Entries Tagged 'Technology' ↓
June 6th, 2008 — Technology
IBM has just released a supported integration between Tivoli Access Manager for eBusiness and JBoss Application Server.
IBM Tivoli Access Manager JBoss Integration Adapter
Abstract
This integration solution enables integration between IBM Tivoli Access Manager for eBusiness and JBoss Application Server.
Download Description
This package contains an implemenation of IBM Tivoli Access Manager for eBusiness runtime for Java which is suitable for JBoss environments. It also contains documentation and sample applications for this Java runtime. The package also provides a Single Sign On solution for JBoss application server.
Link
The integration is free of charge for existing TAM customers, and supported through the normal channels.
April 30th, 2008 — Technology
An article I co-wrote with Neil Readshaw has gone live on the IBM developerWorks site.
Using SAML security tokens with Microsoft Web Services Enhancements
A standards-based approach enabled by Tivoli Federated Identity Manager
Microsoft® Web Services Enhancements (WSE) is a framework for developing secure, interoperable Web services for the Microsoft .NET platform. WSE supports standard security token types such as Username, Kerberos and X.509 certificate tokens. One widely used security token type not supported by WSE is the Security Assertion Markup Language (SAML). This article will demonstrate an architecture and implementation capable of integrating WSE and SAML using Tivoli® Federated Identity Manager (TFIM).
Check it out here.
April 9th, 2008 — Online, Technology
Less than 24 hours after Google App Engine went live, an application has been written that allows you to use your Google Account to log into any site via OpenID. Uncreatively called OpenID Provider, it also presents you with a nice log of recent OpenID requests.
This is a fantastic example of how opening your infrastructure can provide benefit to the entire community.
March 31st, 2008 — Technology
James McGovern recently linked to Anil Saldhana’s summary of IDTrust 2008 with the following comment.
It feels as if the RSA Conference will be repeating the Oasis XACML interoperability challenge already conducted by The Burton Group. I wonder why Hal Lockhart and others couldn’t come up with something that shows more thought leadership? How about demonstrating XACML interoperability with non-security products such as BPM and ECM?
I don’t know where James got the impression that the RSA Interop will be a repeat of the Burton Interop. The scenario is much more in-depth. Instead of the XACML TC inventing a simple scenario, the US Department of Veteran’s Affairs is the primary scenario driver. The scenario covers using XACML to protect confidential patient data, and the associated controls around emergency over-rides.
Anil’s written a quick overview, and the IDTrust presentations by IBM’s Tony Nadalin and Axiomatic’s Andreas Sjöholm give a more in-depth overview.
I personally think the scenario is interesting, in-depth, and demonstrates the flexibility that XACML can provide in a complex domain.
Update: Anil has also responded to James’ comment.
February 27th, 2008 — Technology
I’ve decided I’m going to take advantage of the death of HD-DVD through the inevitable clearout of stock. A few web stores are having clearance sales, one example being dvddownunder.com.au which is clearing stock at $9.95 per disc. I plan to buy at least a few movies during these sales.
My primary reason for buying more movies, rather than abandoning the format completely, is that I was a late adopter - but not so late that I got any advantage out of the reduced player prices. I bought an XBox 360 HD-DVD drive late last year, and a few movies a couple of weeks later. Including christmas gifts and the bundled King Kong, this means I only own 5 movies in the format.
Doing the sums, this means that I had effectively paid roughly $65 per movie. Ouch!
By buying at least a few more movies over the next couple of months I hope to bring the cost per movie down to a reasonable level. After buying another 6 discs, the cost per movie is now around $35 per movie. This is much more reasonable, and will at least let me get some decent use out of a player that will hopefully last a couple of years.
January 23rd, 2008 — Technology
Two of my colleagues have a new article on IBM developerWorks:
SOA: Managing identity contexts across service requests
Identity propagation considerations in a SOA environment
Businesses embrace Service Oriented Architecture (SOA) to help their IT meet the needs of their business. The loose coupling of services and their distributed nature across organizations and trust boundaries presents a number of challenges. When it comes to the reuse of existing applications or service connectivity across organizational or technological boundaries, the identity systems can vary and so can the credential systems. Managing, mapping, and propagating identity across these environments is necessary. This article discusses the business challenges when managing identity contexts in Web services and SOA. It outlines the importance of creating solutions based on standards. The security token service (STS) capability in IBM® Tivoli® Federated Identity Manager (TFIM) is a key building block that can be used in solutions to address these identity propagation requirements. This article explains the capabilities of the STS and outlines architectural approaches using TFIM to solve these needs.
Check it out here.
January 10th, 2008 — Technology
Another article I co-authored has gone live on IBM developerWorks.
SOA authorization using Tivoli Federated Identity Manager and WebSphere Service Registry and Repository
This article describes a service-based approach to authorization in Service Oriented Architecture (SOA) environments using IBM® Tivoli® Federated Identity Manager (TFIM). This approach extends existing IBM solutions for identity propagation in SOA by leveraging Tivoli Access Manager (TAM) as the authorization policy decision point. A software utility to discover services from the IBM WebSphere® Service Registry and Repository (WSRR) to enable the authorization solution will be provided to simplify and accelerate deployment of this authorization solution.
The primary piece of development for this article was the automation of extracting WSDLs from WSRR, then using the WSDL2TAM tool from TFIM to populate the TAM object space.
See the article here.
Previous articles:
December 5th, 2007 — Technology
The Burton Group has finally released it’s report about the XACML Interoperability Demonstration held at the Catalyst Conference in June this year. If you have a subscription, you can download the full PDF.
The summary:
Burton Group hosted the first-ever eXtensible Access Control Markup Language (XACML) interoperability demonstration at its 2007 Catalyst Conference North America. XACML 2.0 was formally ratified in March 2005, but no interoperability work had been attempted until early 2007. At that time, the XACML Technical Committee (TC) of the Organization for the Advancement of Structured Information Standards (OASIS) accepted the challenge of coordinating this inaugural event. In cooperation with eight vendor participants, OASIS demonstrated fundamental interoperability in two usage scenarios: policy exchange and authorization decision processing.
The successful outcome of this demonstration event proves that basic interoperability between XACML-based products can be achieved, which is timely, because interest in and adoption of XACML continues to increase across the industry. However, one demonstration does not replace a program that certifies interoperability as more vendor products adopt XACML. In addition, work is underway on XACML 3.0, which will introduce new functionality to test.
I’ve previously written about IBM’s involvement in the event.
November 20th, 2007 — Technology
I don’t know how I missed this when it was put up, but there’s a podcast with a recap of the XACML Interop in July on the OASIS site.
OASIS XACML InterOp Recap
The podcast contains interviews with all the participants, including Rich Levinson of Oracle, Anil Saldhana of JBoss, and myself.
Thanks to Anil for the link.
October 23rd, 2007 — How To, Linux, Online, Technology
Moblock is a fantastic alternative to PeerGuardian for Linux systems. Running some form of blocking software is important to protect your privacy when using P2P applications like BitTorrent and Gnutella; if you’re not using anything, you should be.
Unfortunately, in it’s default configuration the filtering can be a little aggressive. There is nothing whitelisted (explictly allowed), so any IP address caught in the filter is blocked. This list of filtered IP address ranges includes addresses belonging to Microsoft and Google, meaning that all traffic to those companies is blocked - including HTTP traffic and instant messaging.
To enable both MSN and Google Talk, find the following line in the file /etc/moblock/moblock.conf:
#WHITE_TCP_OUT="http https"
Now, remove the ‘#’ from the start and add the ports as follows:
WHITE_TCP_OUT="http https 1863 5222"
Presto!
The numbers 1863 and 5222 are the port numbers for the MSN protocol and XMPP protocol that Google Talk uses. If you have another application that is being blocked by Moblock, you should be able to find what port it uses here.
For installation instructions on Ubuntu, check out this Ubuntu Forums thread.
