Layer 7 tackles WS-Policy and enterprise SOA security

By Rich Seeley, News Writer 03 May 2006 | SearchWebServices.com

News on SOA, EAI, Web services Digg This!     StumbleUpon     Del.icio.us

In what one analyst predicts will be a deluge of proclamations of product support for WS-Policy, Layer 7 Technologies Inc. announced today that it has demonstrated interoperability with WS-Policy supporters including IBM, BEA, SAP and Microsoft.

Beginning the second half of this year anybody thinking about SOA and Web services will certainly want to acquire products that are WS-Policy compliant. Dimitri Sirota Vice President of Marketing and Alliances, Layer 7

The results, announced at Interop Las Vegas, are based on testing done at the SAP-hosted WS-Policy Interoperability Workshop last week in Walldorf, Germany, said Dimitri Sirota, vice president of marketing and alliances at Layer 7. The standard for Web services security and governance, which entered the W3C process this past week, is considered by many vendors and analysts to be key to the advancement of SOA.

"I don't know whether it's going to be critical for companies to have support for this (WS-Policy) tomorrow, but beginning the second half of this year anybody thinking about SOA and Web services will certainly want to acquire products that are WS-Policy compliant," Sirota said. "They're going to have Oracle apps in their infrastructure. They're very likely to have SAP apps. And I bet they're going to have the Windows .NET environment. All of those will be leveraging WS-Policy."

With WS-Policy now in the W3C process that is expected to result in it becoming a bona fide standard, Ron Schmelzer, senior analyst for ZapThink LLC, predicts today's announcement from Layer 7 will be the first of many.

"Layer 7 has done a really good job of fleshing out what it means to be WS-Policy and WS-Security compliant," the analyst said.

The release of standards-based products targeted at SOA implementations shows that SOA is maturing, Schmelzer said.

He said that SOA maturity can also be seen in Layer 7's announcement this week of the general availability of its 3.5 Security operating system for its SecureSpan family of hardware and software products for XML gateways and firewalls.

The updated OS adds new clustered policy and session features designed to provide enterprise-level security to SOA applications, Layer 7's Sirota said. Existing XML firewalls and gateways do not provide automatic policy replication or session persistence across clustered deployments, he said. The software and hardware products currently providing Web services security lack the capability to "consistently and reliably enforce security policy." Layer 7's new operating system features automatic policy replication, session persistence and multi-gateway monitoring designed to scale up for enterprise deployments.

High level security, similar to what is available for old fashioned mainframe and client/server applications, is now what the customer wants for SOA, Schmelzer said in explaining how the technology for the Web services market is maturing.

For more information Learn more about WS-Policy's entrance into the W3C Read a Q&A with Web services pioneer and Layer 7 CTO Toufic Boubez

"People are becoming a lot more mature about how they are implementing security for Web services," the analyst said. "Before now security for Web services was all about SSL. If they were doing security, maybe they were doing passwords. Now they realize that's a very unmanageable and a very unsafe way of allowing people access to some pretty important stuff. If you think about it, the next version of SAP is all going to be services, so do you really want random people in your network pinging your SAP system with service requests? Pretty scary, I would say."

Sirota said enterprise level security with WS-Policy support also will be important for anyone contemplating SOA in the Microsoft world, especially with the new Vista version of the Windows operating system scheduled for release in early 2007

"WS-Policy underlies Windows Communications Foundation, which is the underlying communications structure for Vista," the Layer 7 executive said. "Windows Communications Foundation uses WS-Policy for exchanging policy data."

New features in the 3.5 version of Layer 7's Security operating system include:

• Cluster-wide traffic and availability monitoring
• Automated policy replication across clusters
• Automatic stateful fail-over
• Cluster-wide session persistence
• Cluster-wide PKI management
• Clustered XSLT acceleration

Tags: Service-oriented architecture (SOA) education,  XML and XML schema,  WS-policy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Service-oriented architecture (SOA) education SOA Manifesto urges both agility and business focus SOA skills, slings and arrows Playbook for the SOA Red Zone Win SOA Design Patterns book Take part in SearchSOA.com survey. Help define the state of SOA. New year – same old SOA tempests? The annals of SOA Talk Software architects navigate transitions Ten ways to identify services Analysts, users find roadblocks along the SOA highway Service-oriented architecture (SOA) education Research XML and XML schema What's the future of XML? SOA pattern of the week (#7): policy centralization Try XML-based Extensible Business Reporting Language (XBRL) for accounting reports What's new at the W3C Ganymede: Modeling tools target SOA, UML Data services mashups emerge for SOA Making sense of data services mashups XML turns 10 SOA helps save 100-year-old business Oracle maps heterogeneous data services strategy for SOA WS-policy Data services mashup wizard latest for SOA SOA triple play: Policy meets Semantic Web WS02 releases wiki-style SOA registry Post-Oracle: BEA gets back to SOA basics W3C publishes WS-Policy as recommendation SOA policy beyond Java and .NET Mule extending Web services capabilities Using ADO.NET and SDO for SOA data continuity SOA standards WS-Policy, SCA and SDO advancing rapidly Layer 7 releases custom policy SDK

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary middleware  (SearchSOA.com) Semantic Web  (SearchSOA.com) service-oriented integration  (SearchSOA.com) service-oriented management  (SearchSOA.com) Web-Based Enterprise Management  (SearchSOA.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary