WebServices Standards

WebServices Standards

Hi All,

Can anyone give me information about SOAE's support for the Web Services standards that listed below ?

*- WS-ReliableMessaging
*- WS-Transaction
*- WS-Notification
*- WS-SecureConversation

In addition to that I'd like to know if there is a documentation about SOAE's Webservice's standards support in general.

Thanks in advance.

3 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi Serhat,

With that list of requirements it looks like what you're after is an ESB not a security gateway. SOAE doesn't have explicit support for ReliableMessaging, Transaction or Notification although the workflow / policy is flexible enough to implement these if required. We have SecureConversation as a roadmap feature.

For documentation go to intel.com/go/identity for documentation - Expressway Service Gateway

Here's a list of supported standards:

XML Firewall Threat Prevention Denial of Service Protection, XML Limit Checking, SQL Injection, DTD Checking, XPath Injection, Forbidden RegEx
Scan, Malformed XML Attack, XML Bomb Attack, Schema Poisoning Attack

Authentication and Authorization Local X.509 certificate and username/ password authentication, external LDAP or Active Directory authentication
Username/Password X.509 and SAML token authentication, custom XML-based credentials, HTTP basic auth, credential
Computer Associates SiteMinder, Oracle Access Manager
Certificate and Key Management, integrated X.509 certificate path validation support
X.509 certificate key usage checking support, certificate revocation list (CRL) checking

Open Web Services Security Standards OASIS WS-Security 1.0/1.1, OASIS X.509, Username and SAML profiles, W3C XML encryption and XML signatures,
Support for non-SOAP-based XML security, WS-I BSP 1.0/1.1, SOAP with Attachments, MTOM

Transport Layer Security Support for multiple SSL identities and mutual authentication SSL v3 and Transport Layer Security v1 acceleration,
origination, and termination

Cryptographic Support Optional Cryptographic acceleration of private key, symmetric key, and hashing operations
Supports DES, 3DES, AES, RSA v1.5, RSA-OAEP, SHA-1 and SHA-256

Transport Protocols HTTP(S) 1.0, 1.1, JMS, FTP, MLLP, File, Raw TCP, Custom Protocol Support

Service Mediation High performance service mediation engine
Secure SOAP, REST or custom service mediation within the datacenter or across the Internet
Supports simple proxy or complex service mediation cases

Service Governance High performance run-time policy enforcement for XML well-formed checking, schema validation, XML transformation
(XSLT), content conversion (Non-XML support), content filtering (XPath), XML Security, WS-Security and
content-based routing for SOAP, REST, or POX (Plain-Old-XML) data
Automatic policy updating and enforcement

Hi Peter,

In my opinion those standards that I mentioned are very useful for some B2B scenarios. I wouldn't like to put ESB or App Server as frontier for external service calls.I do beleive that external calls should always flowed through a gateway to enforce common policies, including security policies.Thus that gateway shouldn't degrade existing WS qualities which are hosted on the App Server or the ESB. I know there are some proprietary work arrounds exist on SOAE, but having WS standards would be much more preferable. As I said this is my opinion and I see that you consider some features are not required to support on a service gateway. I'd like to see that , what qualities are differentiate ESB and Gateway in your opinion.

Thank You.

Leave a Comment

Please sign in to add a comment. Not a member? Join today