XML firewall
Encyclopedia
An XML firewall is a specialized device used to protect applications exposed through XML based interfaces like WSDL
and REST
and scan XML traffic coming in and out of an organization. Typically deployed in a DMZ
environment an XML Firewall is often used to validate XML traffic, control access to XML based resources, filter XML content and rate limit requests to back-end applications exposed through XML based interfaces. XML Firewalls are commonly deployed as hardware but can also be found as software and virtual appliance for VMWare, Xen or Amazon EC2. A number of brands of XML Firewall exist and they often differ based on parameters like performance (with or without hardware acceleration, 32 Vs 64 bit), scalability (how do they cluster and perform under load), security certification (common criteria, FIPS being the most common), identity support (for SAML, OAuth
, enterprise SSO solutions) and extensibility (they can support different transport protocols like IBM MQ, Tibco EMS, etc). XML Firewalling functionality is typically embedded inside XML Appliances
and SOA Gateways.
Web Services Description Language
The Web Services Description Language is an XML-based language that is used for describing the functionality offered by a Web service. A WSDL description of a web service provides a machine-readable description of how the service can be called, what parameters it expects and what data structures...
and REST
Representational State Transfer
Representational state transfer is a style of software architecture for distributed hypermedia systems such as the World Wide Web. The term representational state transfer was introduced and defined in 2000 by Roy Fielding in his doctoral dissertation...
and scan XML traffic coming in and out of an organization. Typically deployed in a DMZ
Demilitarized zone (computing)
In computer security, a DMZ is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet...
environment an XML Firewall is often used to validate XML traffic, control access to XML based resources, filter XML content and rate limit requests to back-end applications exposed through XML based interfaces. XML Firewalls are commonly deployed as hardware but can also be found as software and virtual appliance for VMWare, Xen or Amazon EC2. A number of brands of XML Firewall exist and they often differ based on parameters like performance (with or without hardware acceleration, 32 Vs 64 bit), scalability (how do they cluster and perform under load), security certification (common criteria, FIPS being the most common), identity support (for SAML, OAuth
OAuth
OAuth is an open standard for authorization. It allows users to share their private resources stored on one site with another site without having to hand out their credentials, typically username and password.OAuth allows users to hand out tokens instead of credentials to their data hosted by a...
, enterprise SSO solutions) and extensibility (they can support different transport protocols like IBM MQ, Tibco EMS, etc). XML Firewalling functionality is typically embedded inside XML Appliances
XML appliance
An XML appliance is a special purpose network device used to secure, manage and mediate XML traffic. They are most popularly implemented in Service Oriented Architectures to control XML based Web Services traffic, and increasingly in cloud oriented computing to help enterprises integrate on premise...
and SOA Gateways.
See also
- XML applianceXML applianceAn XML appliance is a special purpose network device used to secure, manage and mediate XML traffic. They are most popularly implemented in Service Oriented Architectures to control XML based Web Services traffic, and increasingly in cloud oriented computing to help enterprises integrate on premise...
- Web Services
- WS-SecurityWS-SecurityWS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
- Representational State TransferRepresentational State TransferRepresentational state transfer is a style of software architecture for distributed hypermedia systems such as the World Wide Web. The term representational state transfer was introduced and defined in 2000 by Roy Fielding in his doctoral dissertation...
External links
- Service Firewall Pattern an explanation of the idea behind XML firewalls
- F5 Networks XML Firewall a description of how an XML firewall can protect your application.
- Citrix XML Application Firewall
- Layer 7 XML Firewall
- Intel SOA Expressway Soft-Appliance