|
XML Firewall
An XML firewall is a specialized device used to protect applications exposed through XML based interfaces like WSDL and REST and scan XML traffic coming into and going out from an organization. Typically deployed in a DMZ environment an XML Firewall is often used to validate XML traffic, control access to XML based resources, filter XML content and rate limit requests to back-end applications exposed through XML based interfaces. XML Firewalls are commonly deployed as hardware but can also be found as software and virtual appliance for VMWare, Xen or Amazon EC2. A number of brands of XML Firewall exist and they often differ based on parameters like performance (with or without hardware acceleration, 32 Vs 64 bit), scalability (how do they cluster and perform under load), security certification (common criteria, FIPS being the most common), identity support (for SAML, OAuth, enterprise SSO solutions) and extensibility (they can support different transport protocols like IBM MQ, Tibc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Web Services Description Language
The Web Services Description Language (WSDL ) is an XML-based interface description language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also referred to as a ''WSDL file''), which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns. Therefore, its purpose is roughly similar to that of a type signature in a programming language. The latest version of WSDL, which became a W3C recommendation in 2007, is WSDL 2.0. The meaning of the acronym has changed from version 1.1 where the "D" stood for "Definition". Description The WSDL describes services as collections of network endpoints, or ports. The WSDL specification provides an XML format for documents for this purpose. The abstract definitions of ports and messages are separated from their concrete use or instance, allowing the reuse of these ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Demilitarized Zone (computing)
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network. This is not to be confused with a DMZ host, a feature present in some home routers which frequently differs greatly from an ordinary DMZ. The name is from the term ''demilitarized zone'', an area between states in which military operations are not permitted. Rationale The DMZ is seen as not belonging to either network bordering it. This metaphor a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Assertion Markup Language
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also: * A set of XML-based protocol messages * A set of protocol message bindings * A set of profiles (utilizing all of the above) An important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.J. Hughes et al. ''Profiles for the OASIS Security Assertion Markup Langua ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OAuth
OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit the users to share information about their accounts with third-party applications or websites. Generally, OAuth provides clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
IBM WebSphere MQ
IBM MQ is a family of message-oriented middleware products that IBM launched in December 1993. It was originally called MQSeries, and was renamed ''WebSphere MQ'' in 2002 to join the suite of WebSphere products. In April 2014, it was renamed ''IBM MQ''. The products that are included in the MQ family are IBM MQ, IBM MQ Advanced, IBM MQ Appliance, IBM MQ for z/OS, and IBM MQ on IBM Cloud. IBM MQ also has containerised deployment options. MQ allows independent and potentially non-concurrent applications on a distributed system to securely communicate with each other, using messages. MQ is available on a large number of platforms (both IBM and non-IBM), including z/OS ( mainframe), IBM i, Transaction Processing Facility, UNIX ( AIX, HP-UX, Solaris), HP NonStop, OpenVMS, Linux, and Microsoft Windows. MQ Components The core components of MQ are: * Message: Messages are collections of binary or character (for instance ASCII or EBCDIC) data that have some meaning to a participatin ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
XML Appliance
An XML appliance is a special-purpose network device used to secure, manage and mediate XML traffic. They are most popularly implemented in service-oriented architectures (SOA) to control XML-based web services traffic, and increasingly in cloud-oriented computing to help enterprises integrate on premises applications with off-premises cloud-hosted applications. XML appliances are also commonly referred to as SOA appliances, SOA gateways, XML gateways, and cloud brokers. Some have also been deployed for more specific applications like Message-oriented middleware. While the originators of the product category deployed exclusively as hardware, today most XML appliances are also available as software gateways and virtual appliances for environments like VMWare. History of XML appliances The first XML appliances were created by DataPower and Vordel in 1999, Sarvega in 2000, Forum Systems in 2001, Managed Methods in 2005 and Layer 7 Technologies in 2002. Early vendors like DataPower ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
XML Appliance
An XML appliance is a special-purpose network device used to secure, manage and mediate XML traffic. They are most popularly implemented in service-oriented architectures (SOA) to control XML-based web services traffic, and increasingly in cloud-oriented computing to help enterprises integrate on premises applications with off-premises cloud-hosted applications. XML appliances are also commonly referred to as SOA appliances, SOA gateways, XML gateways, and cloud brokers. Some have also been deployed for more specific applications like Message-oriented middleware. While the originators of the product category deployed exclusively as hardware, today most XML appliances are also available as software gateways and virtual appliances for environments like VMWare. History of XML appliances The first XML appliances were created by DataPower and Vordel in 1999, Sarvega in 2000, Forum Systems in 2001, Managed Methods in 2005 and Layer 7 Technologies in 2002. Early vendors like DataPow ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security. Features WS-Security describes three main mechanisms: * How to sign SOAP messages to assure integrity. Signed messages also provide non-repudiation. * How to encrypt SOAP messages to assure confidentiality. * How to attach security tokens to ascertain the sender's identity. The specification allows a variety of signature formats, encryption algorithms and multiple trust domains, and is open to various security token models, such as: * X.509 certificates, * Kerberos tickets, * User ID/Password cr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
