XML Firewalls Aid Services

Two tools will inspect and certify Web content before it enters internal network.

Two technology companies are helping corporate users embrace XML-based information while ensuring the security and integrity of the messages that come into their systems.

Quadrasis and Tarari Inc. this week will each introduce so-called XML firewalls that will offer businesses ways of inspecting XML messages before they enter their systems.

An XML firewall acts like a traditional firewall in that it intercepts traffic and makes redirection or transformation decisions based on policies, but it can also look inside messages, parse the XML content, and make security and routing decisions.

Rich Salz, principal engineer at DataPower Technology Inc., in Cambridge, Mass., said the XML firewalls are crucial for Web services.

"As organizations increasingly make themselves open to XML traffic, theyre going to want to be able to filter or otherwise validate it—and do that the XML way," Salz said. But, he added, "to really succeed, vendors will need hard-core XML expertise."

Quadrasis, a division of Hitachi Computer Products (America) Inc., of Waltham, Mass., this week is rolling out Quadrasis/Xtradyne SOAP Content Inspector, software that inspects and secures Simple Object Access Protocol messages and enables enterprises to take Web services outside their networks. Quadrasis developed the technology in cooperation with Xtradyne Technologies AG, of Berlin.

The tool secures SOAP-to-SOAP communication via proxy servers with authentication, authorization, audit, alarm and policy techniques, said Quadrasis Chief Technology Officer Bret Hartman. It provides single-sign-on technology and can distinguish between standard HTML and SOAP messages. It includes a SAML (Security Assertion Markup Language) attribute assertion and can sign and verify defined SOAP messages.

"SOAP means youre open to the whole world of remote procedure calls," Hartman said. "The point of SOAP is you have a huge hole in the system" that can be exploited, he said.

SOAP Content Inspector provides an additional layer of security for inspecting the validity of the request by mapping authentication from requester to recipient and then adding a SAML token to inspected SOAP applications, Hartman said.

He said the Quadrasis product also links SAML with the WS-Security (Web Services Security) specification developed by Microsoft Corp., IBM and VeriSign Inc.

Ray Wagner, an analyst with Gartner Inc., in Stamford, Conn., said Quadrasis is "very early" in delivering a solution that has WS-Security and SAML working together, but he expects other products to be released from other companies by years end.

"Whats special about the Quadrasis product is that it performs SAML attribute mapping," said Jason Bloomberg, an analyst with ZapThink LLC, also in Cambridge. "In contrast, products like Vordel [Ltd.s] support SAML but delegate the management of the SAML tokens to a third-party product."

Meanwhile, Tarari, a San Diego-based spinoff of Intel Corp. that is launching this week, is announcing its combination hardware/software Tarari Content Processors. The processors act as an XML network appliance, reading and certifying every message as well as performing the SOAP filtering.

The technology, which can also handle issues beyond Web services, has been in development for about a year at Intel, said President and CEO Randy Smerik. It is in beta now and will ship in December.

An XML architect from a Fortune 500 financial services company said his company uses Westbridge Technology Inc.s XML Application Firewall.

"One of the critical problems we have is integrating the security schemes of the disparate Web services we are connecting," said the architect, who requested anonymity. "With the Westbridge product, we can provide interoperability of multiple heterogeneous systems, now and going forward. We do not have to modify or add any code in our business systems for it to work."

Related stories:

  • PeopleSoft Backs Sybase
  • PeopleSoft Turns A Profit