Securing & Managing XML & Web Services in the Enterprise
There are two related forces that are transforming information technology today: the rapid growth of XML traffic on the network, and the widespread adoption of Web Services as a way of reducing the cost of integration and moving traditional enterprise architectures to flexible, Service-oriented architectures. Enterprises must plan ahead if they want to be able to manage the XML and Web Services on their networks. Even more importantly, enterprises must take care to provide uninterrupted security for their IT environments. In the face of these changes, XML and Web Services introduce new security concerns for the IT manager, and new technology tools, including XML firewalls, offer the missing pieces of security that today’s enterprises need.[hide -1]Download File[/hide][hide +0]Register to Access this Document[/hide]…

Read More

ZapNote: Quadrasis
Quadrasis is using the power of Web Services to build a broad enterprise security architecture framework. They approach the enterprise IT environment from the top down, addressing the security requirements for the full breadth of heterogeneous systems in a typical enterprise. Their flagship product, EASI Security Unifier, provides a "virtual security service" for the enterprise, abstracting the individual security requirements of each system using the open standards of Web Services, and in particular, the Security Assertion Markup Language (SAML).[hide -2]Download File[/hide][hide +1]Purchase: $395[/hide]…

Read More

XML Proxies
Key Findings: XML Proxies are hardware or software solutions that actively listen for XML traffic on the network and either pass it along unmodified or perform some action on the XML content. XML Proxies can operate transparently as an XML “gateway” or as auxiliary applications on the network. ZapThink estimates that XML represents less than 2% of all traffic on the enterprise network in 2002; however, this percentage is expected to increase to almost 25% of all LAN network traffic by 2006. Current firewall and proxy solutions are inadequate to handle XML traffic. Instead of being simply network protocol-aware, XML Proxies are XML-aware. XML Proxies are capable of examining traffic at the content level, and can optionally handle other message types such as HTML or EDI. XML Proxies will converge on a single set of functionality for handling corporate-wide XML security, management, routing, transformation, and performance enhancement. As XML Proxy…

Read More

ZapNote: Vordel
Of all the different types of XML Proxies, the software XML firewall is one of the simplest to understand. It intercepts incoming XML messages, validates them, determines whether they are properly authorized, and routes them accordingly. Vordel’s VordelSecure product is a software XML firewall that runs on a Web server, therefore leveraging the capabilities of the Web server to provide high-performance security protection to the enterprise. Furthermore, VordelSecure supports a wide range of open standards and specifications and interoperates with many popular Web Services platforms, making it a likely choice for many enterprises looking to protect their Web Services from unauthorized or malicious traffic.[hide -1]Download File[/hide][hide +0]Register to Access this Document[/hide]…

Read More

ZapNote: RSA Security
RSA Security has been in the encryption business since day one, and they have since successfully leveraged their early leadership to offer a range of security products and technologies in the application security space. RSA offers encryption components that form the basis of many of the evolving XML security efforts on the market today, such as XML Digital Signature, and their pioneering work with the Security Assertions Markup Language (SAML) has affirmed their position as a leader in the identity management product space. [hide -1]Download File[/hide][hide +0]Register to Access this Document[/hide]…

Read More

The Liberty Alliance: Circle of Mistrust
After almost a year of work, the Liberty Alliance (http://www.projectliberty.org) launched its first set of specifications, giving users simplified sign-on to Web sites from any platform or device as well as federated identity across multiple systems. The Liberty Alliance, led by Sun Microsystems, features an enterprise-heavy membership roster, including General Motors, Sony, American Express, United Airlines, Nokia, and dozens of others. The idea behind Liberty is relatively straightforward, and is best illustrated with an example. ABC Airlines and XYZ Car Rental Company decide to create an affinity group, or “circle of trust.” Mary is a frequent traveler and has accounts on both ABC’s and XYZ’s Web sites. She logs into ABC’s Web site. Her welcome page prompts her with the following message: “You may share (or federate) your ABC online identity with members of our affinity group, which includes XYZ.” Mary likes the idea, so she gives…

Read More

ZapNote: Symantec
For many software vendors, Web Service-enabling their product line is a daunting task. For such companies, Web Services represent more than simplified integration; they often represent a new approach to building and delivering software. Symantec, on the other hand, considers moving to Web Services a straightforward evolutionary product development step. The difference? Symantec has been delivering software as an automatic service for years, under their LiveUpdate brand. For Symantec, Web Services provide them an open standards-based approach to providing customer value following a business model they have already perfected. [hide -2]Download File[/hide][hide +1]Purchase: $395[/hide]…

Read More

ZapNote: Phaos Technology
Building application security software is very difficult, and Phaos Technology focuses on building the most difficult parts — the components and tools that enable other software vendors to build security into their products. Phaos’ deep expertise in the application security field provides them with the in-depth knowledge they need to build the nuts and bolts of XML and Web Services security. Phaos is one of the few credible Web Services security tools vendors in the market today since they possess a solid list of large enterprise customers, as well as unique insight into the needs of the financial services world that comes from being a division of a bank. [hide -1]Download File[/hide][hide +0]Register to Access this Document[/hide]…

Read More