DataPower First to Demonstrate Real-World Deployments of Hardware-Based Federated Identity Management Enforcement Point Using WS-Security and SAML

Business Wire, Oct 5, 2004

CAMBRIDGE, Mass. -- Industry-leading Enterprises Utilize Unique Standards-based AAA Framework of XS40 XML Security Gateway To Enforce Fine Grained Access Control Policies Stored in RSA eTrust/FIM, Netegrity SiteMinder and other Leading Identity Management / Web SSO Servers

DataPower, the creator and leading provider of intelligent XML-aware Networking (XAN) infrastructure, announced today that it is the first XML Web services security provider to demonstrate real-world Web service deployments with customers utilizing WS-Security and SAML for federated authentication and authorization across domains to partners and customers. Driven by actual customer deployments that have processed billions of dollars in business transactions to date, DataPower has further enhanced both its support for SAML and its integration with leading identity management/SSO vendors including RSA, Netegrity, Oblix, CA, IBM, Oblix and Sun. DataPower had also previously demonstrated leadership as the only Web services security vendor to successfully participate in GSA-sponsored SAML Interop event RSA Conference 2004 (See http://www.datapower.com/newsroom/pr_022404_rsaconference.html). Along with its longstanding support for critical Web services security standards like complete SAML token authentication within WS-Security and features like XML firewalling, XDoS protection and content-based routing, DataPower's XS40 has again demonstrated the most comprehensive and robust XML Web services security solution available for real-world Web service deployments.

"Making it easy to do business with us is of the highest priority," said a security specialist at one of the largest insurance companies in the United States. "Support for industry-wide standards like ACORD, WS-Security and SAML for federated identity is mission critical to providing secure, uncomplicated connections for our partners and customers. Using leading technologies like DataPower's XS40 as our secure gateway to partners and customers, including enforcing access policies stored in our existing Netegrity SiteMinder systems, enables us to meet this essential commitment to customers and partners."

"With RSA Federated Identity Manager and RSA ClearTrust, customers can now unify authentication and authorization for not only Web-based commerce initiatives but also Web services across a single enterprise or throughout a federated environment over the Internet," said Howard Ting, Sr. Product Manager, RSA Identity and Access Management Solutions. "Integrating with DataPower's easy-to-use, high-performance Web service security gateway is a tremendous advantage for our customers needing to manage and enforce Web service authorization and access at a central point."

"Scalable, real-time policy enforcement is critical if Web services are to succeed in the corporate world," said James Kobielus, senior analyst at Burton Group, a leading research, analysis, and consulting firm. "Enterprises should explore use of hardware-based Web services policy enforcement points, including performance-optimized devices for XML firewalling, content-based routing, federated SSO, and other critical functions. DataPower has addressed these requirements through its hardware-based XAN infrastructure products."

SAML and XML Web Services Access Control

DataPower XS40 XML Security Gateway acts as a highly secure hardware policy enforcement point to perform authentication, authorization, audit and accounting functions based on the source, transport and content of incoming XML transactions. In addition to XML access control and full support for SAML token authentication within WS-Security, the XS40 also includes many other essential security functions, for example a full XML Firewall for protecting against XML threats, XML Encryption and XML Digital Signature, WS-Security and content-based routing. All integration is based on DataPower's innovative AAA Framework.

Fine Grained Authorization

Instead of URL-based or connection-level access control, fine-grained authorization allows the XS40 to interrogate every individual SOAP/XML transaction and determine whether it should be allowed through based on payload contents, security policy, and identity information. For example, a purchase order that is: (i) over $500 (ii) digitally signed by the CFO's certificate (iii) targeted for vendor X (iv) sent before 5pm may be allowed through, while one immediately following it would be rejected. SAML, WS-Security and XACML are key emerging standards for implementing this kind of fine-grained access control in an open, cross-platform environment which combines a variety of policy enforcement points (such as the DataPower XS40 Gateway) and central policy repositories.

DataPower is the only XML firewall/gateway solution to long support SAML, WS-Security, SSL Acceleration, XML Encryption, XML-DSIG, RADIUS, LDAP, XKMS and on-board policy control; now DataPower's enhanced SAML support and deep, field-proven integration with all major identity management vendors (See related announcement links) including: