The virtually instantaneous, open application integration promised by XML Web services offers organizations the rapid response capability to new business opportunities. Enterprises are leveraging web services to interact with their business partners and also to make the application-to-application interaction easier and more open. While this is very attractive, it also gives rise to new threat models and relies on establishing and managing trust among participating businesses and applications. Providing effective security to web services requires addressing following areas:

XML Firewalls (or application gateways) - These solutions address various threat models that are unique to web services. In addition to security, these are also leveraged to ensure schema matching, compliance and ease of integration. As a side effect, these are also leveraged by application developers for troubleshooting web services applications. These solutions are available as software solutions or hardware appliances. InfoRender practitioners have expertise in most leading XML firewall products including following:

  • Reactivity
  • Data Power

Key Management - Web services applications typically end-up sending messages to participating applications and may require encryption or signing of sensitive data. Some enterprises have full blown PKI infrastructures available for use while others may require a more light-weight key management to address these requirements.

Credential Forwarding and Federation - Several large software vendors have been working together on security standards for Web Services. WS Security standard has become a de-facto industry standard. Applications typically need to convert originating user credentials/session to WS security headers for participating applications. If participating applications extend to cross-business, cross-company applications, there may also be a need for Identity Federation using SAML, etc.

InfoRender practitioners have experience with addressing the complete Web Services security landscape encompassing all of the areas identified above.

We provide the following services in this particular domain:

  • Project Management - working with business, security, application development and operations groups to manage expectations and manage overall solution delivery.
  • Proof-of-concept - to evaluate products against customer requirements, including benchmarking for performance, examining failover, load balancing and fault tolerance.
  • Development
  • Policy Configurations
  • Custom Development - WS security, SAML, key management, etc. to extend and complement vendor product functionality
  • Application Integration - integration and end-to-end testing
  • Product/ Service Deployment
  • XML Firewalls
  • Key Management service
  • General Support
  • 24x7 outsourced support for the XML firewall and key management service

Contact Us       |     Privacy Policy
Copyright © 2000-2010 InfoRender Security Technologies®, Inc. All rights reserved.		 Top of Page