Reactivity unwraps single sign-on

Reactivity this week is reinforcing its Web services gateway appliances with support that will help users integrate Windows logon credentials into single sign-on projects for Web services.

The company is upgrading its XML Operating System (XOS), which runs on its XML Security Gateway, SOA Gateway and Gateway D appliances, with support for Integrated Windows Authentication, Microsoft Office Information Bridge Framework and the Liberty Alliance Identity-Web Services Framework (ID-WSF) 2.0 specification. ID-WSF incorporates the standards-based Security Assertion Markup Language (SAML) 2.0 specification.

The idea is to provide authentication to Web services and line-of-business data for Windows-based users without requiring them to use anything other than their Windows user credentials.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Reactivity this week is reinforcing its Web services gateway appliances with support that will help users integrate Windows logon credentials into single sign-on projects for Web services.

The company is upgrading its XML Operating System (XOS), which runs on its XML Security Gateway, SOA Gateway and Gateway D appliances, with support for Integrated Windows Authentication, Microsoft Office Information Bridge Framework and the Liberty Alliance Identity-Web Services Framework (ID-WSF) 2.0 specification. ID-WSF incorporates the standards-based Security Assertion Markup Language (SAML) 2.0 specification.

The idea is to provide authentication to Web services and line-of-business data for Windows-based users without requiring them to use anything other than their Windows user credentials.

The result is single sign-on for Windows users regardless of where they try to access services or data.

"Office products are consuming services more, mobile devices and a variety of other form factors, so it makes sense to have an identity infrastructure that can support those Windows applications," says Jason Bloomberg, an analyst with ZapThink. "One of the things that is happening is there are increasingly broader types of [Web] service consumers, and it is not just service consumption done in a portal."

Microsoft's Integrated Windows Authentication (IWA) uses Kerberos v5 authentication to support single sign-on for Windows and is designed to work best in an intranet environment. Reactivity is plugging into IWA and using the Windows-based Kerberos ticket to validate that a user has access to back-end Web services running behind its gateway.

Microsoft Information Bridge Framework (IBF) is used to link Microsoft Office programs to line-of-business systems, and Reactivity uses IBF to support enforcement of authentication between and among those links.

In addition, the gateway supports the transformation of Windows Kerberos tickets into authentication credentials, such as SAML, that can be used to access Web services running on non-Windows platforms. Reactivity has added support in XOS 4.3 for WS-Trust, Kerberos and RADIUS.

"We are providing mediation between an IWA world and a non-Microsoft world as it deals with a Web services back end," says Andrew Nash, CTO of Reactivity. "That means the Windows front-end authentication is being extended to a heterogeneous environment."

To support that heterogeneous integration, Reactivity also integrates with Web access management software including Computer Associates' Netegrity SiteMinder and TransactionMinder, RSA Security's ClearTrust, IBM Tivoli Access Manager and directories that support the Lightweight Directory Access Protocol. Reactivity also provides its AccessLink SDK to integrate with custom identity-management platforms.

In addition to the identity updates, Reactivity also is extending its software developers kit so developers can use Java to write code that runs in Reactivity's XML infrastructure for customizing routing and message handling.