SecureSpan Gateway
Unlock your services to the outside world.
Capabilities
Advanced XML Security | Threat Protection | XML Acceleration | CentraSite & webMethods Insight Integration | Simplified Administration & Flexible Deployment
Advanced XML Security
Build a first line of defense
XML interfaces for SOA, cloud computing and Web 2.0 provide a versatile method for exposing applications and their data directly to other applications in a standards-based way. This simplifies interoperability across departmental, organizational and cloud boundaries. However, exposing functionality and information to applications in external trust and security domains opens those systems to potential threats. That’s why you need SecureSpan Gateway for a first line of defense.
Identity-based access
SecureSpan Gateway can be integrated with a number of leading identity, access, SSO and federation systems, including LDAP, Microsoft Active Directory/Federated Services, Oracle Access Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, RSA ClearTrust, Sun Java Access Manager and Novell Access Manager. Additionally, SecureSpan Gateway can enforce fine-grained entitlement decisions authored in XACML.
WS* and WS-I standards support
SecureSpan Gateway provides support for all major WS* and WS-I security protocols, including WS-Security, WS-SecureConversation, WS-SecurityPolicy, WS-Trust, WS-Federation, WS-Secure Exchange, WS-Policy and WS-I Basic Security Profile.
SOAP, REST and POX security
You can use SecureSpan Gateway to provide secure access to services exposed as SOAP, REST or POX service.
Consumer-provider security handshake
With the SecureSpan XML VPN Client that works in conjunction with the XML Firewall or XML Networking Gateway, you can effectively separate authentication and authorization tasks across trust boundaries.
XVC helps streamline consumer and provider interactions by automatically negotiating the “handshake” between them, abstracting out security and other infrastructure requirements. This ensures business continuity even in the face of changing industry regulations and corporate requirements.
Cross-domain/B2B security
SecureSpan Gateway supports credential chaining, credential remapping and federated identity, facilitating information sharing between organizations. An integrated STS/SAML issuer provides comprehensive support for SAML 1.1/2.0 authentication, authorization and attribute-based policies, as well as support for WS-Trust, WS-Federation and SAML-P protocols. Additionally, an integrated PKI CA/RA allows for automated deployment and management of client-side certificates.
Cryptography
You can purchase SecureSpan Gateway with an optional onboard Hardware Security Module (HSM), as well as support for external HSMs, such as Safenet. Federal Information Processing Standards (FIPS) support is provided in both hardware (FIPS 140-2 Level 3) and software.
Custom policy assertions
With the latest release of SecureSpan XML Networking Gateway, you can use the Custom Policy Assertion SDK to create new assertions that address unique requirements, such as: proprietary message processing; pattern recognition and filtering and; interfacing to third-party infrastructure—all without requiring an application server to run the custom code.
Sample custom assertions are provided for integration to a range of leading identity management products from Sun, IBM, CA, Oracle and others.
