Header Image

British Columbia Attorney General - XML & Web Services Security

Sharing vital services with strategic partners

The BC Ministry of Attorney General and Minister Responsible for Treaty Negotiations, also known as the British Columbia Attorney General (BCAG), is responsible for the administration of justice and the negotiation and implementation of treaties and other agreements with First Nations in British Columbia,Canada.The BCAG has a constitutional and statutory role as the BC Government's lawyer,providing legal advice, representing the Provincial Government in litigation,and drafting legislation.

Five core business areas of the BCAG — Court Services, Legal Services, Prosecution Services, Justice Services, and Executive and Support Services (see side bar) — work together and with other justice partners to enforce the justice mandate.Collaboration among key partners like the police, judiciary, defense counsel, and other ministries is vital to the effective and efficient delivery of services to the public.

The BCAG strives to enhance public confidence in the integrity and effectiveness of the justice system by fostering cooperation and shared initiatives among its partners. The BCAG’s core business areas contribute unique sets of programs and services that, when integrated with services from other justice partners, constitute the justice process.


The Business Challenge

In an effort to streamline court proceedings, the BCAG wanted to make its electronic filing system,called the Integrated JusticeSystem (JUSTIN), available to internal BCAG users, external BCAG users, and external justice partners and the general public.

JUSTIN, a large cluster of Oracle databases, stores extremely confidential information related to BC court proceedings.The BCAG needed a way to cost-effectively provide access to information in these databases without having to provide direct connections to JUSTIN itself.The project also required information access controls that would grant specific access privileges depending on a user's profile.

Several proprietary technologies were examined and scored on their complexity, cost,and security.The BCAG determined that a solution based on open standards would provide the level of flexibility required to securely integrate with other internal and external application services.

The BCAG initiated a comprehensive proof-of-concept trial to determine the feasibility of exposing JUSTIN information to users as Web services. Using Layer 7 Technologies’ SecureSpan™ suite of products, the BCAG was able to enforce multiple Web service access policies, permitting user-specific access controls to the confidential information.

Web services and SecureSpan met the BCAG's technical and economic criteria, enabling the successful and secure exposure of JUSTIN information to multiple internal and external users.The result:The BCAG supported its mandate of efficiently and effectively communicating information internally and amongst its justice partners, yielding a more streamlined justice process for the public that it serves.


The SecureSpan Product Line

The BCAG successfully channels its Web services through a single security enforcement point — Layer 7 Technologies’ SecureSpan™ suite of products. Using SecureSpan,the BCAG provides secure access to its Web services users while maintaining tight control over how those Web services are accessed.

SecureSpan is a standards-based product line designed to secure and govern XML and Web services interactions spanning departments,business units,and partners. Providing best-in-breed XML firewalling,adaptive policy enforcement,and optional client-side security coordination,SecureSpan ensures secure andflexible Web services deployments acrosssecurity and identity domains.

The SecureSpan product suite is composed of three separate yet complementary products: the SecureSpan SOA Gateway is a scalable and accelerated XML firewall appliance that defends applications and enforces diverse security policies, the SecureSpan™ Bridge enables client applications in external security and identity domains to securely access protected Web services without programming and off-line policy coordination, and the SecureSpan Manager is a rich environment to centrally define and govern fine-grained security and interaction policies between Web services and their client applications.

Layer 7's BCAG Solution



The benefits of the BCAG's SecureSpan™ implementation were immediate and significant."The Layer 7 solution was easy to install and configure, therefore the deployment costs were negligible" reported Robert McDonald, Director of Application Management Services at the BCAG."The Layer 7 solution has allowed us to quickly and securely expose new services to internal business areas and external partners, all while saving a significant amount of design and development costs.This has allowed us to more easily share vital information and ensure the collaboration needed to quickly respond to the needs of our constituents."

In addition to its lower integration cost and ease of implementation,SecureSpan also allowed the BCAG to quickly deploy their Web services without requiring complex security and integration policy coding. Since SecureSpan is centrally-managed, policy changes require no changes to the application code, and the addition or modification of Web services and/or policies is quickly updated and automatically propagated on both sides of the integration."By eliminating the need to manually code security and integration policies into ourapplications,Layer 7 has reduced our overall development costs by 25%." said Mr. McDonald."If you multiplythat by the overall spend within the Ministry [BCAG], it is very significant and allows us to use those resources on other business critical projects."