• Integration with leading identity, access, SSO and federation systems from Oracle, Sun, Microsoft, CA, IBM Tivoli, Novell
• Enforce fine-grained entitlement decisions authored in an XACML PDP

• Credential chaining, credential remapping and support for federated identity
• Integrated SAML STS issuer featuring comprehensive support for SAML 1.1/2.0 authentication, authorization and attribute based policies
• Integrated PKI CA for automated deployment and management of client-side certificates, and integrated RA for external CAs
• STS support through WS-Trust and WS-Federation

• Support for all major WS* and WS-I security protocols, including SOAP 1.0/1.1/1.2, WS-Security 1.1 / 1.2, WS-SecureConversation, WS-SecurityPolicy, WS-Addressing, WS-Trust, WS-Federation, WS-Secure Exchange, WS-Policy and WS-I Basic Security Profile, SAML 1.1/2.0, XACML 2.0

• Selectively control access to interfaces down to an operation level
• Create on-the-fly composite WSDL views tailored to specific requestors
• Out of the box support for popular cloud and SaaS interfaces from Salesforce and Amazon
• Service look-up and publications using WSIL and UDDI

• Log message-level transaction information
• Spool log data to off-board data stores and management systems

• Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet Luna)
• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)

• Configurable validation & filtering of HTTP headers, parameters and form data
• Detection of classified or “dirty” words or arbitrary signatures with subsequent scrubbing, rejection or redaction of messages
• Support for XML, SOAP, POX, AJAX, REST and other XML-based services

• Protect against identity spoofing and session hijacking cluster-wide
• Assure integrity of communication end-to-end

• Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting language injection attacks; external entity attacks
• Protection against XML content tampering and viruses in SOAP attachments
• DoD STIG vulnerability tested and assured

• High speed message transformations based on internal or external XSLT
• High speed message validation against predefined external schema
• High speed message searching, element detection and content comparisons

• Granular rate limiting and traffic shaping based on number of requests or service availability across a cluster

• Persist message counters across clusters so that rate limiting and traffic shaping can be strictly enforced in high availability configurations

• Prioritize XML traffic based on Class of Service/Quality of Service preferences

• Manage routing to back-end services based on availability/latency performance

• Compose inheritable policy statements from 70+ atomic policy assertions
• Branch policy execution based on logical conditions, message content, externally retrieved data or transaction specific environment variables
• Publish policies to popular registries for lifecycle management
• Service and operation level policies with inheritance for simplified administration
• Policy lifecycle and migration management across development, test, staging and production, as well as geographically distributed data centers
• API-level access to administration
• SDK-level policy creation for simplified policy customization

• Polices can be updated live across clusters with no downtime required

• Policy SDK allows for custom policy assertion creation using Java

• Secure, manage, monitor and control access to APIs exposed to third parties
• API usage can be throttled to ensure backend services are not overwhelmed; limited by user, time of day, location, etc; and quota managed (i.e., # of uses per user per day)

• Configurable, out-of-the-box reports provide insight into API performance: measure throughput, routing failures, utilization and availability rates, etc
• Failed authentications and/or policy violations can be tracked to identify patterns and potential threats

• Support for all major WS* and WS-I security protocols
• Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, XACML, etc 

• A single, real time view of all Gateways across the enterprise and cloud showing audits, events and key metrics

• Centrally move policies between environments (development, testing, staging, production, etc), settings (enterprise, cloud, etc) or geographies, automatically resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e., LDAPs may be named differently), etc

• Configurable, out-of-the-box reports provide insight into SSG operations, service-level performance, and service user experience

• Selectively update any software installed on Gateways, including system files and operating system

• Centrally back up SSG config files and policies from one or more Gateways/clusters, and remotely restore, enabling full disaster recovery

• Remote management APIs allow customers to hook their existing, third-party management tools into the SSG, simplifying asset management

Share: | More