Martin Kuppinger describes the concept of application security infrastructures in different contexts. Application security infrastructures provide standardized interfaces for the creation of secure applications which rely on a defined, central infrastructure. Application security infrastructures become increasingly important as well in the context of identity services, which are exposed by a growing number of identity management tools.
Today still a large part of applications uses its own approaches for authentication and authorization, without manageability through external tools. On the other hand, the idea of externalizing at least some part of this and using central, independent management platforms for security isn’t new – it goes back at least to the early days of RACF. Now there are some new tools and approaches to do this. Several vendors provide such solutions. The panel discusses as well the maturity as the pros and cons of these approaches – especially with respect to a potential vendor and platform lock.