Header Image

SOA Security

Service Security

The Problem: Service Security in SOA

XML Web services provide a versatile method for exposing applications and their data directly to other applications in a standards-based way in SOA. Benefits include platform interoperability and simplified reuse of application interfaces across multiple business processes. Nowhere is this benefit more clear than when applications and data need to be shared across departmental and organizational boundaries. For the first time, Web services make cross-boundary integration relatively simple and arguably practical. However, exposing functionality and information to applications in external trust and security domains opens those systems to potential threats and complexity around access control, confidentiality, communication integrity and availability assurance. In these scenarios, XML Firewalls provide a first line of security for safely sharing data and functionality in SOA.

 

Solution: XML Firewalls

Implementing security in an SOA is a complex and error prone task for developers. Developers have to contend with a large number of WS*, WS-I, SAML and XACML standards. They have to deal with integration issues between their service and various existing enterprise security infrastutures they want to leverage like LDAP, Kerberos, SSO cookies, SAML tokens, virus scanners, CA authorities, HSM's, SSL termination devices etc. They have to deal with lifecycle issues across dev, test and production. And they have to deal with the vagaries of coordinating security policies and implementation across distributed services and the client applications that call them. XML Firewalls make security definition and implementation in SOA simple. Products like the Layer 7 SecureSpan XML Firewall provide developers and architects the ability to define and enforce security policy through a simple graphical policy language. Defining policies for authentication, fine-grained authorization, identity federation, data encryption, data signing, data redaction, data validation, API protection, throttling among other SOA security operations can all be composed from a single policy management console and then enforced consistently across distributed services and if so desired the client applications that call them (through the SecureSpan XML VPN).

 

Layer 7 Value: Policy Based SOA Security

Layer 7 Technologies' SecureSpan XML Firewall provides comprehensive defense for Web services exposed to external departments and partners. It simplified integration with existing security PDP's (policy decision points). It enables architects to handle identity tasks with ease. It manages security interoperability across diverse tools and runtimes. And it ensures security policys can be lifecycled without downtime to the underlying SOA infrastructure. The SecureSpan XML Firewall provides:

  • Fine-grained service-level access control
  • Message level data validation, privacy, and integrity for incoming and outgoing messages
  • WS*, WS-I enforcement and interoperability
  • Protection against XML threats (including viruses in SOAP attachments)
  • API security for REST and WSDL
  • Identity-based access control for XML / Web services
  • Credential chaining and substitution operations
  • SAML generation and consumption
  • Throttling controls for XML communications
  • Audit

features to name some. Designed for high-availability environments, the SecureSpan XML Firewall can be linearly clustered with automatic policy replication.