SAN FRANCISCO (10/10/2003) - Out to change the way developers secure applications, BEA Systems Inc. next week will release WLES (WebLogic Enterprise Security), its first stand-alone security software product.
The product features a distributed security architecture that can be used across Web, application, and custom-made applications. WLES is also designed to free developers from having to code in security for each application developed.
George Kassabgi, BEA's vice president and general manager of application security infrastructure, explained that this hackneyed process to application security is costly, laborious, and difficult. He added that with WLES, security such as authentication and authorization can be defined once and applied across existing and new servers as a service.
WLES is a set of application services, Kassabgi said. "This is opposed to writing security for each server, or worse, ignoring security all together."
Kassabgi said BEA's approach to security differs in that it authenticates users, and it does not secure applications on an individual basis. "We're also saying you can no longer charge per user, but per capacity," Kassabgi said.
Randy Heffner, a research analyst at Forrester Research believes WLES is an important development, yet he wouldn't classify it as revolutionary. "BEA is delivering an important set of functionality, but not all will buy into right it away," Heffner said. "However, with this BEA has taken a turn to be a more general platform. No matter what (enterprises) are running, they should think about it (as a standalone security solution)."
With WLES, security can be applied to BEA and non-BEA servers by using existing APIs built into Web and application servers. For example, WLES can be integrated via the JAS (Java Application Server)
API found within J2EE-based application servers and with Microsoft's ISAPI (Internet Server API) for its IIS Web server. The plug-in is less than 5MB in size and can be embedded within any server.
WLES also features a centralized Web-based administration console that can be used to distribute updated security policies to the security service running on servers.