DEVELOPER TOOLS

XML Web Services Business Scenario Leverages Identity and Access Management, Web Security Management and Hardened Cryptographic Processing for a Best Practices Infrastructure to Protect Service Oriented Architectures -- Forum Systems, nCipher plc and Oblix today announced that they will demonstrate best practices for protecting enterprise Service Oriented Architectures (SOAs) at Oracle OpenWorld San Francisco, running December 5-9, 2004 at the Moscone Center. Oracle has recognized these three companies for participation to highlight their technologies in the Protected Enterprise and Identity Management section of Protected Enterprise Security Pavilion. The demonstration will offer IT professionals a view into the deployment scenarios required to secure Web services and XML data utilizing existing infrastructure and off the shelf products from market leaders and leveraging technology partnerships between Forum Systems, nCipher, Oblix and Oracle. Enterprises building Web services to interact with suppliers, vendors and customers face the challenge of many exposure points, security threats and unauthorized information access. To address the need for an end-to-end security model, Oracle partners will showcase a real-world scenario implementing best practices in identity management, access control, threat protection, security management and key management cryptography, enabling secure access to backend Oracle application servers. The scenarios will integrate state-of-the-art technology from partners Oblix, nCipher and Forum Systems that can be deployed immediately. This four-way Web services security application model is the first of its kind that ties together all the infrastructure components an enterprise would need to secure the entire SOA pipe-line: from the perimeter, across multiple firewalls, into the back office and finally into the application. "Extending SSL and existing enterprise identity management to Web services is what enterprises need to effectively secure their SOA deployment today. A Web Services Firewall that focuses on XML intrusion prevention and data-level authentication with deep integration to nCipher, Oblix and Oracle makes this happen at the lowest total cost of ownership," said Mamoon Yunus, CTO, Forum Systems. "Web services have the power to transform business transactions, but only if confidentiality, message integrity and non-repudiation can be assured. In order to achieve this the industry standardized on the use of cryptography from a very early stage. However, the widespread use of encryption and digital signatures can easily impact performance and lead to serious points of risk if deployed incorrectly. I'm pleased that by working with our partners, we are able to demonstrate the practicality of building a secure and high performance SOA environment today," said Dr Nicko van Someren, Chief Technology Officer, nCipher. "Enterprises need to look at how they will apply multiple security policies for interoperability enforcement, authentication and authorization. Identity-driven policy management tightly coupled with strong perimeter controls allows customers to manage security policies from a single place, improving overall security and lowering administrative costs. This demonstrates the full security picture for enterprises building a service oriented architecture," said Prakash Ramamurthy, Senior Vice President of Products and Technology, Oblix. The live demonstration will showcase a SOA-driven supply chain business application to highlight trust management, threat protection and information assurance within the context of XML data and Web services. Protected data-level communications will allow a Web services consumer and back-office Web services producer applications to exchange sensitive supply chain information with the appropriate privileges. In addition, the demonstration will illustrate policies to comply with government regulations and will use some of the industry's strongest end-point-to-end-point protection against internal and external attacks. Forum Systems XWall Web Services Firewall will strictly enforce security policies using the Oblix COREsv Web Services Management platform. The Oracle Application Server 10g and Oracle Database Server 10g will enable scalable transaction processing. Database encryption will be performed by nCipher's SecureDB, and all infrastructure components will rely on nCipher technology for tamper-resistant key management and cryptographic acceleration. Forum, nCipher and Oblix are all partners in the Oracle PartnerNetwork.