Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Layer 7: Enterprise SOA With SecureSpan & Javacaps
1. Enterprise SOA with
SecureSpan and JavaCaps
Francois Lascelles, P. Eng.
Technical Director, Europe
http://www.layer7tech.com
October 2008
2. Why an XML appliance?
Message level aware intermediary
between services and requesters
Web Services
October 2008
3. Policy Enforcement Point Model
PEP validates policy compliance, applies security decorations,
transformations, records statistics, intercepts problematic messages
before they reach your services.
Delegate common or
expensive XML related
tasks from your services
to your infrastructure
Web Services
October 2008
4. Delegating Security
XML Gateway
enforces security for
incoming traffic on
behalf of protected
services.
XML Gateway
secures outgoing
traffic on behalf of
protected services. protected
services
October 2008
5. Delegating SLA
Members of group foo
can consume X times
service A or service B Service B
Service A
Client side SLA coordinated across services
October 2008
6. Business Logic Delegation
•Distribution of responsibilities between applications and infrastructure has shifted
•Moving business logic to infrastructure enables more loosely coupled systems
•Centralization of policies enables governance
•Authentication
•Authorization
•SLA
•Validation
•Encryption
•Transformation
October 2008
7. SecureSpan Solution Advantages, Differentiators
Sophisticated policy language enables complex governance requirements
Available as hardware appliance and as software
Quick deployment, ease of use
Extensible through java APIs
Instant policy application (no service downtime)
Standards based
Industry leadership
October 2008
8. Layer 7 SecureSpan XML VPN
XML VPN proxy
component
Application or ESB
Services
XML VPN downloads WS-
Policy document applicable to
service being invoked and
decorates outgoing messages
on behalf of requester.
October 2008
9. SecureSpan and JavaCaps ESOA Foundation
SecureSpan and JavaCaps complement themselves to provide the foundation of your
Enterprise SOA
Use each products’ strengths, rely on standards based integration mechanisms.
ex:
Use SecureSpan for:
•Zone/Transport bridging
•XML intensive processing
•Centralized policy enforcement
Use jCaps for:
•Adapters
•Service composition
•Messaging infrastructure
October 2008
10. Zone bridging
SecureSpan Gateway used DMZ
as an edge device bridging
secured zones
• Routing
• Transport mapping
• Synchronous to
asynchronous handling
• Access control
• Managing trust relationships
• Threat protection
• Throttling
• Outgoing security
decorations
jCaps
October 2008
11. ESB Co-Processor Pattern
Delegation to specialized co processor:
- Content validation
- XML digital signature
- XML encryption
- SLA
- XML transformation
ESB
SecureSpan used as a
service endpoint
October 2008
12. STS Pattern
SecureSpan used as an STS integrating with SUN Access Manager issuing security
tokens and SAML statements for JavaCaps requesting process
ESB
Access Manager
Decoupled identity
management and token
issuing
October 2008