Securely Managing and Exposing Web Services & Applications

Size: px
Start display at page:

Download "Securely Managing and Exposing Web Services & Applications"

Transcription

1 Securely Managing and Exposing Web Services & Applications Philip M Walston VP Product Management Layer 7 Technologies

2 Layer 7 SecureSpan Products Suite of security and networking products to address the full spectrum of XML deployments: Service Oriented Architectures (SOA) Web 2.0 and Web Oriented Architectures (WOA) AJAX, REST, mainframe and non-soap applications ESB, Portal, B2B and Application Oriented Networking

3 XML Security and Networking Completes SOA Stack SOA Stack Development Tools & Application Servers Service Registry and Usage Policy Enterprise Service Bus Web Services Management XML Security & Networking Gateways Microsoft.Net Systinet/HP Sonic/Progress Amberpoint Layer 7 IBM WebSphere Infravio/SAG IBM ESB SOA Software DataPower/IBM Oracle 10g Flashline SAP Netweaver Actional Reactivity/Cisco BEA WebLogic WebLayers Tibco Oracle WSM Vordel JBoss Opensource LogicLibrary CapeClear CA WSDM Eclipse Microsoft WebMethods/SAG IBM Tivoli Cam Parasoft IBM BEA Aqualogic Blue Titan Sun HP SOA Center Oracle Fusion Software AG Cordys PolarLake

4 Deployment Example B2B Services Deployed as intermediary XML/WS service proxy Straddles security/trust boundaries Declarative message level security Assertion-based policy language Service Endpoints (Secure Zone) Internal Firewall External Firewall Corporate Identity Server Business Partners SecureSpan XML Firewall Cluster DMZ SecureSpan Manager

5 SecureSpan Extensible Policy Framework Access Control HTTP basic authentication HTTP digest authentication HTTP cookie authentication HTTP client-side certificate authentication WS-Security Username Token Basic WS-Security Signature Encrypted Username Token SAML Authentication WS-Trust credential exchange WS-Federation Passive Credential Request/Exchange XPath Credentials SAML Browser Artifact WSS Kerberos Identity Identity in internal provider Identity in external LDAP provider Identity in external MS-AD provider Identity in CA SiteMinder Identity in Tivoli Access Manager Identity in RSA ClearTrust Identity in Sun Java Access Manager Identity in Tivoli Federated Identity Manager Identity in Microsoft ADFS Identity in Oracle Access Manager Message Validation and Threat Protection Throughput quota Validate schema Evaluate Request / Response XPath Evaluate regular expression XSL Transformation Translate HTTP Form to MIME Translate HTTP Form from MIME WSI-BSP Compliance WSI- SAML Compliance WS-SecurityPolicy Compliance SQL Attack protection Request size limit Document structure threats Symantec virus scanning XML Security Sign request Encrypt request Sign response Encrypt response Require timestamp in request Add signed timestamp to response Request and response signed timestamps Add signed security token to response WSS-Replay attack prevention

6 SecureSpan Extensible Policy Framework Cont d Message Routing Route to destination using HTTP(S) Route to destination using SecureSpan Bridge Route to destination using MQSeries / JMS Route to destination(s) based on availability Template Response Echo Response Policy Logic Comment Comparison Evaluate logical OR Evaluate logical AND Continue processing Stop processing Set variable Service Availability Time of day restrictions Source IP range restrictions Throughput quota Logging and Auditing Audit assertion Audit detail assertion Send SNMP trap Send message

7 SecureSpan Manager

8 Gateway Scalability and Availability Horizontal scalability Replay attack prevention across the cluster HTTP Load Balancer Transparent replication of policy across the cluster Single point of management across cluster

9 Deployment Example Government Layered trust zones with internal firewalls Defined security and access protocols Internal Firewall Internal Firewall Public Zone Trusted Zone Restricted Zone

10 Deployment Example Government XML Firewalls straddle trust zones Gate access to applications Provide audit trail SecureSpan XML Firewall Cluster SecureSpan XML Firewall Cluster Public Zone Trusted Zone Restricted Zone

11 Deployment Example ESB Co-Processor Security as service for ESB Signing, encryption Schema validation, transforms Enterprise Service Bus SecureSpan XML Accelerator Cluster

12 Deployment Example - Wide-Area Routing Fabric Business Partner With SecureSpan Appliances Business Partner With SecureSpan Appliances Business Partner With SecureSpan Appliances SecureSpan XML Networking Gateway Cluster

13 Case Study Insurance Self-Service Client Situation: Insurance company with relatively current infrastructure Wanted to extend self-service access to policy-related information to three audience Internal CSRs, existing customers and prospects Stated advantage of being secure, auditable and scalable Access to information would be gated based on requestor entitlement and could involve confidential/personal information The Scenario: Implemented centralized authentication / authorization gateway Based on use of existing identity management infrastructure Single solution serves Web customers, internal users and applications Need common security model Validation of authentication step Entitlement-based authorization Audit trail

14 Scenario 1 Internal Access to Application(s) Intranet Zone HealthCare BackOffice App Service Layer SecureSpan XML Firewall S-API SOAP / SOAP / HTTP(S) HTTP Internal User LDAP 1. Internal user sends SOAP request to XML Firewall 2. XML Firewall authenticates specific user (or group) against internal LDAP 3. XML Firewall applies appropriate internal group or user policy and forwards to Service Layer 4. Service Layer forwards request to BackOffice application

15 Scenario 2 External Access to Personal Profile Intranet Zone DMZ HealthCare BackOffice App Service Layer SecureSpan XML Firewall Frontend Application S-API SOAP / SOAP / HTML / HTTP(S) HTTP HTTP Servlets / JSP Tomcat Specific User LDAP 1. Specific user sends HTML request to web portal 2. Web portal authenticates user, forwards SOAP request and User identity via HTTP or HTTPS to XML Firewall 3. XML Firewall applies Personal Profile policy, grants access to profile operation and forwards to Service Layer 4. Service Layer formats request with user identity, forwards request to BackOffice application

16 Scenario 3 External Access to Policy Premium Calculator Intranet Zone DMZ HealthCare BackOffice App Service Layer SecureSpan XML Firewall Frontend Application S-API SOAP / SOAP / HTML / HTTP(S) HTTP HTTP Servlets / JSP Tomcat Anonymous User 1. Anonymous user sends HTML request to web portal 2. Web portal forwards SOAP request via HTTP or HTTPS to XML Firewall 3. XML Firewall applies Anonymous policy, grants access to Premium Calculator and forwards to Service Layer 4. Service Layer forwards request to BackOffice application

17 Example Policy One Policy Supports Three Scenarios Internal Users Validated External Users Anon. External Users

18 Intermediary Deployment Model - Telecom Message level intermediary between services and requesters Internal Application Consumers External Application Consumers Services

19 Telecom Use Case: Security - Validate XML is correctly structured before it is routed to services - Guard against malicious code attacks - Implement message level security including WS* and WS-I compliance - Leverage existing identity, SSO and PKI infrastructures Security requirements defined by an administrator Policies become effective independently of the actual services IPTV SMS MMS Ringtones

20 Telecom Use Case: Service Virtualization - Same service viewed differently for provisioning and for consumption purposes - Each virtual version limits allowed operations based on requester Virtual Services Service Provisioning Service Consumption Requests and responses can be transformed to accommodate older versions of clients Newer Version

21 Telecom Use Case: Service Aggregation - Provide requestors a single, unchanging interface to a set of services - Use appliances to map virtual interface to real interfaces - Have appliance handle associated routing, data transformation 1. Browse available TV shows 2. Predefined xpath [s:body/tvs:browse/tvs:provider] 3. Choose endpoint based on XPath result Telecom Gateway 4. Transform request to comply with particular provider (XSLT) Transparent aggregation of provider channels Channel provider connectors

22 Telecom Use Case: SLA Enforcement - Control service requests based on IP, time of day, requestor, etc. - Centrally define and enforce SLA contracts for XML interactions - Monitor / report message throughput and service performance metrics Gets 1 free TV show per month 1. Define WS-Policy Compliant SLA Definition 2. Publish to SLA Policy / Contract to UDDI Quincy Gets unlimited SMS per month Telecom Gateway XML appliance shares parameters across service policies to enable virtual coordination. 3. Enforce SLA Policy / Contract Pascal IPTV SMS MMS Ringtones

23 Some Observations XML Gateways / Firewalls provide effective tool for enforcing security and controlling access to services The declarative, non-programmed model provides a great deal of flexibility Deployment patterns can be quite diverse DMZ deployment Spanning trust zones XML/WS co-processor Security policies tend to include some element of identity IP address, UID/PWD, SSO or federation token Requires some interaction with identity infrastructure Key standards are still evolving but include: WS-Policy, WS-SecurityPolicy, UDDI, SAML

24 Philip M Walston VP Product Management Layer 7 Technologies

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary

More information

Managing SOA Security and Operations with SecureSpan

Managing SOA Security and Operations with SecureSpan Managing SOA Security and Operations with SecureSpan Francois Lascelles Technical Director, Layer 7 Technologies 1 Customers Revenue About Layer 7 Layer 7 is the leading vendor of security and governance

More information

Oracle Web Services Manager (WSM)

<Insert Picture Here> Oracle Web Services Manager (WSM) Oracle Web Services Manager (WSM) Marc Chanliau Director, Product Management Outline Introduction Product Overview Typical Use-Case Scenarios Roadmap Q & A Introduction

More information

AquaLogic Service Bus

AquaLogic Service Bus AquaLogic Bus Wolfgang Weigend Principal Systems Engineer BEA Systems 1 What to consider when looking at ESB? Number of planned business access points Reuse across organization Reduced cost of ownership

More information

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service

More information

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB IBM Software for WebSphere Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB Presenter: Kim Clark Email: kim.clark@uk.ibm.com Date: 27/02/2007 SOA Design with WebSphere

More information

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning. PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

More information

CA SOA Security Manager

CA SOA Security Manager CA SOA Security Manager Implementation Guide r12.1 Second Edition This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

Software Requirement Specification Web Services Security

Software Requirement Specification Web Services Security Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:

More information

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 4.0.3 Unit objectives

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Requirement Priority Name Requirement Text Response Comment

Requirement Priority Name Requirement Text Response Comment N-Tiered Architecture Accessibility Application architecture shall consist of a minimum of four tiers: proxy, presentation, application, and data [base]. Each of the fours tiers shall be separated with

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

Federated Identity and Single Sign-On using CA API Gateway

Federated Identity and Single Sign-On using CA API Gateway WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED

More information

An Open Policy Framework for Cross-vendor Integrated Governance

An Open Policy Framework for Cross-vendor Integrated Governance An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable

More information

000-284. Easy CramBible Lab DEMO ONLY VERSION 000-284. Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0

000-284. Easy CramBible Lab DEMO ONLY VERSION 000-284. Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0 Easy CramBible Lab 000-284 Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0 ** Single-user License ** This copy can be only used by yourself for educational purposes Web: http://www.crambible.com/

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use Product Data Sheet BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use BEA AquaLogic Integrator delivers the best way for IT to integrate, deploy, connect and manage process-driven

More information

Securing Web Services From Encryption to a Web Service Security Infrastructure

Securing Web Services From Encryption to a Web Service Security Infrastructure Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager

More information

IBM WebSphere DataPower Integration Appliance XI52

IBM WebSphere DataPower Integration Appliance XI52 IBM WebSphere DataPower Integration Appliance XI52 Save time, reduce cost, and improve security with this purpose-built appliance for application integration Highlights Save time, reduce cost and improve

More information

An Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events

An Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events An Oracle White Paper November 2009 Oracle Primavera P6 EPPM Integrations with Web Services and Events 1 INTRODUCTION Primavera Web Services is an integration technology that extends P6 functionality and

More information

WebSphere Integration Solutions. IBM Day Minsk 2014. Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

WebSphere Integration Solutions. IBM Day Minsk 2014. Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe WebSphere Integration Solutions IBM Day Minsk 2014 Ann Litvinov WebSphere Connectivity Professional Central Eastern Europe 1 Agenda 1 Understand vision for ESB capabilities 2 Understand DataPower Basics

More information

Apigee Gateway Specifications

Apigee Gateway Specifications Apigee Gateway Specifications Logging and Auditing Data Selection Request/response messages HTTP headers Simple Object Access Protocol (SOAP) headers Custom fragment selection via XPath Data Handling Encryption

More information

Access Management Analysis of some available solutions

Access Management Analysis of some available solutions Access Management Analysis of some available solutions Enterprise Security & Risk Management May 2015 Authors: Yogesh Kumar Sharma, Kinshuk De, Dr. Sundeep Oberoi Access Management - Analysis of some available

More information

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Virtualization: Managing Change in a Service-Oriented Architecture Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

More information

NIST s Guide to Secure Web Services

NIST s Guide to Secure Web Services NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:

More information

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to

More information

26.Roundtable Münchner Unternehmerkreis IT Simone Frömming - Vice President Sales Oracle Deutschland GmbH

26.Roundtable Münchner Unternehmerkreis IT Simone Frömming - Vice President Sales Oracle Deutschland GmbH ITK-Trends aus der Sicht von Oracle als Software-Hersteller -Transition to SOA- 26.Roundtable Münchner Unternehmerkreis IT Simone Frömming - Vice President Sales Oracle Deutschland GmbH SOA Bridging the

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

Securing SOA and Web Services with Oracle Enterprise Gateway

Securing SOA and Web Services with Oracle Enterprise Gateway An Oracle White Paper April 2011 Securing SOA and Web Services with Oracle Enterprise Gateway Disclaimer The following is intended to outline our general product direction. It is intended for information

More information

Sentinet for BizTalk Server SENTINET

Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and APIs Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication

More information

DataPower SOA Appliances Simplify, Secure, and Accelerate SOA

DataPower SOA Appliances Simplify, Secure, and Accelerate SOA DataPower SOA Appliances Simplify, Secure, and Accelerate SOA Nitin Thukral, CISSP Canadian National Specialist 2007 IBM Corporation Agenda 1. New Model Required for SOA and Web Services 2. DataPower SOA

More information

Contents. 1010 Huntcliff, Suite 1350, Atlanta, Georgia, 30350, USA http://www.nevatech.com

Contents. 1010 Huntcliff, Suite 1350, Atlanta, Georgia, 30350, USA http://www.nevatech.com Sentinet Overview Contents Overview... 3 Architecture... 3 Technology Stack... 4 Features Summary... 6 Repository... 6 Runtime Management... 6 Services Virtualization and Mediation... 9 Communication and

More information

Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure

More information

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional Web Access Management May 2008 CA Canada Seminar > Please fill your survey to be eligible for a prize draw Only contact info is required for prize draw Survey portion is optional > How to Transform Tactical

More information

Websphere - Smarter Software For A Smarter Planet. Build a Flexible Application Infrastructure Environment WebSphere Connectivity Solutions

Websphere - Smarter Software For A Smarter Planet. Build a Flexible Application Infrastructure Environment WebSphere Connectivity Solutions Websphere - Smarter Software For A Smarter Planet Build a Flexible Application Infrastructure Environment WebSphere Connectivity Solutions Service Oriented Finance Payment Systems - Connectivity Requirements

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1) E14294-04 January 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include: What

More information

Security in integration and Enterprise Service Bus(ESB) Anton Panhelainen Principal Technology Consultant Tieto Oy anton.panhelainen@tieto.

Security in integration and Enterprise Service Bus(ESB) Anton Panhelainen Principal Technology Consultant Tieto Oy anton.panhelainen@tieto. Security in integration and Enterprise Service Bus(ESB) Anton Panhelainen Principal Technology Consultant Tieto Oy anton.panhelainen@tieto.com 1 About Anton Panhelainen 12 years of experience building

More information

Data Security and Governance with Enterprise Enabler

Data Security and Governance with Enterprise Enabler Copyright 2014 Stone Bond Technologies, L.P. All rights reserved. The information contained in this document represents the current view of Stone Bond Technologies on the issue discussed as of the date

More information

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*,

More information

Enterprise Integration Architectures for the Financial Services and Insurance Industries

Enterprise Integration Architectures for the Financial Services and Insurance Industries George Kosmides Dennis Pagano Noospherics Technologies, Inc. gkosmides@noospherics.com Enterprise Integration Architectures for the Financial Services and Insurance Industries Overview Financial Services

More information

Publishing Enterprise Mobile Services

Publishing Enterprise Mobile Services Information Systems Strategy Publishing Enterprise Mobile Services Anand Patel, Enterprise Architect, 23 rd May About Network Rail We are a Private Company of 35,500 People Revenue of around 6 billion

More information

Introduction to Service Oriented Architecture (SOA)

Introduction to Service Oriented Architecture (SOA) Introduction to Service Oriented Architecture (SOA) Hari Rajagopal Galileo International Hari Rajagopal Introduction to Service Oriented Architecture (SOA) Page 1 Agenda Definitions Background SOA principles

More information

Creating a Strong Security Infrastructure for Exposing JBoss Services

Creating a Strong Security Infrastructure for Exposing JBoss Services Creating a Strong Security Infrastructure for Exposing JBoss Services JBoss Enterprise SOA Platform Service Clients Service Gateway Enterprise Services Blake Dournaee, Product Management, Intel SOA Products

More information

Federated Identity and Trust Management

Federated Identity and Trust Management Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage

More information

Java Technology and Web Services Security in Action

Java Technology and Web Services Security in Action Java Technology and Web Services Security in Action Marc Chanliau and Vikas Jain Security Product Management Oracle Corporation www.oracle.com TS-8131 2007 JavaOne SM Conference Session TS-8131 Goal Learn

More information

SCA-based Enterprise Service Bus WebSphere ESB

SCA-based Enterprise Service Bus WebSphere ESB IBM Software Group SCA-based Enterprise Service Bus WebSphere ESB Soudabeh Javadi, WebSphere Software IBM Canada Ltd sjavadi@ca.ibm.com 2007 IBM Corporation Agenda IBM Software Group WebSphere software

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

SOA Best Practices (from monolithic to service-oriented)

SOA Best Practices (from monolithic to service-oriented) SOA Best Practices (from monolithic to service-oriented) Clemens Utschig - Utschig Consulting Product Manager, Oracle SOA Suite & Integration clemens.utschig@oracle.com The following

More information

000-609. IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>

000-609. IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>> 000-609 IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version: Demo Page 1. Which of the following is an advantage of using WS-Security instead of SSL? A. Provides assured message

More information

2012 LABVANTAGE Solutions, Inc. All Rights Reserved.

2012 LABVANTAGE Solutions, Inc. All Rights Reserved. LABVANTAGE Architecture 2012 LABVANTAGE Solutions, Inc. All Rights Reserved. DOCUMENT PURPOSE AND SCOPE This document provides an overview of the LABVANTAGE hardware and software architecture. It is written

More information

The Enterprise Service Bus

The Enterprise Service Bus 1 ESBs: Essential Infrastructure for a Successful SOA March 2005 2 at a glance Customers include world s largest firms! 80% of Global Telecom! 70% of Financial Services in Global 100! Blue Chip System

More information

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin. Oracle WebLogic Foundation of Oracle Fusion Middleware Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.com/in/lawrence143 History of WebLogic WebLogic Inc started in 1995 was a company

More information

IBM Security Access Manager for Web

IBM Security Access Manager for Web IBM Security Access Manager for Web Secure user access to web applications and data Highlights Implement centralized user authentication, authorization and secure session management for online portal and

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1.6) E14294-06 November 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include:

More information

The Challenges in Real Life ESB Deployments

The Challenges in Real Life ESB Deployments Frank Cohen s Presentation To International SOA Conference, Rome, Italy June 25, 2009 The Challenges in Real Life ESB Deployment ScenarioThis presentation discusses some of the key challenges that are

More information

Service-Oriented Architecture Foundation

Service-Oriented Architecture Foundation Service-Oriented Architecture Foundation James T. Hennig, Chief Architect SOAF A james.hennig@us.army.mil "If you are not interoperable, you are not on the net, you are not contributing, you are not benefiting,

More information

REST and SOAP Services with Apache CXF

REST and SOAP Services with Apache CXF REST and SOAP Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF New CXF features Project using Apache CXF How CXF community

More information

Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs.

Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs. Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs White Paper Contents Executive Summary... 3 Why Use an API Gateway with vcloud...

More information

Oracle Service Bus. Situation. Oracle Service Bus Primer. Product History and Evolution. Positioning. Usage Scenario

Oracle Service Bus. Situation. Oracle Service Bus Primer. Product History and Evolution. Positioning. Usage Scenario Oracle Service Bus Situation A service oriented architecture must be flexible for changing interfaces, transport protocols and server locations - service clients have to be decoupled from their implementation.

More information

Unifying IT Vision Through Enterprise Architecture

Unifying IT Vision Through Enterprise Architecture Unifying IT Vision Through Enterprise Architecture A model for Strategic Alignment Northeast Ohio Information Technology & Enterprise Architects (NEO-ITEA) Presentation To: Integrate 2010: Uniting the

More information

Integrated Systems & Solutions. Some Performance and Security Findings Relative to a SOA Ground Implementation. March 28, 2007. John Hohwald.

Integrated Systems & Solutions. Some Performance and Security Findings Relative to a SOA Ground Implementation. March 28, 2007. John Hohwald. Some Performance and Security Findings Relative to a SOA Ground Implementation March 28, 2007 John Hohwald Slide 1 Ground SOA Implementation Issues SOA Benchmarking Benchmarked a variety of vendors IBM

More information

Reverse Proxy for Trusted Web Environments > White Paper

Reverse Proxy for Trusted Web Environments > White Paper > White Paper ProxySG for Reverse Proxy Web-based solutions are being implemented for nearly every aspect of business operations, and increasingly for trusted environments with mission-critical business

More information

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF Whitepaper 08/17/2015 Summary 1. Introductio... 3 1.1 What is TMG / UAG?... 3 2. How can

More information

A standards-based approach to application integration

A standards-based approach to application integration A standards-based approach to application integration An introduction to IBM s WebSphere ESB product Jim MacNair Senior Consulting IT Specialist Macnair@us.ibm.com Copyright IBM Corporation 2005. All rights

More information

Oracle SOA Suite: The Evaluation from 10g to 11g

Oracle SOA Suite: The Evaluation from 10g to 11g KATTA Durga Reddy TATA Consultancy Services. Oracle SOA Suite: The Evaluation from 10g to 11g Introduction Oracle SOA Suite is an essential middleware layer of Oracle Fusion Middleware. It provides a complete

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Federated Service Oriented Architecture for Effects-Based Operations

Federated Service Oriented Architecture for Effects-Based Operations Federated Service Oriented Architecture for Effects-Based Operations Intelligence and Information Systems Matt Brown (720) 88-4014 mebrown@raytheon.com Customer Success Is Our Mission is a trademark of

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

AquaLogic ESB Design and Integration (3 Days)

AquaLogic ESB Design and Integration (3 Days) www.peaksolutions.com AquaLogic ESB Design and Integration (3 Days) Audience Course Abstract Designed for developers, project leaders, IT architects and other technical individuals that need to understand

More information

Secure the Web: OpenSSO

Secure the Web: OpenSSO Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information

Helping organizations secure and govern application services for SOA, Web and the Cloud

Helping organizations secure and govern application services for SOA, Web and the Cloud Helping organizations secure and govern application services for SOA, Web and the Cloud SOA WEB CLOUD layer7tech.com info@layer7tech.com @layer7 Layer 7 offers industry-leading XML security, runtime SOA

More information

Contents. Overview 1 SENTINET

Contents. Overview 1 SENTINET Overview SENTINET Overview 1 Contents Introduction... 3 Customer Benefits... 4 Development and Test... 4 Production and Operations... 5 Architecture... 5 Technology Stack... 8 Features Summary... 8 Sentinet

More information

Run-time Service Oriented Architecture (SOA) V 0.1

Run-time Service Oriented Architecture (SOA) V 0.1 Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...

More information

Increasing IT flexibility with IBM WebSphere ESB software.

Increasing IT flexibility with IBM WebSphere ESB software. ESB solutions White paper Increasing IT flexibility with IBM WebSphere ESB software. By Beth Hutchison, Katie Johnson and Marc-Thomas Schmidt, IBM Software Group December 2005 Page 2 Contents 2 Introduction

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com Presented by: Shashi Mamidibathula, CPIM, PMP Principal Pramaan Systems shashi.mamidi@pramaan.com www.pramaan.com

More information

24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com

24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com veer images 24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com Web services the foundation of today s service-oriented architecture (SOA) are self-contained, modular applications that can be described,

More information

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture. INTRODUCTION

More information

Strategic Information Security. Attacking and Defending Web Services

Strategic Information Security. Attacking and Defending Web Services Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments

More information

Oracle SOA Suite Then and Now:

Oracle SOA Suite Then and Now: Oracle SOA Suite Then and Now: The Evolution from 10g to 11g Shane Goss Impac Services Agenda SOA Suite 11g New Features Highlight new features of SOA 11g Some products have added features and functionality

More information

The bridge to delivering digital applications across cloud, mobile and partner channels

The bridge to delivering digital applications across cloud, mobile and partner channels Axway API Gateway The bridge to delivering digital applications across cloud, mobile and partner channels Axway API Gateway a foundational component in an API-first architecture for digital business provides

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Overview: Siebel Enterprise Application Integration. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

Overview: Siebel Enterprise Application Integration. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Overview: Siebel Enterprise Application Integration Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and

More information

ACADEMIC RESEARCH INTEGRATION SYSTEM

ACADEMIC RESEARCH INTEGRATION SYSTEM ACADEMIC RESEARCH INTEGRATION SYSTEM Iulia SURUGIU 1 PhD Candidate, University of Economics, Bucharest, Romania E-mail: : iulia_surugiu2003@yahoo.com Manole VELICANU PhD, University Professor, Department

More information

Increasing IT flexibility with IBM WebSphere ESB software.

Increasing IT flexibility with IBM WebSphere ESB software. ESB solutions White paper Increasing IT flexibility with IBM WebSphere ESB software. By Beth Hutchison, Marc-Thomas Schmidt and Chris Vavra, IBM Software Group November 2006 Page 2 Contents 2 Introduction

More information

Table of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8

Table of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 Table of Contents 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 3 SOA in Verizon The IT Workbench Platform... 10 3.1 Technology... 10 3.2 Processes

More information

IBM WebSphere ESB V6.0.1 Technical Product Overview

IBM WebSphere ESB V6.0.1 Technical Product Overview IBM WebSphere ESB V6.0.1 Technical Product Overview SOA on your terms and our expertise 2005 IBM Corporation The SOA Lifecycle.. For Flexible Business & IT Assemble Assemble existing and new assets to

More information

Introduction to Service-Oriented Architecture for Business Analysts

Introduction to Service-Oriented Architecture for Business Analysts Introduction to Service-Oriented Architecture for Business Analysts This course will provide each participant with a high-level comprehensive overview of the Service- Oriented Architecture (SOA), emphasizing

More information

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO.

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO. EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES Peter R. Egli INDIGOO.COM 1/16 Contents 1. EAI versus SOA versus ESB 2. EAI 3. SOA 4. ESB 5. N-tier enterprise architecture

More information

Interoperable Provisioning in a Distributed World

Interoperable Provisioning in a Distributed World Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

Presentation Outline. Key Business Imperatives Service Oriented Architecture Defined Oracle SOA Platform 10.1.3 SOA Maturity/Adoption Model Demo Q&A

Presentation Outline. Key Business Imperatives Service Oriented Architecture Defined Oracle SOA Platform 10.1.3 SOA Maturity/Adoption Model Demo Q&A Presentation Outline Key Business Imperatives Service Oriented Architecture Defined Oracle SOA Platform 10.1.3 SOA Maturity/Adoption Model Demo Q&A Key Business Imperatives Increased Competition Requires

More information