|
|
|
Web Services DBC - the Enterprise XML/SOAP Firewall
| General Features |
|
Full application security for Web Services as XML/SOAP
firewall
|
Deep packet inspection for all SOAP messages. Each message is checked for syntax and content.
|
| Web Services/SOAP security without programming |
This SOAP Security gateway can be transparently
integrated into your application and network
infrastructure. No application code changes are
required.
|
| Security integration of various
service platforms |
By supporting open standards, this SOAP firewall
integrates with all Web Services platforms and also
with other vendors' security services. |
| Unified security management |
Security management of heterogeneous service
platforms can be centralized instead of managing
island solutions for each service platform.
|
| Simple intuitive security administration |
This SOAP firewall comes with a convenient and
easy-to-use graphical user interface. |
| Incoming and outgoing access control |
The WS-DBC can be used to protect services as well as to control outgoing data. |
| Expressive and powerful security policy model |
Detailed and fine-grained security policies can be
defined to control authentication, authorization,
and audit. Authorization policies are based on
concepts such as groups, roles, authentication
levels, etc.. |
| High-performance and throughput, low latency |
Highly performance-optimized, native code implementation.
|
Linear scalability,
High-availability |
The WS-DBC supports several clustering
technologies for load balancing and
high-availability. |
| Full support for business
federation through federated trust |
The WS-DBC provides full support for secure
business role assignment and authorization for
extranet and B2B scenarios. Enterprises benefit from
deploying SOAP firewalls on both partner enterprises
to easily map credentials and integrate security
policies.
|
| Security Features |
| Virtual service endpoints |
By exposing virtual service addresses to clients,
the WS-DBC insulates actual services from direct
access and supports flexible mappings from virtual
to actual services. |
| Fine-grained, role-based access control |
The WS-DBC provides advanced policy concepts that
let administrators write policies that are both
expressive and scalable. |
| Rich set of authentication mechanisms |
The following authentication mechanisms are
supported: X.509, SAML, HTTP Basic Authentication,
RSA SecurID, IP addresses, public.
|
| Web Services standards |
The WS-DBC fully supports the following Web Services
standards: WSDL, SOAP, SOAP attachments,
XML Digital Signature, XML Encryption, WS-Security, SAML, XACML.
|
| Message validation |
The WS-DBC can validate SOAP messages using XML Schema to
enforce conformance of incoming XML data with the data types
expected by the application. |
| Message filtering |
Administrators can conveniently define expressive message
filters to enforce content-based access control and thus
thwart application-level attacks, such as SQL injection. |
| Message integrity |
Message authenticity and integrity is protected
using XML Digital Signature. |
| Message confidentiality |
XML encryption to protect messages against eavesdropping
and single block analysis. |
Transport security,
encryption |
TLS/SSL for all communication links, additionally IP-based authentication. |
| Security Policy Server |
Centralized security management with separate
enterprise policy server component, which can be
securely deployed in a trusted network. |
| Credentials mapping |
The WS-DBC provides flexible and freely
configurable credentials mappings for B2B
scenarios. |
| Online Certificate Status Protocol (OCSP) |
OCSP is supported to check for credential revocations. |
| Management Features |
| Simple exposure of Web Services |
WSDL descriptions can be conveniently imported. |
| Enterprise integration with LDAP support |
Policies can be stored either in flat files or in
enterprise LDAP directories (iPlanet, Active
Directory), thus enabling integration with existing
user and group management. |
Support for multiple,
concurrent administrator access and role-based administration rights |
The WS-DBC is designed for enterprise deployment
and fully supports concurrent administrator access,
which is controlled by role-based definition of
administrator permissions.
|
| Auditing and Monitoring |
The WS-DBC provides command line interfaces and
graphical user interface features for run-time auditing
and monitoring. |
| Secure logging |
Logging mechanisms are separated from enforcement mechanisms
and protected in the policy server.
|
| Policy versioning and rollback |
The WS-DBC internally versions policy and configuration data
and supports rollbacks to previous versions in case of
administrator errors.
|
printable version
|
