Documente Academic
Documente Profesional
Documente Cultură
Service Consumer
SecureSpan XML Firewall clusters, screening XML content, centrally controlling service level
SAML SAML
Service Consumer
UTP
X.509
Service Consumer
Identity Management
The Problem:
Identity is at the heart of SOA security. Identity drives authentication and authorization decisions for all client-service interactions in an SOA. An ability to validate identity is also central to enforcing transactional integrity and accountability policies. However, defining and enforcing identity based security policies is complicated in an SOA. Machine identities for client applications must be reposited within a centrally accessible directory. Services must have an ability to extract identity information from credentials passed to it inside a Web services message, validate those credentials against a centralized identity directory and then enforce a security policy based on the rights associated with the identity. How a Web services security policy is defined, how to support decision delegation to existing policy decision points, how to find the credentials in a Web services message, how to assure compliance with the various WS-* and WS-I security standards, and how to propagate identity context in multi-hop SOA environments only complicates the application of identity to SOA. This is where an Identity based XML Firewall product like Layer 7s can help.
Key Features
XML Threat Protection
- Infrastructural protections against XML parsing, XDoS and OS attacks, Application protection against XML content tampering and viruses in SOAP attachments, Protection against SQL and malicious script injection attacks, Allow / reject messages based on time of day, day of week and IP address, onfigurable throughput restrictions based on requestor or destination prevents downstream XDoS
General Security
- Support for XML, SOAP, POX, AJAX, REST and other XML-based, services, Configuration wizards simplify policy creation and activation, Support for policy branching based on identity or any message content or context, Support for multiple routing destinations with configurable failover, Policies can be applied to request-only, response-only or both request and response messages
Administration Options
- GUI-based SecureSpan Manager deployed as either stand alone application (Windows / Linux) or browser-based (Internet Explorer / Firefox), Centralized cluster management and configuration with delegated administration, Drag and drop policy-based policy configuration, Intelligent, real-time validation and testing of policies, Logging and audit trapping of violations and system/user defined events via SNMP and SMTP, Dashboard for graphical, real-time monitoring of traffic profiles and security violations, Audit controls