Driven by both spiraling e-commerce demands and the promise of Web services (WS), extensible Markup Language (XML) switching is starting to catch on. But the security angle has only recently been getting the proper attention. This is critical because the highly verbose nature of XML means vulnerabilities can easily crop up, and viruses and other threats often lurk at the content layer, beyond the gaze of traditional firewalls.

Enter the XWall Web Services Firewall from Forum Systems (www.forumsys.com), one of the first XML firewalls on the market. While Forum isn't the only vendor to tackle the XML security space-DataPower, Reactivity, and Westbridge Technology (www.westbridgetech.com) are others-Forum does have a slight edge. It received an early jump on the market in 2000 and has built security features into what would otherwise be a typical XML switching architecture.

But before we get started on XWall, a little background is needed. Forum's first product was the Sentry, a WS security gateway that handles inbound and outbound processing of XML flows. Sitting in front of or behind the network firewall, the hardware switch takes in XML messages, decrypts the Secure Sockets Layer (SSL) code, scans the clear text for threats, and then adds XML digital signatures for SSL-encrypted transport.

Forum has since added to the original feature set. In addition to the usual XML functions, which includes schema validation, data search and retrieval, and transformation (see "Lesson 189: XML Switching," Tutorial, page 66), the list of protocols now supported has grown to encompass a wide range of WS functions, including security and embedded messaging, as well as content-based routing, interoperability, service negotiation, and QoS.

The Sentry's Swiss Army knife approach covers a lot of bases, but it's overkill and too expensive for much of the midsized business market. According...