SOA Security Manager Features

The following SOA Security Manager features enable you to flexibly implement secure web services:

Support for several leading web and application servers.
Optional SOA Security Gateway filters XML traffic according to a set of configurable security rules and can be deployed in the network DMZ (De-Militarized Zone) to provide XML Firewall functionality.
Transport-level and content-level authentication schemes for message authentication without user intervention.
Fine-grained access control model that allows authorization policies to be based on information at any layer of the XML message (transport, envelope, or payload—body of the message).
Full support for generation and consumption of WS-Security (Web Services Security) SOAP headers containing Security Assertion Markup Language (SAML) assertion, X.509v3 certificate, or password digest security tokens, allowing authentication and authorization information to be passed securely between multiple Web services.
Support for generation and consumption of SAML Session Ticket assertions (which contain an encrypted session ticket and a public key for synchronized sessioning), allowing authentication and authorization information to be passed securely between multiple Web services within a Policy Server domain.
SOA Security Manager SDK provides two APIs:
- Web Service Client API—A Java API that greatly simplifies the task of creating Web service consumer applications.
- SOA Agent Content Helper API—A Java API that allows you to create XML-enabled custom agents for web servers.