PUTERANIMATION.COM
welcome to my space
X
Article search:  
Welcome to:puteranimation.com
 HOME   Ping Big on Transaction Safety
Ping Big on Transaction Safety
Published by: mike 2008-08-07

Ping Identity has reached something of a milestone in the quest to combine identity management and Web services technologies.

The Denver-based company, one of the last independent single sign-on software makers on the market, rolled out PingTrust, a WS-Trust Security Token Server.

PingTrust is an important step along the path to secure Web services and distributed computing paradigms such as service-oriented architectures (SOA) , where disparate applications may be reused to execute business processes.

Why does the industry need such a technology combination?

Ping Vice President Mike Donaldson said applications typically employ user identities to protect resources and create audit trails to keep in step with regulatory compliance rules such as HIPAA and Sarbanes-Oxley.

If someone makes a purchase transaction on the Web, their identity is used as the linchpin of the billing process.

To this point, Web services and SOAs have lacked standard mechanisms for safely using peoples identities, making Web transactions tough or impossible to implement.

There has not been a way with SOAP to communicate who the user is who made the original request, Donaldson said.

For example, an employee at a bank or hospital that needs to contact another organization can use a Web service to call out for information. The problem is the organization cannot recognize the user in the SOAP-based transaction.

Northern Ontario Business - Big shoes to fill (01/05)::
Big shoes to fill (01/05). By KELLY LOUISEIZE. In work as in ping-pong, First Nickel Inc. CEO Elizabeth Kirkwood has never let the boys win.
http://www.northernontariobusiness.com/industry/mining/3197401-05-Big-shoes.aspHOME
WAN analysis guards network: from start to finish, point-of-sale ::
As its network size and complexity increased--with transactions flowing over many or network-layer response times (e.g., IP ping response)," Weick says.
http://findarticles.com/p/articles/mi_m0CMN/is_12_39/ai_95843767HOME
To skirt this issue, users have injected user identity into the body of a SOAP message, which involves proprietary extensions that create a tight coupling between the Web service provider and the client.

In the end, this raises security issues and violates the core tenets of Web service information exchange.

Any time you have proprietary extensions, you are forcing requirements on people, Donaldson said.

PingTrust solves this problem by creating and validating security tokens that are bound into SOAP messages based on the Web Services Security (WSS) standard.

PROJECT CONSULT Newsletter - ISSN 1439-0809::
File Format: PDF/Adobe Acrobat - View as HTMLGreat enterprises flaunt big portfolios, so also EMC. The di- .. ment of the transaction safety and other ones. Meanwhile
http://www.project-consult.net/Files/20060503_EN.pdfHOME
PingTrust leverages OASIS WSS 1.0 to embed security tokens in SOAP messages. WS-Trust establishes a mechanism for validating tokens from PingTrust, which supports Java and .NET applications, Web-based clients and rich clients.

PingTrust can operate on the client side, provider side or both sides of a Web service transaction.

For example, Donaldson said a Web service client can use PingTrust to exchange the security token being used in the local security domain, such as a Kerberos ticket, for a SAML assertion that represents the original users identity in other federated security domains, including those at other companies.

After being tucked into a SOAP message and delivered to a Web service provider, the provider will know who originated the request and will be able to use that information in determining how to process the request.

PingTrust is now available and can be downloaded directly from Ping Identity. The first 100,000 transactions are free, but Ping also offers software subscriptions and other licenses.

PingTrust, which the company will formally announce Tuesday, is part of an avalanche of news geared to touch off the RSA Security conference in San Francisco this week.

HP, CA, IBM, Oracle and a raft of other software providers will have news at the show.

Some of those vendors have a capability like PingTrust in their repertoire, but dont offer it as a standalone option, Donaldson said.


Pre-Article:Accessing Directory Services in .NET Framework 2.0
Next-Article:Technical Analysis: Back From the Brink

PRINT Add to favorites
#If you have any other info about this subject , Please add it free.#
Your name:
E-mail:
Telphone:

Your comments:


If you have any other info aboutPing Big on Transaction Safety, Please add it free.
 Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
Copyright© 2008 puteranimation.com        Site made:CFZ