Learning Center
Plans & pricing Sign in
Sign Out

Identity-Driven SOA Governance with Layer 7 & Sun Microsystems


Create a seamless path from SOA design to composition to secure management When platform-independent Web services traverse multiple systems, providing reliable security and maintaining performance can be an enormous challenge. Sun and Layer 7 Technologies address this challenge by combining Layer 7 SecureSpan SOA Gateways with the Sun Java Composite Application Platform Suite (Java CAPS) and Java Identity Management Suite.

More Info
									                                                Sun and Layer 7
                                                Identity-Driven SOA Governance

                                         <         Platform-independent XML/Web services are often the cornerstone of business application
                                                   integration and Service Oriented Architecture (SOA) development. When these services
                                                   and business processes traverse multiple, heterogeneous back-end systems and infra-
                                                   structure, providing reliable security while maintaining performance is an enormous
                                         challenge. Sun and Layer 7 Technologies remove this obstacle by combining Layer 7 SecureSpan SOA
                                         appliances (delivered on Sun Fire X4100 servers) with the Sun Java Composite Application Platform
                                         Suite (Java CAPS) and Java Identity Management Suite, to create a seamless path from SOA design
                                         to composition to secure management.

                                         SOA identity and security challenges                • Implement and intermediate various XML,
                                         Identity is at the heart of SOA security, driving     WS*, W3C SAML, and WS-I security standards.
                                         authentication and authorization decisions for      • Filter, extract or redact confidential infor-
                                         all client-service interactions. The ability to       mation entering or leaving an organization.
                                         validate identity is also central to enforcing      • Assure endpoint availability and perform-
Highlights                               transactional integrity, message privacy and          ance through effective communication
                                         accountability policies. However, defining and        optimization, cluster management and
• SOA security appliance providing
Black     Pantone 431   Pantone 1797
                                         enforcing identity-based security policies in an      SLA enforcement.
  centralized policy enforcement for
                                         SOA is complicated. Machine identities for
  identity-driven SOA operations,
                                         client applications must be reposited within        High-performance SOA identity,
  and protection against malicious
                                         a centrally accessible directory.                   security solutions
  or accidental attack.
                                                                                             The SecureSpan XML Networking Gateway is
• Facilitates client authentication,     Services must be able to:                           a SOA security hardware or virtual software
  service-level authorization, message
                                         • Extract identity information from credentials     appliance that provides SOA architects a
  privacy and transaction integrity
                                           passed to them inside a Web service’s             centralized policy enforcement point for
                                           SOAP message                                      identity-driven SOA security operations,
• Offers hardware acceleration of        • Validate those credentials against a              including client authentication, service level
  XML parsing, validation and trans-                                                         authorization, message privacy and transaction
                                           centralized identity directory
  formation for fast policy execution.
                                         • Enforce an identity-centric security policy       integrity validation. The SecureSpan XML
• Assures high service availability        like authentication.                              Networking Gateway integrates with Sun Java
  and reliability through clustering,                                                        System Access Manager such that an existing
  Web service virtualization and SLA     In many instances, there is also a requirement      access policy can be reused for SOA. It can also
  enforcement features.
                                         to transpose messages or generate new security      be deployed as a proxy to Java CAPS to ensure
• Easy-to-configure administrator        tokens (e.g. SAML) for secure, interoperable        centralized policy enforcement for all commu-
  options for encryption/decryption,     communication with back-end services.               nication entering or leaving a Java CAPS-enabled
  signature and WS* security policies.                                                       SOA environment.
• Integration with Sun Java Identity     In addition to identity-based access, privacy,
  Management Suite and Composite         integrity and accounting policies, SOA security     The hardware version of the Layer 7 XML
  Application Platform Suite             solutions must also:                                Networking Gateway offers hardware accelera-
  (Java CAPS).                           • Protect back-end Web services against             tion of XML parsing, validation and transfor-
                                            attack and exploit, either malicious (DoS,       mation for fast message processing of identity
                                            replay, parser exploit, ..) or accidental        and content. It also comes with optional FIPS-
                                            (malformed XML, invalid data, …).                compliant crypto acceleration for accelerated
                                                                                             SSL, WS-Security and signing operations for
                                                                                             XML or SAML.
2 Sun and Layer 7                                                                                                                                                                               

For identity-centric privacy and integrity opera-                        federation. Layer 7’s SecureSpan XML VPN
tion, the SecureSpan XML Networking Gateway                              client is a software or hardware proxy that can
                                                                                                                                                       For a free trial of the Layer 7 XML
provides administrators an array of easy-to-                             be deployed on or in front of SOA clients to
                                                                                                                                                       Networking Gateway
configure options for defining channel, message                          request, cache and embed tokens into a client-
and element encryption/decryption and signing/                           side SOAP call without any client-side coding.
signature validation policy. The XML Networking                          The SecureSpan XML VPN client also ensures                                    page.html?id=82
Gateway can also be configured to delegate                               that all outbound SOAP messages automati-
authentication and authorization decisions to                            cally conform to policy settings defined on a                                 For more information visit
Sun Java Access manager. All operations are                              Web service, as well as the latest WS* and WS-I                     , or contact
available for both inbound and outbound traffic.                         standards. The SecureSpan XML VPN client                                      your local Sun representative.
Public Key Interface (PKI) for the cryptographic                         automatically embeds sequence numbers and
operations can be implemented using the                                  optionally time stamps to ensure any message                                  1-800-681-9377
SecureSpan XML Networking Gateway’s on-                                  transmitted from the client to a Web service is                     
board Certificate Authority or a third-party                             non-reputable.
certificate authority. For implementations using
the hardware XML Networking Gateway with                                 For B2B and Extranet applications, the XML VPN                            Sun and Layer 7
on-board crypto acceleration, a centralized                              client can also be deployed alongside Java CAPS                           Layer 7 Technologies markets a family of
hardware HSM key store is also included.                                 to deliver simple partner on-boarding. Services                           XML appliances (delivered on Sun x64 systems)
                                                                         exposed through Java CAPS can be extended to                              and software to secure, simplify and scale Web
In addition to securing identity-based SOA                               external business units and companies without                             services and SOA. Modern service-oriented
operations, the SecureSpan XML Networking                                complex coding and testing.                                               application integration models and Web-
Gateway offers extensive threat, WS* and                                                                                                           oriented application delivery models depend
service assurance features including:                                    Security as SOA governance foundation                                     on effectively addressing the performance,
• Configurable protections against service                               All production Web services require policies to                           security, complexity, reliability and availability
   communication, API and application attacks,                           define security expectations and preferences.                             issues inherent in sharing Web services with
   including integration with leading virus                              These security settings can be hard-coded into a                          other applications. Layer 7 Technologies there-
   scanners                                                              service’s business logic, but at a significant cost                       fore aims to provide the essential application-
• Extensive support for key Web service                                  in programming, testing, change management                                oriented security and networking infrastructure
   security standards, including WS-Security,                            and flexibility. For services provisioned and                             to enable Service-oriented and Web-oriented
   WS-SecureConversation, WS-Trust, WS-                                  composed using Java CAPS, the Layer 7 XML                                 architectures (i.e. SOA and Web 2.0) that are
   SecurityPolicy, WS-Policy, WS-I and SAML                              Networking Gateway offers a flexible, scalable                            central to the next wave of Internet and soft-
• Broad content filtering and processing options                         and consistent way to implement, change and                               ware innovation.
   for XML, SOAP, RSS and REST- based messaging                          audit security policies without coding.
• Advanced service virtualization, QoS and                                                                                                         Layer 7 Technologies interacts with Sun Java
   SLA operations for assuring maximal service                           However, the Layer 7 XML Networking Gateway                               Composite Application Platform Suite and Java
   availability and responsiveness                                       can also be used to define and enforce any                                Identity Management Suite to add a layer of
                                                                         WS-Policy- compliant SOA governance policy                                SOA governance controls without compromising
SOA single sign-on and federation                                        including preferences for routing, SLA and QoS.                           performance or flexibility.
Unlike the Web, SOA has no client-side browser                           The XML Networking Gateway can therefore be
analogue to cache session or federation tokens                           used as a general platform for centrally config-
generated by products like Java System Access                            uring and enforcing SOA policies.
Manager or Java System Federation Manager,
complicating Single Sign-on (SSO) and identity

Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 USA Phone 1-650-960-1300 or 1-800-555-9SUN Web
© 2008 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun Logo and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
                                                                                                                                                                            SunWIN#: 528778 Lit.#: SWDS14071-0 03/08

To top