabilty which may or may not apply to Web Services". In the case studies, you can see how we provided real benefit by offloading XML heavy lifting off application servers, and providing centralized policy-based control of SOA, from edge to endpoint. The conference itself was really great. Apart from a trip to Oracle OpenWorld, I was there for two days and saw some great talks. The highlight for me was Sami Kamkar - what a great talk about his experience writing the MySpace Sami worm and suffering the consequences. Hilarious (the first person to access his adjusted profile was the girlfriend of a friend: "She was totally checking me out!") and informative (step-by-step walkthrough of the code) at the same time. My two presentations should be up on the OWASP site anytime soon. 3:42:51 PM    comment []

CA's new Identity and Access Management (IAM) suite CA's new Identity and Access Management suite is particularly strong, although I guess I am biased :-) [see below]. By combining an XML Gateway with SiteMinder, a directory, and mainframe security, it really is a full stack. Integration is provided on a plate to the customer, rather than leaving the customer to think "how do i get all these security pieces to work together". Included in the first wave of releases will be CA SiteMinder, the single-sign on product for web access; SOA Security Manager, the successor to CA's TransactionMinder; SOA Security gateway appliance, which is OEM'ed from Vordel; CA Directory; plus a batch of mainframe security products. http://www.computerbusinessreview.com/article_news.asp?guid=8FBCA9C5-D605-4E3D-9DF9-021EB6282299 3:31:15 PM    comment []