Full Text

As companies embark on efforts to build loosely coupled service-oriented architectures they inevitably have to tackle the issue of securing their SOA service infrastructure, and many turn to XML security appliances to get the job done.

Why choose an XML appliance to protect and safely expose your SOA data services to customers, partners and software-as-a-service (SaaS) vendors? Without dedicated hardware support it is nearly impossible to withstand denial-of-service attacks and to provide the high availability necessary to ensure data confidentiality, integrity and nonrepudiation.

XML security appliances are typically positioned in the demilitarized zone between two firewalls and become the only device visible to outside clients. The appliance acts as a proxy and performs all necessary security operations, including SSL socket termination, credential validation and data verification.

The XML security appliance is then the only device permitted by the second firewall to establish connections to internal SOA endpoints. Performing security operations outside the endpoints provides a twofold benefit. First, the SOA data service no longer needs to implement any security functions and will not be compromised by hackers. Second, the security infrastructure policy is decoupled from the endpoints and therefore can be easily controlled by the infrastructure security team without having to make changes to the endpoints themselves.

XML security appliances, first introduced in 2000, range in price from $30,000 to...