IBM hooking .Net into access management

IBM this week for the first time will add support for Microsoft's .Net development tools to its access management software, letting corporations build support for IBM's identity management platform directly into Windows-based applications.

IBM Tivoli Access Manager for Microsoft .Net will provide a set of APIs to tie authorization and administration services into Microsoft's .Net framework. That means applications written for the framework, a runtime environment for .Net managed code within the Windows operating system, can natively use Access Manager as an access control mechanism.

The goal is to let corporations create a single layer within a network for access control and single sign-on using Tivoli Access Manager for eBusiness and programmatically tie in any Web-based application regardless if it is written in .Net or Java 2 Platform Enterprise Edition (J2EE). IBM already supports J2EE applications in Access Manager.

Companies would not have to write security controls into each application. Instead, the application would defer that responsibility to Access Manager, enabling reuse of existing access policies and providing a central point for adding, changing or deleting policies.

Developers also would use the APIs to customize the interaction between Access Manager and .Net applications.

"As customers become more heterogeneous, we have to bring everything together and extend Access Manager beyond J2EE," says Venkat Raghavan, product manager for Tivoli identity management.

In the first version of the .Net tools, which are available for free on IBM's Alphaworks Web site, IBM is modifying its current API set to work with .Net. In the future, Tivoli Access Manager for Microsoft .Net will become a distinct product, Raghavan says.

Hooks into .Net IBM Tivoli Access Manager for Microsoft .Net includes four basic functions that link .Net and Access Manager. • .Net applications can call authentication, authori-zation and administration services in Access Manager. • Role-based authorization at class and method level, and programmatic invocation from .Net applications. • Single sign-on and authentication module for ASP .Net • Evaluation of .Net role membership decisions using Access Manager.

Click to see:

Access Manager already runs atop Microsoft's Active Directory to grant access to applications and provide a single sign-on feature from Windows desktops using Internet Explorer. But with Access Manager tied into application development tools, companies can fine-tune access to applications to certain functions or a particular set of data. That would let companies provide a range of partners with varying degrees of access to the same application.

"Microsoft is promoting the use of .Net interfaces, and the access management vendors need to ensure their software work with the broadest variety of applications," says Daniel Blum, an analyst with Burton Group.

Microsoft provides limited access management features through Internet Information Server, which is part of the Windows operating system, but the company relies on third-parties to provide full-blown access management software. Companies such as Netegrity, Oblix and Open Network provide those products.