Start-up touts hardware/software combo
Toufic Boubez, former chief architect of IBM's Web services initiatives, and now CTO at start-up Layer 7 Technologies (www.layer7tech.com), Vancouver, Canada, has become a strong advocate of the emerging trend of creating Web services management systems that incorporate both hardware and software.
Layer 7 this week began previewing its first product, which Boubez describes as a hardware gateway and software management and agent combo for handling security and policy enforcement, at the Web Services Edge 2003 in Santa Clara, Calif., this week.
The new offering, dubbed the SecureSpan Solution, includes multiple components for managing various aspects of Web services. The first component in the offering, called the SecureSpan Gateway, is described by Boubez as "an appliance, a gateway that is a rack-mount appliance. You import WSDL definitions into that gateway and the gateway knows about your Web services. Then it will be able to protect them. It will inspect every SOAP message that comes in and decides whether to reject it or where to route it properly."
Determining exactly what security policies will be applied to incoming SOAP messages is handled through a software component of the family, called the SecureSpan Manager, he said.
"The Manager is where you create policies," he explained. "It has a very rich UI that you can bring up and see all the Web services that sit behind the gateway, and you start creating personalized policies to those services. By personalized policies I don't mean something like we're going to require SSL for every incoming request. I'm talking about a very rich assertion-base policy language with complex expressions."
For example, he said, the solution "can say that for this particular user out of this particular LDAP server I'm going to require SSL. For this other user that's going to present this kind of certificate to me, I'm going to require XML encryption and signatures. So you can build some very rich policies that are personalized to different consumers. Because you cannot assume that all the consumers of the Web service will have the same policy or security capabilities or the same service level agreements with you."
Boubez said this approach avoids the time-consuming process of hard coding security and connection policies, which analysts that Layer 7 talked to estimated take 50% of the budget for Web services projects. He said hard coding also reduces the flexibility advantage that is supposed to come with a loosely coupled architecture.
Rich Seeley is Web Editor for Campus Technology.