REST Web Services & API Security

REST Web Services & API Security

REST Security Background

A common problem for enterprises that expose services is how to build a simple yet secure interface. In most cases Enterprises want to perform some type of REST to SOAP mapping. This allows the external interface to be simple, but presents challenges if internal web services use SOAP across different identity management systems and middleware platforms. The industry accepted solution is to use a Service Gateway.

Intel Solution

Intel^® Expressway Service Gateway provides an enforcement point for REST web services messages and can delegate authentication and authorization to identity management and PKI systems such as Active Directory and CA^* Siteminder. It provides a secure point of entry to fend off denial of service threats, code injection, and other malicious traffic.

RESTful Capabilities

• Invoke Security Token Service credential mapping or validation
• Ensure throttling and SLAs by REST service
• Extend Enterprise audit and compliance to WOA and REST
• Detailed XML threat prevention and payload inspection
• Service virtualization, proxy, and abstraction as a policy enforcement point
• REST API security and management