XML Firewalls Aid Services

 
 
By Darryl K. Taft  |  Posted 2002-08-19 Email Print this article Print
 
 
 
 
 
 
 

Two tools will inspect and certify Web content before it enters internal network.

Two technology companies are helping corporate users embrace XML-based information while ensuring the security and integrity of the messages that come into their systems.

Quadrasis and Tarari Inc. this week will each introduce so-called XML firewalls that will offer businesses ways of inspecting XML messages before they enter their systems.

An XML firewall acts like a traditional firewall in that it intercepts traffic and makes redirection or transformation decisions based on policies, but it can also look inside messages, parse the XML content, and make security and routing decisions.

Rich Salz, principal engineer at DataPower Technology Inc., in Cambridge, Mass., said the XML firewalls are crucial for Web services.

"As organizations increasingly make themselves open to XML traffic, theyre going to want to be able to filter or otherwise validate it—and do that the XML way," Salz said. But, he added, "to really succeed, vendors will need hard-core XML expertise."

Quadrasis, a division of Hitachi Computer Products (America) Inc., of Waltham, Mass., this week is rolling out Quadrasis/Xtradyne SOAP Content Inspector, software that inspects and secures Simple Object Access Protocol messages and enables enterprises to take Web services outside their networks. Quadrasis developed the technology in cooperation with Xtradyne Technologies AG, of Berlin.

The tool secures SOAP-to-SOAP communication via proxy servers with authentication, authorization, audit, alarm and policy techniques, said Quadrasis Chief Technology Officer Bret Hartman. It provides single-sign-on technology and can distinguish between standard HTML and SOAP messages. It includes a SAML (Security Assertion Markup Language) attribute assertion and can sign and verify defined SOAP messages.

"SOAP means youre open to the whole world of remote procedure calls," Hartman said. "The point of SOAP is you have a huge hole in the system" that can be exploited, he said.

SOAP Content Inspector provides an additional layer of security for inspecting the validity of the request by mapping authentication from requester to recipient and then adding a SAML token to inspected SOAP applications, Hartman said.

He said the Quadrasis product also links SAML with the WS-Security (Web Services Security) specification developed by Microsoft Corp., IBM and VeriSign Inc.

Ray Wagner, an analyst with Gartner Inc., in Stamford, Conn., said Quadrasis is "very early" in delivering a solution that has WS-Security and SAML working together, but he expects other products to be released from other companies by years end.

"Whats special about the Quadrasis product is that it performs SAML attribute mapping," said Jason Bloomberg, an analyst with ZapThink LLC, also in Cambridge. "In contrast, products like Vordel [Ltd.s] support SAML but delegate the management of the SAML tokens to a third-party product."

Meanwhile, Tarari, a San Diego-based spinoff of Intel Corp. that is launching this week, is announcing its combination hardware/software Tarari Content Processors. The processors act as an XML network appliance, reading and certifying every message as well as performing the SOAP filtering.

The technology, which can also handle issues beyond Web services, has been in development for about a year at Intel, said President and CEO Randy Smerik. It is in beta now and will ship in December.

An XML architect from a Fortune 500 financial services company said his company uses Westbridge Technology Inc.s XML Application Firewall.

"One of the critical problems we have is integrating the security schemes of the disparate Web services we are connecting," said the architect, who requested anonymity. "With the Westbridge product, we can provide interoperability of multiple heterogeneous systems, now and going forward. We do not have to modify or add any code in our business systems for it to work."

Related stories:
  • PeopleSoft Backs Sybase
  • PeopleSoft Turns A Profit
  •  
     
     
     
    Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Thanks for your registration, follow us on our social networks to keep up-to-date
    Rocket Fuel