Runtime Governance for SOA and Cloud Computing

XML Gateway

Subscribe to XML Gateway: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get XML Gateway: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

XML Magazine on Ulitzer These days,  XML Gateways are a core infrastructure component of any enterprise SOA deployment.  XML Gateways provide the ability to integrate services securely with granular access control, data-level encryption, integrity through signatures and XML threat mitigation.  XML Gateways can be deployed as a hardware appliance or as a software gateway ( also as cloud based instances).  Both of these form factors have their advantages and disadvantages.  This article provides readers with a quick synopsis of the pros and cons of each form factor. XML Gateway Hardware Appliance: Advantages: Accelerated SSL and XML Security operations. Tamper proof security of PKI keys via Hardware Security Module (HSM). Ease of installation and manageability. High level of security assurance since a hardware appliance runs dedicated XML Gateway security firmware. Be... (more)

XML Security Trust and Threat Models for Dummies

It is very rare today to find a business application that has not exposed its interface via SOAP/XML. XML is the building block that enables business or consumer applications to exchange data in a standard structured format.  The exchange of XML data typically takes place through an SOAP/XML interface based on the Web Services standard or through the REST-based standard.  These flexible standards that richly describe interface functions of an application also introduce a host of XML and Web Services security vulnerabilities.  This article is a quick guide to most common XML and Web Services security vulnerabilities and the two basic security models they follow. XML and Web Services Security can be categorized into Trust and Threat Models.  The Threat Model helps identify both inbound and outbound threats and provides means of re-mediating such threats.  Trust Models... (more)

Vint Cerf and Multi-Cloud Mayhem of Cloud Computing

If you're having trouble getting your head around a single cloud deployment, please feel free to skip this article. Now if you're someone who thinks that most IT resource will eventually live in a private or public cloud-based domain, you're not alone, and you may start looking into how best to work in a multi-cloud environment. Paul Krill's article "Cerf urges standards for cloud computing" highlights cloud interoperability and portability issues discussed by Vint Cerf, co-designer of the TCP/IP protocol that forms the back bone of modern communication. It behooves us to consider Cerf's viewpoint on what's required for successful cloud computing.  Some of the points that he makes are as follows: Authentication/Security According to Cerf, "Strong authentication will be a critical element in the securing of clouds."  We know that authentication is a core for establishing... (more)

Strategies for Securing Enterprise-to-Cloud Communication

The Cloud Security Alliance (CSA) published Version 2.1 of its Guidance for Critical Areas of Focus in Cloud Computing with a significant and comprehensive set of recommendations that enterprises should incorporate within their security best practices if they are to use cloud computing in a meaningful way. The Guidance provides broad recommendations for operational security concerns including application security, encryption & key management, and identity & access management. In this article, we will consider security implications of REST- and SOAP-based communication between consumers and specifically, Infrastructure as a Service (IaaS) providers. Cloud Application Security Cloud application security requires looking at classic application security models and extending these models out to dynamic and multi-tenant architectures. While planning for cloud-based applic... (more)

Forum Systems Latest XML Gateway Targets SOA Federation

Looks like Forum Sentry, the pioneer and leader of XML Gateway and XML Firewall technology has announced its latest product that now addresses the growing need for handling not just XML/Web services traffic, but also HTML/Portal traffic. From a technology standpoint, this is not a revolutionary jump, but a gradual evolution of the XML Gateway that now handles HTTP/HTML-header information, which is by far easier than looking deeper into the XML packets. However, the business implication of this is significant since companies can now use a single platform for HTML and XML processing. Continuing to set the benchmark for securing Web services, key new capabilities available via Forum Sentry include: HTML Portal Virtualization – Deployed in a “proxy” setting, Forum Sentry removes the identity and security burden from Web sites and portals. Leveraging Single Sign On (SSO... (more)

How to Use XML Gateway with Asynchronous Web Service Using WS-Addressing

In general synchronous web-services are simpler and more common than asynchronous web services. I like them, because for 99% of cases, the security can be done at the transport level using 2-way SSL. Asynchronous web-services introduce additional security challenges - mainly that messages are likely to be in memory or on disk where the transport is not there to keep the contents of the message secure. The purpose of this post is not to explore the security challenges of using asynchronous web-services, but another complexity - proper handling of web-services callbacks through an intermediary. One of the main uses of an XML gateway is to encapsulate the end-point of the actual service from the caller. This approach is aligned with SOA best practices, but from a security perspective not letting people know where your service actual lives is a really good idea. This p... (more)

Congratulations to Burton Group

Looking down my blogroll earlier today, I see "A message from Jamie Lewis". Jamie is the CEO of Burton Group, and always worth listening to, especially at his Catalyst talks. So, I click on the link and read that Burton has been acquired by Gartner! Analyst consolidation continues into 2010... Congratulations to all at Burton, especially Richard Watson who spoke at Vordel's conference last November, Anne Thomas Manes whose views on SOA are quite literally a matter of life and death, and Phil Schacter who has been tracking Vordel since 2001. ... (more)

SOA Appliance for Cloud Computing

Cloud Expo on Ulitzer Forum Systems unveiled a first-of-its-kind identity broker hardware appliance, Forum STS. Web services-based Service Oriented Architectures (SOA) enable communication via ubiquitous standards such as XML and SOAP. To foster efficient, effective message exchange and satisfy increasing user demands for real-time, aggregated information from internal and external business partners, trust must be established among all entities. Comprehensive mediation, authentication, and authorization of identity exchange among customer and partner portals, Web applications, and XML-based Web services provide the business with a simplified, coherent model for identity management and build the pillars of Federated SOA. Addressing these requirements, Forum STS produces and consumes identity tokens in varying protocol and message formats. Performing identity tran... (more)

API Security: OWASP 2017 RC1 Gets It Right | @CloudExpo #API #SOA #Microservices

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step taken by the web application security thought leaders and is a clear indication of where the industry is heading. Security professionals have all the tools and awareness to fence in applications, databases and legacy systems through firewalls. OWASP has served the security professionals well... (more)

Forum Systems Drives SOA Federation for Enterprises and Government Organizations

Forum Systems, a wholly owned subsidiary of Crosscheck Networks, Inc., today unveiled the latest version of its flagship product, Forum Sentry. The announcement was made in conjunction with the OWASP AppSec 2009 Conference, the largest application security conference in the United States, taking place this week at the Walter E. Washington Convention Center in Washington, DC. Processing more than one billion transactions per day worldwide, the FIPS- and DoD-certified Forum Sentry XML Gateway offers the industry’s most comprehensive protection against XML- and SOAP-based vulnerabilities. Extending its data integration capabilities to self-service portals and Web applications, Forum Sentry now provides enterprises and government agencies with the foundation for achieving SOA federation. By fostering this deeper, more meaningful Web experience, Forum Sentry enables gre... (more)

Crosscheck Networks Introduces Industry-First Federated SOA Testing Product

Crosscheck Networks, Inc., a leader in Web services testing, simulation and security, today announced immediate availability of SOAPSonar 5.0. This latest release empowers enterprises, for the first time, to test functional and performance characteristics of unlimited-sized Web services attachments via streaming of structured and unstructured data based on industry standards such as MTOM and MIME. Notably, in this new release SOAPSonar also offers support for WS-Trust, SAML 2.0, and WS-identity tokens ensuring a best-practices approach to federated identity management for strict authentication and authorization testing. “Moving to an SOA doesn’t mean that you’ve solved the issue of how to move large files throughout your environment,” said L. Frank Kenney, Research Director for Gartner, Inc. “Because the complexity and size of files and thus attachments is growing e... (more)