October 2008
Enterprise SOA with SecureSpan and JavaCaps
Francois Lascelles, P. Eng.Technical Director, Europehttp://www.layer7tech.com
October 2008
Why an XML appliance?
Web Services
Message level aware intermediary between services and requesters
October 2008
Policy Enforcement Point Model
Web Services
Delegate common or expensive XML related tasks from your services to your infrastructure
PEP validates policy compliance, applies security decorations, transformations, records statistics, intercepts problematic messages before they reach your services.
October 2008
Delegating Security
XML Gateway enforces security for incoming traffic on behalf of protected services.
XML Gateway secures outgoing traffic on behalf of protected services. protected
services
October 2008
Delegating SLA
Members of group foo can consume X times service A or service B
Service A
Service B
Client side SLA coordinated across services
October 2008
Business Logic Delegation
•Distribution of responsibilities between applications and infrastructure has shifted•Moving business logic to infrastructure enables more loosely coupled systems•Centralization of policies enables governance
•Authentication•Authorization•SLA•Validation•Encryption•Transformation
October 2008
SecureSpan Solution Advantages, Differentiators
Sophisticated policy language enables complex governance requirements
Available as hardware appliance and as software
Quick deployment, ease of use
Extensible through java APIs
Instant policy application (no service downtime)
Standards based
Industry leadership
October 2008
Layer 7 SecureSpan XML VPN
Application or ESB
Services
XML VPN proxy component
XML VPN downloads WS-Policy document applicable to service being invoked and decorates outgoing messages on behalf of requester.
October 2008
SecureSpan and JavaCaps ESOA Foundation
SecureSpan and JavaCaps complement themselves to provide the foundation of your Enterprise SOA
Use each products’ strengths, rely on standards based integration mechanisms.
ex:
Use SecureSpan for:•Zone/Transport bridging•XML intensive processing•Centralized policy enforcement
Use jCaps for:•Adapters•Service composition•Messaging infrastructure
October 2008
Zone bridging
DMZSecureSpan Gateway used as an edge device bridging secured zones
• Routing• Transport mapping• Synchronous to asynchronous handling• Access control• Managing trust relationships• Threat protection• Throttling• Outgoing security decorations
jCaps
October 2008
ESB Co-Processor Pattern
ESB
SecureSpan used as a service endpoint
Delegation to specialized co processor:
- Content validation- XML digital signature- XML encryption- SLA- XML transformation
October 2008
STS Pattern
SecureSpan used as an STS integrating with SUN Access Manager issuing security tokens and SAML statements for JavaCaps requesting process
Access Manager
ESB
Decoupled identity management and token
issuing
October 2008
Thank you
For SUN+Layer 7 info, visithttp://www.sun.com/layer7
Top Related