NEWS RELEASE

Web Single Sign-on between Microsoft IIS,
Apache, and J2EE Now Available

San Diego, CA, September 18, 2003 - Cafésoft announced today that it is now shipping Cams™ web single sign-on support for Microsoft Internet Information Server (IIS). The new Cams IIS web agent enables web single sign-on between IIS and other web and J2EE servers supported by Cams, such as Apache, BEA WebLogic, JBoss, Oracle 9iAS, and Tomcat. Cams is a web single sign-on and access control software solution that centralizes web security management.

"Now sites using Microsoft IIS can get to market faster and more affordably with a world-class web application security solution," said Gary Gwin, Cafésoft president and CEO. "Many IIS sites use Apache and J2EE servers such as Tomcat and BEA WebLogic. With Cams you centralize security management in these heterogeneous environments. Even if you use only IIS, Cams provides web single sign-on and many other features that make it advantageous to use such as support for MS-SQL, Active Directory, and LDAP user directories ."

Cams makes sites more secure and manageable by centralizing application security enforcement and management, rather than implementing security into each application and server. This centralized approach to web security enables companies to reduce development and administration complexity and costs, while improving time to market, security, and user satisfaction. Cams also provides web single sign-on eliminating the cost, vulnerabilities, and pain associated with multiple identities and logins when a user moves between web applications and servers on the same site.

Cams service oriented architecture deploys into heterogeneous environments and scales for high-volume sites. Cams provides user directory integration with industry-standard LDAP and SQL databases, including Microsoft SQL Server, Microsoft Active Directory, and Microsoft SiteServer LDAP. Primary product features include:

• Web single sign-on to multiple web applications and servers
• Access control based on roles (RBAC), date/time, location, and custom rules
• Centralized application security policy management and event logging
• Flexible extension via open APIs (including integration into third-party software)
• Cross-platform support including Windows NT/2000/2003, Linux/UNIX, and Solaris

"We created Cams to help application developers implement fine-grained web security without embedding authentication policy or access control business rules into application code," said Norbert Kuhnert, Cafésoft chief technology officer and founder. "With Cams, environments like Microsoft IIS, Apache, and the Tomcat J2EE web server share the same security configuration. An open API also empowers developers to use any password database for authentication, create custom access control rules that match business policy, and trigger business processes from security events."

The Cams IIS web agent is available immediately for Microsoft Internet Information Server 4, 5, and 6 on Windows NT, 2000, and 2003. A free Cams Tour download is available on Cafésoft's web site at http://www.cafesoft.com. The Cams Tour is the best way to learn about Cams terminology, architecture, and web security in general. Cams web security system licenses are available starting at $2,995 per server with free developer licenses. Evaluation Cams licenses, which provide access to the Cams IIS web agent, are available upon request.

Cafésoft develops and markets Cams, which is a secure, flexible, and affordable web single sign-on software solution. Businesses around the world use Cams to give employees, customers, and partners secure access to protected web applications and resources. By using Cams, customers: 1) improve time-to-market; 2) reduce development, support, and training costs; 3) enable secure business relationships; 4) improve security compliance and accountability; and, 5) simplify security implementation and management. Headquartered in San Diego, California, Cafésoft is a private company founded in March of 1996. More information can be found at http://www.cafesoft.com.

- 30 -

Cafésoft is a trademark of Cafésoft, LLC. All trademarks, service marks, or registered trademarks are the property of their respective companies.