Establishing Digital Trust: Don't Sacrifice Security for Convenience
IBM's Tivoli Systems unit has announced a new version of its Policy Director authorization software that it says is easier to integrate and manage while providing improved performance in large enterprises.
Policy Director 3.8 adds support for the Linux operating system and i-mode mobile devices, plus additional IBM Websphere, MQSeries and Lotus Domino applications. It also includes enhanced single sign-on capabilities and a new browser-based management tool that provides for more granular delegated management capabilities.
Venkat Raghavan, product manager for Tivoli's Policy Director, says Version 3.8 is intended to focus on three aspects of integration: bringing applications more easily to end users, including customers and business partners; making security more transparent for business owners; and improving management, especially in large operations.In terms of improved end user support, Tivoli's new e-community single sign-on feature enables business partners to share enrollment information with one another such that their customers can log on once and get access to applications owned by multiple partners. The system is based on a "web of trust" model, where trust is pushed across multiple sites based on predefined rules for the e-community.
Such a model can require use of public key infrastructure (PKI) technology, but Raghavan says Tivoli is instead using a shared secret architecture to simplify deployment. When users log on, they get a key, or a "shared secret," that likewise gives them access to other applications that are part of the e-community. While this method is indeed simpler to deploy than a PKI, the shared secret model runs into scalability issues as the number of partners grows.
To ease application integration, Policy Director now supports a bevy of new IBM applications, including the Websphere Portal, Application and Edge Servers, as well as the Websphere Commerce Suite, Business Integrator and Everyplace Suites. Also new is support for MQSeries, including MQSeries Integrator and Workflow, as well as Lotus Domino Application Server and Lotus Notes. Policy Director's support for i-mode wireless devices adds to existing support for the Wireless Application Protocol.
"It's difficult for customers to manage security individually in each application," Raghavan says. "Our goal is to provide a common infrastructure."
The biggest management enhancement in Policy Director 3.8 is a browser-based tool that supports more finely tuned delegation. The tool supports multiple levels of delegation, such that businesses can delegate administration, including group and role administration and application access rights to their business partners.
Users can now delegate which applications are available to which users in which instances. Take a pricing application, for example. Certain executives within an e-community can be granted rights to change prices, while customers are only allowed to view prices. Policy Director 3.8 now enables users to dictate such types of fine-tuned access privileges.
Tivoli has also improved the performance of Policy Director, enabling it to handle more sessions. Benchmarks show the product can scale to millions of users. "We have active sites today with about a million users," Raghavan says.
Policy Director 3.8 is scheduled to be available on Sept. 28. Pricing will be based on the number of users and number of licenses purchased.