SOA Software tightens security in XML VPN

13.07.2005
Von Bob Francis

SOA Software on Wednesday announced Version 4.3 of its XML VPN product adding several new packaged security features.

"As companies move away from expensive proprietary integration mechanisms toward XML, Web services, and SOA, the need for security and management of these services will continue to grow," said Eric Pulier, chairman and founder of SOA Software in a release. "The XML VPN makes it easy for providers to enforce strong security policies and for their partners to comply with these policies."

With Version 4.3, the XML VPN proxy can digitally sign messages destined for internal services. This is meant to prevent end-run attacks by external applications that could otherwise directly contact internal services protected by the XML VPN. It also helps ensure the security of internal services and provides an audit trail for all partner transactions, according to the company.

XML VPN Version 4.3 can also act as a proxy for any external Web services, whether or not provided by another XML VPN device. This allows a company to use the XML VPN to provide its developers with internal versions of important third-party services, and ensure the security and reliability of these services.

XML VPN Version 4.3 also supports the WS-Policy standard.

"SOA has really done a good job of packaging several security features together to focus on the end-user provisioning issue so companies can make sure the wrong people don"t get inappropriate access to resources," said Ron Schmelzer, senior analyst at ZapThink.

"This solution will help companies use their existing identity management systems within a Web-services model and that may prove very useful," Schmelzer said.

SOA Software"s XML VPN is available today as software and as an appliance. Software starts at $5,000 per CPU. Appliances start at US$50,000.