eweek.com, October 13, 2003
BEA Launches Secure Integration Offering
| BEA Systems Inc. on Monday announced an infrastructure and partner ecosystem for security.
|WebLogic Enterprise Security is a cross-enterprise application security infrastructure that provides security services to applications-authentication, authorization and auditing, for example-through native integrations, plug-ins and partnerships with security vendors, according to officials of the San Jose, Calif., company.
BEA announced partnerships with VeriSign Inc. and RSA Security Inc. for authentication capabilities; Semantic Corp. for auditing and intrusion detection; and Wave Set Technologies Inc., Business Layers Inc. and Thor Technologies Inc. for user identity capabilities.
Using the WebLogic integration platform's distributed architecture, WES manages application security across applications. It integrates into existing IT infrastructure and platforms-including Web services, application servers and custom apps-so companies can utilize a common, consistent security infrastructure, officials said.
How it works is rather than replacing what security applications or hard coding a company may already have in place, WES abstracts existing code from the applications and turns that into distributed enterprise security services that can handle and manage security requests on behalf of applications. So instead of maintaining security functions redundantly within each individual application, applications can delegate these functions to the shared WES infrastructure.
Out-of-the-box, WES offers authentication, identity assertion, credential mapping, dynamic role mapping, rules-based parametric authorization and auditing.
At the same time, WebLogic's provisioning capabilities are such that policy updates can be distributed to applications in real time, with minimal network traffic and bandwidth requirements, officials said.
Because it's based on open standards, WES can fit into an existing infrastructure, company officials said. At the same time, security services can be provided to applications via something BEA calls a resource container that frees developers from hard coding application integrations.