XML Web services provide a versatile method for exposing applications and their data directly to other applications in a standards-based way in SOA. Benefits include platform interoperability and simplified reuse of application interfaces across multiple business processes. Nowhere is this benefit more clear than when applications and data need to be shared across departmental and organizational boundaries. For the first time, Web services make cross-boundary integration relatively simple and arguably practical. However, exposing functionality and information to applications in external trust and security domains opens those systems to potential threats and complexity around access control, confidentiality, communication integrity and availability assurance. In these scenarios, XML Firewalls provide a first line of security for safely sharing data and functionality in SOA.
Implementing security in an SOA is a complex and error prone task for developers. Developers have to contend with a large number of WS*, WS-I, SAML and XACML standards. They have to deal with integration issues between their service and various existing enterprise security infrastutures they want to leverage like LDAP, Kerberos, SSO cookies, SAML tokens, virus scanners, CA authorities, HSM's, SSL termination devices etc. They have to deal with lifecycle issues across dev, test and production. And they have to deal with the vagaries of coordinating security policies and implementation across distributed services and the client applications that call them. XML Firewalls make security definition and implementation in SOA simple. Products like the Layer 7 SecureSpan XML Firewall provide developers and architects the ability to define and enforce security policy through a simple graphical policy language. Defining policies for authentication, fine-grained authorization, identity federation, data encryption, data signing, data redaction, data validation, API protection, throttling among other SOA security operations can all be composed from a single policy management console and then enforced consistently across distributed services and if so desired the client applications that call them (through the SecureSpan XML VPN).
Layer 7 Technologies' SecureSpan XML Firewall provides comprehensive defense for Web services exposed to external departments and partners. It simplified integration with existing security PDP's (policy decision points). It enables architects to handle identity tasks with ease. It manages security interoperability across diverse tools and runtimes. And it ensures security policys can be lifecycled without downtime to the underlying SOA infrastructure. The SecureSpan XML Firewall provides:
features to name some. Designed for high-availability environments, the SecureSpan XML Firewall can be linearly clustered with automatic policy replication.