IBM Redpaper on Tivoli Security Policy Manager

I recently travelled to Austin for a month to co-author an IBM Redpaper on our new security policy and entitlements management product, IBM Tivoli Security Policy Manager.  The draft of that Redpaper is now available for download and public comment here.

Here's the introduction to whet your appetite:

In a growing number of enterprises, policies are the key mechanism by which the capabilities and requirements of services are expressed and made available to other entities. The goals established and driven by the business need to be consistently implemented, managed and enforced by the service-oriented infrastructure; expressing these goals as policy and effectively managing this policy is fundamental to the success of any IT and application transformation, including SOA solutions.

First, a flexible policy management framework must be in place to achieve alignment with business goals and consistent security implementation. Second, common re-usable security services are foundational building blocks for SOA environments, providing the ability to secure data and applications. Consistent IT Security Services that can be used by different components of an SOA runtime are required. Point solutions are not scalable, and cannot capture and express enterprise-wide policy to ensure consistency and compliance.

In this IBM® Redpaper we discuss an IBM product-based end-to-end security policy management solution, which comprises of both policy management and enforcement using IT security services. We also demonstrate by means of customer scenarios how this standards-based unified policy management and enforcement solution can address authentication, identity propagation, and authorization requirements, and thereby help businesses demonstrate compliance, secure their services, and minimize the risk of data loss.

My primary involvement with the product was the development of the Runtime Security Services.  In particular, the XACML engine that provides the authorization service capability.  As written in the Redpaper, the core of the authorization runtime is a high-performance implementation of the XACML v2.0 standard.  It's been demonstrated at previous interoperability events organized by OASIS (see here, here and here).

Back at the Burton Event in 2007 I was asked a few times "When is this going to be in a product?".  Tivoli Security Policy Manager is that product.

I'm happy to answer questions about the paper or product to the best of my ability, as well as point people to the appropriate folks within IBM if I can't help.