The Cisco Ace XML Gateway (AXG) product is quickly nearing its end of life.
Last year, Layer 7’s field team completed a number of successful AXG
replacement projects and the rate of such projects has since picked up
considerably. Layer 7 is now releasing the Cisco ACE XML Gateway Migration
Guide. This guide includes a step-by-step methodology, which builds on our
experience in AXG migration type projects.
A key component of this methodology is the AXG migration utility, a
policy-based module which interprets an incoming AXG export file in PPF
format and automatically populates a Layer 7 Gateway instance with
corresponding service proxies and runtime policies. When we first considered
the possibility of such a migration utility, we were skeptical about the
amount of automation that could be reached due to the differences between
both solutions. In the end, what made... (more)
The WS Secure Conversation specification describes a mechanism letting
multiple parties establish a context (using the WS Trust Request Security
Token standard) and secure subsequent SOAP exchanges. Each WS Secure
Conversation session has an associated shared secret. Instead of using this
shared secret directly to sign and encrypt the conversation's messages,
symmetric keys are derived from the secret itself. Deriving new keys for each
message and different keys for signature and encryption limits the amount of
data that an attacker can analyze in attempting to compromise the con... (more)
As the enterprise is increasingly taking notice of WOA (Web Oriented
Architecture) these days, the need for security guidelines and standards for
RESTful Web services is becoming more pressing. Sure, RESTful Web services
are meant to borrow existing security mechanisms from the web and HTTP Basic
over SSL, when done right, is a great way to accomplish shared-secret based
authentication. Yet, for better or for worse, it is common to find REST API
providers defining their own authentication mechanisms.
Take for example the Amazon S3 REST API’s custom HTTP authentication
scheme. Us... (more)
In the article "The importance of threat protection for restful web
services", I presented a number of content-based threats for XML. When
protecting an endpoint from XML based attacks, not only are payloads scanned
for code injections, malicious entity declarations and parser attacks, XML
documents are actually validated against strict schemas that clearly describe
expected document structures. Enforcing this type of compliance at the edge,
in a SOA gateway for example, minimizes the risk of attacks of the Web
service endpoint. Structure definition languages such as XML Schema ... (more)
I often get asked about ‘REST to SOAP’ transformation use cases these
days. Using an SOA gateway like SecureSpan to perform this type of
transformation at runtime is trivial to setup. With SecureSpan in front of
any existing web service (in the DMZ for example), you can virtualize a REST
version of this same service. Using an example, here is a description of the
steps to perform this conversion.
Imagine the geoloc web service for recording geographical locations. It has
two methods, one for setting a location and one for getting a location. See
below what this would look like i... (more)
As Layer 7’s Chief Architect, Francois Lascelles guides the solutions architecture team and aligns product evolution with field trends. Francois joined Layer 7 in the company’s infancy – contributing as the first developer and designing the foundation of Layer 7’s Gateway technology. Now in a field-facing role, Francois helps enterprise architects apply the latest standards and patterns. Francois is a regular blogger and speaker and is also co-author of Service-Oriented Infrastructure: On-Premise and in the Cloud, published by Prentice Hall. Francois holds a Bachelor of Engineering degree from Ecole Polytechnique de Montreal and a black belt in OAuth.
Follow Francois on Twitter: @flascelles
Jim McLane
Walter Hinton
Walt Robertson
Akshat Singh
Chris Shaul
James Meickle
