Advanced Identity Based Security for SOA, XML and Web Services

By: Layer 7  09-12-2011
Keywords: Security

Advanced Identity-Based Security for SOA

Traditionally, security and entitlement for SOA-based integration has been coded into each and every application exposed as a programmatically accessible service in the organization. When those requirements (or the standards on which they’re based) change, every service needs to be updated and re-tested manually. To simplify governance of security in SOA-based integrations Layer 7 offers the SecureSpan XML Firewall.

Providing intermediate functional capabilities between the API Proxy and SOA Gateway, the SecureSpan XML Firewall is designed to address access, federation and message security needs in SOA based integrations that leverage SOAP, REST and JSON style application interfaces. Unlike the API Proxy which is limited to REST, JSON and OAuth style API security the XML Firewall also supports SAML, XACML and the implementation of a broader array of WS* and WS-I based standards associated with SOAP style messaging.

The SecureSpan XML Firewall can be deployed as a security endpoint to an ESB or as a DMZ-class edge device gating access to an internal ESB or application interfaces. The SecureSpan XML Firewall in the DMZ can be deployed as a hardened appliance, virtual appliance or as software. All form factors support FIPS standards, are PCI DSS compliant and are STIG vulnerability tested to meet rigorous US Defense industry standards.

The SecureSpan XML Firewall supports a comprehensive set of SOA security governance use cases spanning identity, access, threat protection, privacy, communication integrity and information assurance. Example capabilities of the SecureSpan XML Firewall include:

  • SSL termination and acceleration
  • Service authentication with a wide range of credentials, tokens and cookies
  • Operation level authorization
  • Credential validation, translation, generation or chaining
  • SAML and OAuth style federation
  • Identity integration with CA, Microsoft, Novell, Oracle, RSA, Sun, Ping, IBM
  • Data validation and API attack protection
  • XML data normalization and transformation
  • API versioning and transformation across SOAP, REST and JSON
  • Content or availability based routing
  • Message and field level encryption, redaction, filtering and signing
  • Throttling of access to a service endpoint based on attribute-based policy
  • Identity and message caching
  • Transaction logging and audit
  • Payload virus scanning using leading virus scan engines
  • PKI certificate management
  • Hardware key store either onboard and offboard

The SecureSpan XML Firewall includes all the features of the SecureSpan Accelerator and API Proxy, any of which can be upgraded to the Firewall through a license key. The SecureSpan XML Firewall is optimized for HTTP and HTTPS transports. Customers needing a broader range of transports such as MQ Series or Tibco EMS or who need to support a greater number of data and application adapters beyond XML should consider the SecureSpan SOA Gateway, which is an upgrade from the SecureSpan XML Firewall. Like the other SecureSpan XML Gateways, the SecureSpan XML Firewall integrates with leading service registry products including Software AG CentraSite, HP Systinet, IBM WSRR, Tibco ActiveMatrix Registry and Oracle Service Registry. The SecureSpan XML Firewall can also be deployed with internal or with external HSM hardware key stores for added security.

Keywords: Security

Other products and services from Layer 7


Simplify XML Gateway and Web Service Management Across Data Centers and Cloud

The Layer 7 Enterprise Service Manager is designed to give SecureSpan Gateway, API Manegement and Cloud Integration administrators and operations managers centralized visibility into the health of their Layer 7 Gateway landscape along with the services and APIs they proxy. Service & Gateway Management Across Data Centers & Cloud.


Policy Based Web Service Mediation, Security, SLA and XML Message Routing

Using the native SecureSpan policy language, architects can create virtual service views specific to client identities, secure versions of specific application interfaces and they can manage versions of APIs across the development lifecycle without breaking client appplications.


Hardware Accelerated XML Parsing, Routing and Validation

To account for XML traffic, most organizations attempt to optimize back-end server performance, resulting not only in increased infrastructure costs but also increased overall network load, which can limit performance gains. XML processing is computationally expensive and, if handled by application servers, Enterprise Service Buses or other back-end infrastructure, can significantly impact response times, and overall network performance.


SOA Governance Products Overview | Layer 7 Technologies

Service Manager The Enterprise Service Manager gives SOA administrators and network operators centralized visibility into the functioning of SOA-based integrations, even when services are distributed across geographies, partners and the Cloud. To complement the SecureSpan Gateways, Layer 7 offers a broad range of policy and service management features that simplify the lifecycle, delivery and performance tracking of application services in SOA.


XML Gateways for SOA Cloud and Web Services

Enterprise-Scale ManageabilityLayer 7 is the first XML Gateway vendor to offer a fully integrated, enterprise-wide Gateway and Service management solution to simplify policy lifecycle management, gateway health monitoring, service management and disaster recovery.