IBM next week for the first time will add support for Microsoft's .Net development tools to its access management software, letting corporations build support for IBM's identity management platform directly into Windows-based applications.
IBM Tivoli Access Manager for Microsoft .Net will provide a set of APIs to tie authorization and administration services into Microsoft's .Net framework. That means applications written for the framework, a runtime environment for .Net managed code within the Windows operating system, can natively use Access Manager as an access control mechanism.
The goal is to let corporations create a single layer within a network for access control and single sign-on using Tivoli Access Manager for eBusiness and programmatically tie in any Web-based application regardless if it is written in .Net or Java 2 Platform Enterprise Edition (J2EE). IBM already supports J2EE applications in Access Manager.
Companies would not have to write security controls into each application. Instead, the application would defer that responsibility to Access Manager, enabling reuse of existing access policies and providing a central point for adding, changing or deleting policies.
Developers also would use the APIs to customize the interaction between Access Manager and .Net applications.
"As customers become more heterogeneous, we have to bring everything together and extend Access Manager beyond J2EE," says Venkat Raghavan, product manager for Tivoli identity management.
In the first version of the .Net tools, which are available for free on IBM's Alphaworks.com Web site, IBM is modifying its current API set to work with .Net. In the future, Tivoli Access Manager for Microsoft .Net will become a distinct product, Raghavan says.
Access Manager already runs atop Microsoft's Active Directory to grant access to applications and provide a single sign-on feature from Windows desktops using Internet Explorer. But with Access Manager tied into application development tools, companies can fine-tune access to applications to certain functions or a particular set of data. That would let companies provide a range of partners with varying degrees of access to the same application.
"Microsoft is promoting the use of .Net interfaces, and the access management vendors need to ensure their software work with the broadest variety of applications," says Daniel Blum, an analyst with Burton Group.
Microsoft provides limited access management features through Internet Information Server, which is part of the Windows operating system, but the company relies on third-parties to provide full-blown access management software. Companies such as Netegrity, Oblix and Open Network provide those products.
Netegrity offers similar capabilities as IBM is touting, but with a different architecture. Netegrity uses agents that work with TransactionMinder to add security information into XML messages sent by any application. The agent runs on Internet Information Server to intercept messages sent by .Net applications.
"The access management system should inject security information, the application developer should not have to be security- conscious," says Marc Chanliau, product manager for XML technologies at Netegrity.