Securing XML Web Services

DataPower's new XML security appliance combines XML processing performance enhancements with security features.

DataPower Technology Inc. Monday announced a new XML security appliance and a major new customer for it.

DataPowers XS40 XML security appliance combines XML processing performance enhancements with security features.

Cambridge, Mass.-based DataPower also announced a deal with RouteOne LLC, a Southfield, Mich.-based joint venture formed by DaimlerChrysler Services, Ford Motor Credit Company, GMAC and Toyota Financial Services, where RouteOne will use the DataPower XS40 XML Security Gateway to secure its credit application management system.

Eugene Kuznetsov, founder, president and chief technology officer at DataPower, said the XS40 is the second member of the companys XML-aware networking appliance family, following the DataPower XS35 XML Accelerator, which addressed XML application performance.

"Were now getting into the security space," Kuznetsov said. The company plans to address XML "performance, security and management," he said.

Kuznetsov said all the XML security specifications —including WS-Security, SAML [Security Assertion Markup Language], XML Encryption, XML Signature and others— require extra processing, which could force some enterprises to choose between performance and security.

While enhancing performance, the DataPower XS40 features XML/SOAP [Simple Object Access Protocol] encryption, filtering, digital signatures and data validation at the message level or XML field level, Kuznetsov said. The appliance also features service virtualization, Secure Sockets Layer acceleration, XML Web services access control, XML/SOAP routing and centralized policy management.

To help test the capabilities of the XS40, DataPower contracted with @Stake Inc., a Cambridge, Mass.-based digital security-consulting firm. Christopher Darby, CEO of @stake, said the XS40 passed the test for providing XML Web services security.

DataPower made the XS40 "future proof," Kuznetsov said. He said the products "agility" lies in its foundation of adherence to XML standards. "The specs are still evolving and our approach has always been XML-centric," he said. That means changes to the code or changes to XML specifications will be easily addressed, he added.

RouteOne, which built its online loan application on XML and Web services, needed a security solution and chose the XS40 after looking at other options, said Joel Gruber, chief information officer at RouteOne.

Gruber said RouteOne needed a proven security solution for its system—a platform for exchanging credit application and decision information between automobile dealers and banks and other finance sources. Gruber said RouteOne would process up to 40 million credit applications a year.