Get documents about "SecureSpan for Federated Web Services
Description
Federate identity and establish trust between machines in disparate identity domains The ability to share applications with external divisions and partners, via the Internet, is a key driver for adoption of Web services. However, establishing trust between two applications in different identity domains is difficult in user-machine interactions and harder still in machine-machine SOA environments.
Shared by: Layer7Tech
-
Stats
- views:
- 1
- posted:
- 4/4/2012
- language:
- pages:
- 2
Document Sample
Solution Brief:
Federated Web Services with SecureSpanTM XML Firewall and VPN
SecureSpan™ SecureSpan XML Firewall
XML VPN Client
deployed alongside SecureSpan
Trust
XML VPN Client and Identity
Federation Server to securely
SAML
SAML Web Service
XML VPN Client Web services in
Service
Consumer different identity domains.
SecureSpan
XML Firewall Cluster
Security
Token Service
Security
Token Service
The Problem:
Sharing applications over the Internet to external divisions and partners is a key driver for the adoption
of Web services. However, establishing trust between two applications in different identity domains is
difficult in user-machine interactions and harder still in machine-machine SOA environments. For a client
application in one domain to request information from a Web service residing in a different domain, the
client will need to present proof of its identity using a credentialing authority trusted by the Web service.
Moreover, the receiving service will need to be able to understand and evaluate the presenting
credentials to asses an identity’s validity while also having evidence that the credentials were not
tampered or spoofed during transit. This Web services federation problem therefore requires a way to
both federate identity and establish trust between machines in disparate identity domains. Layer 7 is the
only XML security vendor to offer enterprises a code-free solution for implementing such a solution in
Web services.
The Layer 7 Solution:
The SecureSpan XML Firewall working together with SecureSpan XML VPN Client can manage the
process of trust enablement and identity bridging between client applications and Web services without
coding. The SecureSpan XML VPN Client is a WS-Trust capable client proxy that can broker a Web service’s
credential requests to a Security Token Service and bind the resulting credential in a signed, WS-Security
compliant SOAP message that can be transmitted by the XML VPN Client to the SecureSpan XML Firewall
without programmer intervention. Since the XML VPN Client and Gateway automatically establish a PKI
based trust relationship with one another, trust between machines in different domains is also achieved.
Integration with leading identity access and federation products is provided by Layer 7 out of the box,
and to further enhance security, session expiry or sign-out cookies provided by leading Single Sign-on
products are automatically flowed through the Gateway to the XML VPN Client where they can be
seamlessly added to a client application’s service request.
Federated Web Services with SecureSpanTM XML Firewall and VPN
Innovations and Solution Features:
Drop-in client proxy (SecureSpan XML VPN Client) for coordinating client-side federation and trust operations
WS*-Trust integration with leading identity federation products
Integrated PKI signing of SOAP messages on client by SecureSpan XML VPN Client
Web SSO extension to Web services client applications using SecureSpan XML VPN Client
SAML support in SecureSpan XML VPN Client and Firewall
Automated WS compliance for all communication between SecureSpan XML VPN Client and XML Firewall
Advanced SAML processing
Supported Standards and Specifications:
XML 1.0, SOAP 1.1, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema & DTD, LDAP 3.0, SAML 1.1/2.0, PKCS #10, X.509
v3 Certificates, W3C XML Signature 1.0, W3C XML Encryption 1.0, FIPS 140.2, SSL/TLS 2.0 / 3.0, SNMP, SMTP, FTP,
HTTP/HTTPS, WS-Security 1.0, WS-Trust 1.0, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-Security Policy,
WS-Policy, WS-Secure Exchange, WSIL, WS-I, WS-I BSP, UDDI 3.0
Key Features
XML Threat Protection Advanced Identity, Credentialing and PKI Support Policy Flexibility
- Infrastructural protections against XML parsing, XDoS and - Onboard identity store for administrative identities and fast - Support for XML, SOAP, POX, AJAX, REST and other
OS attacks, Application protection against XML content staging of new services, Integration with multiple external XML-based services, Configuration wizards simplify
tampering and viruses in SOAP attachments, Protection identity, access, single sign-on and federation systems policy creation and activation, Support for policy
against SQL and malicious script injection attacks, including LDAP, Microsoft (Active Directory and Active \
branching based on identity or any message content
Allow / reject messages based on time of day, day of week Directory Federated Services), Novell Access Manager, or context, Support for multiple routing destinations
and IP address, Configurable throughput restrictions based Oracle Access Manager, IBM Tivoli (Access Manager and with configurable failover, Policies can be applied to
on requestor or destination prevents downstream XDoS Federated Identity Manager), CA SiteMinder and request-only, response-only or both request and
TransactionMinder, RSA ClearTrust, Sun Java Access Manager, response messages
Administration Options Credential chaining, credential remapping and support for
federated identity, Comprehensive support for SAML Standards Group Memberships
- GUI-based SecureSpan Manager deployed as either stand
1.1/2.0 authentication, authorization and attribute based WS-I, WS-I BSP, OASIS WS- Security, OASIS WS-RX,
alone application (Windows / Linux) or browser-based
policies, Integrated PKI CA for automated deployment and OASIS WS-SX, OASIS Security Services (SAML),
(Internet Explorer / Firefox), Centralized cluster management
management of client-side certificates and RA ability for OASIS-UDDI, OASIS SOA-RM, W3C WS-Policy WG
and configuration with delegated administratio, Drag and
drop policy-based policy configuration, Intelligent, real-time external CA’s including Verisign
validation and testing of policies, Logging and audit trapping
of violations and system/user defined events via SNMP and
SMTP, Dashboard for graphical, real-time monitoring of
traffic profiles and security violations, Audit controls
Web Site: www.layer7tech.com R
Email: info@layer7tech.com
Phone: 800.681.9377
