SecureSpan XML VPN Client Solutions SecureSpan
Sharing services across distributed organizations is key to maximizing ROI in any SOA initiative, but it can be a complex undertaking, involving issues of trust, identity management and access control. control
In a Service Oriented Architecture (SOA), where services can invoke (and be invoked by) other services both within and between security domains, ensuring proper authentication and authorization is challenging. The problem lies , challenging in the fact that traditional Identity and Access Management (IAM) solutions are predicated on user raditional user-machine interactions and cannot easily accommodate machine machine interactions. One solution, based on XML-based machine-to-machine XML Web services has been to securely embed identity and access information in every message. However, matching the security details supplied in a Web service consumers request to the security requirements demanded by the Web service provider is a fine balancing act, r he requiring constant updating of both consumer and provider applications within an organization (in addition to regular out-of-band communications between band communication organizations) as industry regulations and corporate requirements change. The SecureSpan XML VPN Client (XVC) streamlines consumer and provider interactions by automatically negotiating the handshake between them. The handshake could be as simple as verifying that the client is permitted to access the service, or as complex as ensuring that the request is properly encrypted, carries the correct credentials, originates from a trusted domain has been digitally signed, and so on. domain, Based on a scalable appliance model, Layer 7 provides a turnkey, reusable, and standards-based method for based overcoming the security challenges in a SOA SOA: The SecureSpan XML Firewall or SOA Gateway (Gateway) is typically installed at the boundary of a Web services security domain, gating inbound access and regulating outbound communication. Available as an appliance, virtual appliance or software, the gateway performs various XML and Web services security enforcement activities, including threat protection, access management, privacy enforcement, data validation, routing, transformation, and auditing auditing. The SecureSpan Manager (Manager) is used to create fine-grained, identity-based entitlements and security anager) based policies for protected Web services. External credential, Public Key Infrastructure (PKI), and Single Sign Sign-On (SSO) sources can also be configured through the Manager Manager. The SecureSpan XML VPN Client (XVC automatically coordinates security preferences between service XVC) consumers and providers.
While all three components work together to solve SOAs identity problems, the XVC is key to automating the solution and reducing total cost of ownership ownership.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Extend Existing Identity Management Infrastructure to SOA
To create a standard security model and lower the IT costs associated with maintaining large numbers of users and their associated access privileges, most organizations have adopted Lightweight Directory Access Protocol (LDAP) directories, Microsoft Active Directories (MSAD), Single Sign-On (SSO) systems or Identity and Access Management (IAM) products (such as CA SiteMinder, IBM Tivoli Access Manager, Novell CentraSite, or Sun OpenSSO). While these are proven solutions for ensuring that users are authenticated and restricted to those resources to which they are entitled, it does nothing to address machine-to-machine interaction, which is a key function of any Services Oriented Architecture (SOA). While current generation LDAP, MSAD, SSO and IAM solutions can be extended to handle machine-based identities, most dont natively support the ability to make decisions based on Web service parameters like URL address, SOAP Action, Operation name or XML element. Moreover, none address the challenge of implementing an identity-based infrastructure in a SOA, which typically requires some form of digital certificate, token or other credential to be embedded in a clients request before that request will be accepted by a target service. New technology is therefore necessary to help machine identities prove who they claim to be, and which resources they can access. The SecureSpan XML VPN Client (XVC) coordinates with the SecureSpan Gateway (Gateway) to overcome this machine-to-machine identity problem. The Gateway is typically implemented at the perimeter of the Web services providers domain, enforcing security policy and controlling access to Web services. Using the SecureSpan Manager (Manager), an administrator can assemble policies that define a set of requirements needed to access a Web service requirements that might include such things as transport protocol, threat safeguards, access permissions, signing and encryption expectations, and other preferences. With the Gateway in place, the XVC can simply be installed on any client machine as a drop in solution to the machine-to-machine communication problem. The XVC automatically intercepts messages destined for the Web services provider, authenticating (and potentially authorizing) on behalf of the requesting application against the appropriate source.
In this way, organizations can quickly extend their existing identity systems to encompass Web services and XMLbased interactions, laying the foundation to bridge independent trust environments while preserving local authentication and authorization processes.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Integrate with Service Providers More Cost-effectively
Centralizing and standardizing organization-wide security requirements in an intermediary is one of the key benefits of introducing the SecureSpan Gateway. Rather than depending on application developers to hard-code security and other infrastructure requirements within an backend application or service provider, subject matter experts create centralized policies that can be implemented and enforced on the Gateway, thereby generating improved development and operational efficiency by eliminating the need to recode, retest and redeploy applications when industry standards and/or corporate security parameters change. In much the same way, organizations can leverage the XVC to effectively abstract out the security and other infrastructure requirements from a service consumer, insulating the client-side application from policy changes and ensuring continuity of business. For example: Insurance providers can realize increased revenues by making it easier for their broker network to do business with them via rich, XML-based applications that wont break when policies change Web services-based travel aggregation sites can derive increased margins by linking in new online tour operators more cost-effectively Global logistics companies can gain a competitive advantage by onboarding new transport services in diverse geographies quicker than the competition Healthcare providers can secure and streamline their interactions with third-party test labs and regional health authorities And so on
Once installed on a client system, the XVC interfaces with service consumers, automatically negotiating policyspecific security, routing, and transaction preferences with the Gateway in real time. Specifically, when client applications attempt to send message requests to a Gateway-protected Web service, the XVC intercepts the request and functions as a client-side proxy, applying necessary protocols, headers, or transformations to messages as required by the policy in force on the Gateway. Policies are automatically retrieved and applied by the XVC to ensure all subsequent messages conform to the updated policy. This ensures rigorous, fine-grained security with automated change control across all integrations, regardless of complexity.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
For deployments that require encryption, the XVC can be used to automate client-side Public Key Infrastructure (PKI) management. In conjunction with the Gateways internal Certificate Authority (CA), the XVC initiates the key exchange, negotiating cryptographic algorithms, and invoking Certificate Signing Requests (CSRs). The XVC can also be used with any existing X.509 certificates or other CAs accessible to the SecureSpan administrator. In this way, organizations can lower their total cost of application development and maintenance; dramatically reduce the deployment time for client applications; create end-to-end security consistency by automatically coordinating security across distributed systems; and future proof their investment by insulating their architecture from changes to industry standards and corporate policies.
Onboard New Acquisitions Quicker
Acquiring companies is often a two-edged sword: while revenue potential escalates, costs balloon as the organizations attempt to integrate their disparate infrastructure. In the long run, the organizations will realize efficiencies by consolidating and standardizing on a single application, platform and infrastructure layer, but in the short term they may be better off functioning as independent but interoperable business units. To do so, however, the organizations will need to overcome problems with identity federation, which quickly arise as IT departments try to bridge identities between separate security domains. Identity bridging is a unique and powerful model that separates authentication and authorization tasks occurring between security domains in a SOA, delegating authentication to the service requestor while preserving control over authorization for the provider hosting the service. Messages bound for a Gateway-protected Web service are intercepted by the XVC, which uses an established key relationship to initiate an authentication request on behalf of the client application against the local authentication source. The resultant artifact of the authentication (i.e., cookie or SAML assertion) and the originating identity are bound into the message by the XVC, signed, sequenced, and forwarded to the providers Gateway for processing. The Gateway then delegates authorization to the service provider by interfacing to the providers trusted authorization source that validates requests.
Administrators can select the authorization model to be used by the Gateway on a service by service basis. When a message is received by the Gateway, subsequent processing depends on the defined Web service security policy for the requestors identity. The Gateway first checks the integrity of the bundled identity, the authentication token, and the message itself. The authentication token is examined to ensure that it has not timed out, an
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
important consideration when using potentially long-lived cookies or SAML assertions. The certificate of the trusted authentication source is used to verify the authenticity and source of the authentication token that is presented. Additional policy processing can also be performed based on specific message elements or various assertion-based requirements that are independent of identity or the authentication token. Tight signed binding of the credentials and authentication evidence, combined with automatic sequencing ensures that no intermediate or replay attacks are possible even if the message is intercepted during transmission. This binding also provides powerful transactional evidence for local auditing and non-repudiation. If the application already has a hard-coded authorization process, or if the incoming identity has no context within the provider-side Web services security domain, the originating identity and token can be stripped out before forwarding the message to the providers application for additional authorization. Again, the local audit trail that exists for all transactions and administrative functions provides positive evidence for non-repudiation or regulatory compliance issues. In this way, organizations can bridge multiple security domains, whether those domains be internal to the organization (for example, across the Chinese Wall separating retail banking from investment banking), separated globally (as between regional branch offices), or between head office and third-party service providers.
The SecureSpan XML VPN Client can be deployed in conjunction with all currently shipping versions of the SecureSpan XML Firewall and SecureSpan SOA Gateway appliances, soft appliances and software versions. To learn more about how Layer 7 can address your needs, call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377or visit us at www.layer7tech.com.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Das könnte Ihnen auch gefallen
- Shoe Dog: A Memoir by the Creator of NikeVon EverandShoe Dog: A Memoir by the Creator of NikeBewertung: 4.5 von 5 Sternen4.5/5 (537)
- Grit: The Power of Passion and PerseveranceVon EverandGrit: The Power of Passion and PerseveranceBewertung: 4 von 5 Sternen4/5 (587)
- Simplify Smart Grid With SOA GatewaysDokument2 SeitenSimplify Smart Grid With SOA GatewaysLayer7TechNoch keine Bewertungen
- Fortune 250 Insurer - SOA Mediation & GovernanceDokument2 SeitenFortune 250 Insurer - SOA Mediation & GovernanceLayer7TechNoch keine Bewertungen
- API Management SolutionsDokument9 SeitenAPI Management SolutionsLayer7TechNoch keine Bewertungen
- A How-To-Guide To OAuth and API SecurityDokument14 SeitenA How-To-Guide To OAuth and API SecurityLayer7TechNoch keine Bewertungen
- National Ministry of Health - SOA SecurityDokument2 SeitenNational Ministry of Health - SOA SecurityLayer7TechNoch keine Bewertungen
- US Intelligence Community - Secure Data SharingDokument2 SeitenUS Intelligence Community - Secure Data SharingLayer7TechNoch keine Bewertungen
- US Army Accessions Command - Managing The Service LifecycleDokument2 SeitenUS Army Accessions Command - Managing The Service LifecycleLayer7TechNoch keine Bewertungen
- Simplify M2M Integration With A SOA GatewayDokument2 SeitenSimplify M2M Integration With A SOA GatewayLayer7TechNoch keine Bewertungen
- Fortune 500 Financial Services Provider - Salesforce IntegrationDokument2 SeitenFortune 500 Financial Services Provider - Salesforce IntegrationLayer7TechNoch keine Bewertungen
- US Department of Transportation - Cloud SecurityDokument2 SeitenUS Department of Transportation - Cloud SecurityLayer7TechNoch keine Bewertungen
- Quebec Finance Ministry - CGI SolutionDokument2 SeitenQuebec Finance Ministry - CGI SolutionLayer7TechNoch keine Bewertungen
- French Telecom (Orange) - Mobile API PublishingDokument2 SeitenFrench Telecom (Orange) - Mobile API PublishingLayer7TechNoch keine Bewertungen
- Belgium French Community (ETNIC) - SEcure Egovernment ServicesDokument2 SeitenBelgium French Community (ETNIC) - SEcure Egovernment ServicesLayer7TechNoch keine Bewertungen
- Ogilvy & Mather - Web Services SecurityDokument2 SeitenOgilvy & Mather - Web Services SecurityLayer7TechNoch keine Bewertungen
- Savvis - Hybrid CloudsDokument2 SeitenSavvis - Hybrid CloudsLayer7TechNoch keine Bewertungen
- Sun Microsystems - SOA Governance For OracleDokument2 SeitenSun Microsystems - SOA Governance For OracleLayer7TechNoch keine Bewertungen
- Secure SOA & Cloud Computing With Layer 7 & SolaceDokument2 SeitenSecure SOA & Cloud Computing With Layer 7 & SolaceLayer7TechNoch keine Bewertungen
- University of Chicago Medical Center - Data Transformation & SecurityDokument2 SeitenUniversity of Chicago Medical Center - Data Transformation & SecurityLayer7TechNoch keine Bewertungen
- Comprehensive SOA & Web Firewalling With Layer 7 & CitrixDokument2 SeitenComprehensive SOA & Web Firewalling With Layer 7 & CitrixLayer7TechNoch keine Bewertungen
- Identity & Access Management For SOA With Layer 7 & NovellDokument2 SeitenIdentity & Access Management For SOA With Layer 7 & NovellLayer7TechNoch keine Bewertungen
- Amerigroup - API Mangement For MobileDokument2 SeitenAmerigroup - API Mangement For MobileLayer7TechNoch keine Bewertungen
- Leading Global Publisher - API OrchestrationDokument2 SeitenLeading Global Publisher - API OrchestrationLayer7TechNoch keine Bewertungen
- Alaska Airlines - Secure Mobile API PublishingDokument2 SeitenAlaska Airlines - Secure Mobile API PublishingLayer7TechNoch keine Bewertungen
- SecureSpan SOA Gateway Gateway & Software AGDokument4 SeitenSecureSpan SOA Gateway Gateway & Software AGLayer7TechNoch keine Bewertungen
- Secure SOA & Cloud Computing With Layer 7 & SolaceDokument2 SeitenSecure SOA & Cloud Computing With Layer 7 & SolaceLayer7TechNoch keine Bewertungen
- Layer 7 Layer 7 Securespan & Cisco Ans Solution SolutionDokument3 SeitenLayer 7 Layer 7 Securespan & Cisco Ans Solution SolutionLayer7TechNoch keine Bewertungen
- Comprehensive SOA & Web Firewalling With Layer 7 & CitrixDokument2 SeitenComprehensive SOA & Web Firewalling With Layer 7 & CitrixLayer7TechNoch keine Bewertungen
- SecureSpan SOA Gateway Gateway & Software AGDokument4 SeitenSecureSpan SOA Gateway Gateway & Software AGLayer7TechNoch keine Bewertungen
- Identity & Access Management For SOA With Layer 7 & NovellDokument2 SeitenIdentity & Access Management For SOA With Layer 7 & NovellLayer7TechNoch keine Bewertungen
- Layer 7 Layer 7 Securespan & Cisco Ans Solution SolutionDokument3 SeitenLayer 7 Layer 7 Securespan & Cisco Ans Solution SolutionLayer7TechNoch keine Bewertungen
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceVon EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceBewertung: 4 von 5 Sternen4/5 (894)
- The Yellow House: A Memoir (2019 National Book Award Winner)Von EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Bewertung: 4 von 5 Sternen4/5 (98)
- The Little Book of Hygge: Danish Secrets to Happy LivingVon EverandThe Little Book of Hygge: Danish Secrets to Happy LivingBewertung: 3.5 von 5 Sternen3.5/5 (399)
- On Fire: The (Burning) Case for a Green New DealVon EverandOn Fire: The (Burning) Case for a Green New DealBewertung: 4 von 5 Sternen4/5 (73)
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeVon EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeBewertung: 4 von 5 Sternen4/5 (5794)
- Never Split the Difference: Negotiating As If Your Life Depended On ItVon EverandNever Split the Difference: Negotiating As If Your Life Depended On ItBewertung: 4.5 von 5 Sternen4.5/5 (838)
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureVon EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureBewertung: 4.5 von 5 Sternen4.5/5 (474)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryVon EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryBewertung: 3.5 von 5 Sternen3.5/5 (231)
- The Emperor of All Maladies: A Biography of CancerVon EverandThe Emperor of All Maladies: A Biography of CancerBewertung: 4.5 von 5 Sternen4.5/5 (271)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreVon EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreBewertung: 4 von 5 Sternen4/5 (1090)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyVon EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyBewertung: 3.5 von 5 Sternen3.5/5 (2219)
- Team of Rivals: The Political Genius of Abraham LincolnVon EverandTeam of Rivals: The Political Genius of Abraham LincolnBewertung: 4.5 von 5 Sternen4.5/5 (234)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersVon EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersBewertung: 4.5 von 5 Sternen4.5/5 (344)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaVon EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaBewertung: 4.5 von 5 Sternen4.5/5 (265)
- The Unwinding: An Inner History of the New AmericaVon EverandThe Unwinding: An Inner History of the New AmericaBewertung: 4 von 5 Sternen4/5 (45)
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)Von EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Bewertung: 4.5 von 5 Sternen4.5/5 (119)
- Her Body and Other Parties: StoriesVon EverandHer Body and Other Parties: StoriesBewertung: 4 von 5 Sternen4/5 (821)
- HI6025 Assignment T3, 2016Dokument3 SeitenHI6025 Assignment T3, 2016Abeer ArifNoch keine Bewertungen
- Christoffel Symbols: PHYS 471: Introduction To Relativity and CosmologyDokument9 SeitenChristoffel Symbols: PHYS 471: Introduction To Relativity and Cosmologyarileo3100% (1)
- Human Rights Project, 2018Dokument25 SeitenHuman Rights Project, 2018Vishal Jain100% (3)
- Alesco User GuideDokument20 SeitenAlesco User GuideXHo D. King Jr.90% (10)
- CHAP 1: STATS & SCIENTIFIC METHODDokument9 SeitenCHAP 1: STATS & SCIENTIFIC METHODJesheryll ReasNoch keine Bewertungen
- ENG01P001S02U00Dokument14 SeitenENG01P001S02U00arghasen2014100% (1)
- Thank You LetterDokument2 SeitenThank You LetterFathina57% (7)
- Foreclosing Modifications - How Servicer Incentives Discourage Loan ModificationsDokument86 SeitenForeclosing Modifications - How Servicer Incentives Discourage Loan ModificationsRicharnellia-RichieRichBattiest-CollinsNoch keine Bewertungen
- 1 Unpacking The SelfDokument13 Seiten1 Unpacking The SelfJEMABEL SIDAYENNoch keine Bewertungen
- Gajendra-Moksha HTMLDokument7 SeitenGajendra-Moksha HTMLankitNoch keine Bewertungen
- About Nysc Ict CD in Imo StateDokument9 SeitenAbout Nysc Ict CD in Imo StateIsoft PexNoch keine Bewertungen
- Internship Report On Nundhyar Engineering & Construction BattagramDokument65 SeitenInternship Report On Nundhyar Engineering & Construction BattagramFaisal AwanNoch keine Bewertungen
- Commercial Bank of Africa Market ResearchDokument27 SeitenCommercial Bank of Africa Market Researchprince185Noch keine Bewertungen
- Lecture 22 NDokument6 SeitenLecture 22 Ncau toanNoch keine Bewertungen
- Sale DeedDokument3 SeitenSale DeedGaurav Babbar0% (1)
- FluteDokument3 SeitenFlutepatrickduka123100% (1)
- Book Review: Alain de Botton's The Art of TravelDokument8 SeitenBook Review: Alain de Botton's The Art of TravelharroweenNoch keine Bewertungen
- GATE Instrumentation Engineering Solved 2013Dokument22 SeitenGATE Instrumentation Engineering Solved 2013Meghraj ChiniyaNoch keine Bewertungen
- Chisholm - Referring To Things That No Longer ExistDokument13 SeitenChisholm - Referring To Things That No Longer ExistMichele Paolini PaolettiNoch keine Bewertungen
- LAB 2 SimulationDokument6 SeitenLAB 2 SimulationArti Stic100% (1)
- Empower Your PenisDokument32 SeitenEmpower Your Penisdakkid65% (23)
- Demand for Money Theory ExplainedDokument31 SeitenDemand for Money Theory Explainedrichard kapimpaNoch keine Bewertungen
- Narrative Techniques To Kill A MockingbirdDokument4 SeitenNarrative Techniques To Kill A MockingbirdJoshua LawrenceNoch keine Bewertungen
- Contracts-Nature and TerminologyDokument19 SeitenContracts-Nature and TerminologyNguyễn Trần HoàngNoch keine Bewertungen
- Healthy Horizons-Butler University Ambulatory Care Appe Rotation SyllabusDokument13 SeitenHealthy Horizons-Butler University Ambulatory Care Appe Rotation Syllabusapi-316593964Noch keine Bewertungen
- Zen and The Art of Trumpet Play - Mark Van CleaveDokument55 SeitenZen and The Art of Trumpet Play - Mark Van Cleavesz.sledz100% (1)
- Book Report Template 02Dokument3 SeitenBook Report Template 02JaredNoch keine Bewertungen
- Module 1 Sociological PerspectivesDokument39 SeitenModule 1 Sociological PerspectivesCristine BalocaNoch keine Bewertungen
- Capital StructureDokument59 SeitenCapital StructureRajendra MeenaNoch keine Bewertungen
