Hide Notes 

Slide 1: Enterprise SOA with SecureSpan and JavaCaps Francois Lascelles, P. Eng. Technical Director, Europe http://www.layer7tech.com October 2008
Slide 2: Why an XML appliance? Message level aware intermediary between services and requesters Web Services October 2008
Slide 3: Policy Enforcement Point Model PEP validates policy compliance, applies security decorations, transformations, records statistics, intercepts problematic messages before they reach your services. Delegate common or expensive XML related tasks from your services to your infrastructure Web Services October 2008
Slide 4: Delegating Security XML Gateway enforces security for incoming traffic on behalf of protected services. XML Gateway secures outgoing traffic on behalf of protected services. protected services October 2008
Slide 5: Delegating SLA Members of group foo can consume X times service A or service B Service B Service A Client side SLA coordinated across services October 2008
Slide 6: Business Logic Delegation •Distribution of responsibilities between applications and infrastructure has shifted •Moving business logic to infrastructure enables more loosely coupled systems •Centralization of policies enables governance •Authentication •Authorization •SLA •Validation •Encryption •Transformation October 2008
Slide 7: SecureSpan Solution Advantages, Differentiators Sophisticated policy language enables complex governance requirements Available as hardware appliance and as software Quick deployment, ease of use Extensible through java APIs Instant policy application (no service downtime) Standards based Industry leadership October 2008
Slide 8: Layer 7 SecureSpan XML VPN Application or ESB XML VPN proxy component Services XML VPN downloads WSPolicy document applicable to service being invoked and decorates outgoing messages on behalf of requester. October 2008
Slide 9: SecureSpan and JavaCaps ESOA Foundation SecureSpan and JavaCaps complement themselves to provide the foundation of your Enterprise SOA Use each products’ strengths, rely on standards based integration mechanisms. ex: Use SecureSpan for: •Zone/Transport bridging •XML intensive processing •Centralized policy enforcement Use jCaps for: •Adapters •Service composition •Messaging infrastructure October 2008
Slide 10: Zone bridging SecureSpan Gateway used as an edge device bridging secured zones • Routing • Transport mapping • Synchronous to asynchronous handling • Access control • Managing trust relationships • Threat protection • Throttling • Outgoing security decorations jCaps DMZ October 2008
Slide 11: ESB Co-Processor Pattern Delegation to specialized co processor: - Content validation - XML digital signature - XML encryption - SLA - XML transformation ESB SecureSpan used as a service endpoint October 2008
Slide 12: STS Pattern SecureSpan used as an STS integrating with SUN Access Manager issuing security tokens and SAML statements for JavaCaps requesting process ESB Access Manager Decoupled identity management and token issuing October 2008
Slide 13: Thank you For SUN+Layer 7 info, visit http://www.sun.com/layer7 October 2008