SOA Enabled PortalsFlowing identity across the user-based Web and machine-based Web services can be a complex undertaking. | |
The Problem: Bridging Web and Web Services Portal initiatives have emerged as a significant driver for SOA. SOA methodologies implemented through Web services allow eBusinesses expanded application reusability; increased architectural flexibility; and broadened reach for portal projects that span organizational boundaries. Web services also allow portal designers to implement programmatic Web integrations or mash-ups, expanding the functional range of portal projects. However, bridging the user-centric Web domain with the machine-centric Web services domain creates security challenges. User credentials used to authenticate against a Web portal may not work for Web services. Identities may need to be reconciled across federated Web services silos. Single Sign-on will need to be enforced against mixed Web and Web services environments. Solution: SSO + STS + Policy EnforcementTo accommodate the specific security of a mixed Web and Web services integration environment without undue programming, three types of infrastructure may be necessary. A Web Single Sign-on (SSO) product is necessary to manage session-based access to specific URL-addressable resources. A secure token service (STS) may be necessary in order to generate a common token type for accessing mixed Web and Web service resources. And a policy enforcement point will be necessary that can leverage a Web SSO and/or STS to execute Web services security decisions.
Layer 7 Value: XML VPN ClientThe Layer 7 XML Firewall and VPN are the only SOA security products able to address both the service-side and client-side needs of SOA portal security. The SecureSpan XML Firewall can be configured against diverse IAM products so customers can leverage one or more existing policy decision points to make authentication and authorization decisions for their SOA. Moreover the SecureSpan XML Firewall has the unique ability to flow session cookies generated inside a Web SSO product to a Web services client. However since Web services don’t have the benefit of a browser to cache SSO cookies Layer 7 also provides customers the SecureSpan XML VPN Client. The SecureSpan XML VPN Client can work with the SecureSpan XML Firewall to cache cookies generated inside a Web SSO product. This ensures that end-users can leverage the same security infrastructure for both Web and Web services. Moreover, the SecureSpan XML VPN Client an interact with an STS in the client domain to automatically add a secure token (such as SAML) for making authentication decisions against downstream Web services. The ability to leverage Web-centric STS and SSO products and apply them to Web services without coding on the service or client-side simplifies the enablement of SOA for portal initiatives.
Share: | More | ResourcesDatasheet: Download PDF | 196Kb
Solution Brief: Download PDF | 208Kb
Datasheet: Download PDF | 196 Kb
Solution Brief: Download PDF | 208 Kb
ZAPNOTE: Download PDF | 180Kb |
