Web Services DBC - the Enterprise XML/SOAP Firewall
| General Features | |
|---|---|
| Full application security for Web Services as XML/SOAP firewall | Deep packet inspection for all SOAP messages. Each message is checked for syntax and content. |
| Web Services/SOAP security without programming | This SOAP Security gateway can be transparently integrated into your application and network infrastructure. No application code changes are required. |
| Security integration of various service platforms | By supporting open standards, this SOAP firewall integrates with all Web Services platforms and also with other vendors' security services. |
| Unified security management | Security management of heterogeneous service platforms can be centralized instead of managing island solutions for each service platform. |
| Simple intuitive security administration | This SOAP firewall comes with a convenient and easy-to-use graphical user interface. |
| Incoming and outgoing access control | The WS-DBC can be used to protect services as well as to control outgoing data. |
| Expressive and powerful security policy model | Detailed and fine-grained security policies can be defined to control authentication, authorization, and audit. Authorization policies are based on concepts such as groups, roles, authentication levels, etc.. |
| High-performance and throughput, low latency | Highly performance-optimized, native code implementation. |
| Linear scalability, High-availability |
The WS-DBC supports several clustering technologies for load balancing and high-availability. |
| Full support for business federation through federated trust | The WS-DBC provides full support for secure business role assignment and authorization for extranet and B2B scenarios. Enterprises benefit from deploying SOAP firewalls on both partner enterprises to easily map credentials and integrate security policies. |
| Security Features | |
|---|---|
| Virtual service endpoints | By exposing virtual service addresses to clients, the WS-DBC insulates actual services from direct access and supports flexible mappings from virtual to actual services. |
| Fine-grained, role-based access control | The WS-DBC provides advanced policy concepts that let administrators write policies that are both expressive and scalable. |
| Rich set of authentication mechanisms | The following authentication mechanisms are supported: X.509, SAML, HTTP Basic Authentication, RSA SecurID, IP addresses, public. |
| Web Services standards | The WS-DBC fully supports the following Web Services standards: WSDL, SOAP, SOAP attachments, XML Digital Signature, XML Encryption, WS-Security, SAML, XACML. |
| Message validation | The WS-DBC can validate SOAP messages using XML Schema to enforce conformance of incoming XML data with the data types expected by the application. |
| Message filtering | Administrators can conveniently define expressive message filters to enforce content-based access control and thus thwart application-level attacks, such as SQL injection. |
| Message integrity | Message authenticity and integrity is protected using XML Digital Signature. |
| Message confidentiality | XML encryption to protect messages against eavesdropping and single block analysis. |
| Transport security, encryption |
TLS/SSL for all communication links, additionally IP-based authentication. |
| Security Policy Server | Centralized security management with separate enterprise policy server component, which can be securely deployed in a trusted network. |
| Credentials mapping | The WS-DBC provides flexible and freely configurable credentials mappings for B2B scenarios. |
| Online Certificate Status Protocol (OCSP) | OCSP is supported to check for credential revocations. |
| Management Features | |
|---|---|
| Simple exposure of Web Services | WSDL descriptions can be conveniently imported. |
| Enterprise integration with LDAP support | Policies can be stored either in flat files or in enterprise LDAP directories (iPlanet, Active Directory), thus enabling integration with existing user and group management. |
| Support for multiple, concurrent administrator access and role-based administration rights |
The WS-DBC is designed for enterprise deployment and fully supports concurrent administrator access, which is controlled by role-based definition of administrator permissions. |
| Auditing and Monitoring | The WS-DBC provides command line interfaces and graphical user interface features for run-time auditing and monitoring. |
| Secure logging | Logging mechanisms are separated from enforcement mechanisms and protected in the policy server. |
| Policy versioning and rollback | The WS-DBC internally versions policy and configuration data and supports rollbacks to previous versions in case of administrator errors. |
| Delegated security management per application | Responsibility for single applications can be separated and delegated according to the existing organization. For example, the firewall security group only administers perimeter security issues; whereas for each application, the responsible operation team defines and manages application specific security. |
printable version
