XML-Aware Security Appliances

With the widespread adoption of Web services, the security appliance (firewall) vendors are addressing Web services security needs using XML-aware hardware appliances that ensure secure XML traffic and Web services transactions. Adopting hardware appliances for Web services is strongly recommended, particularly the substitution of hardware for resource-intensive XML processing tasks and the offloading of XML security processing from a Web services endpoint. These appliances are commonly referred to as XML firewall.

XML Firewall

XML firewall appliances will reside in the DMZ behind network firewall appliances and operate on the inbound and outbound XML traffic of a Web-services provider or requester. These appliances help in identifying XML content-level threats and vulnerabilities based on message compliance, payload, and attachments that are not detected by network firewalls. In addition, XML firewalls offer functionalities that support XML encryption, digital signatures, schema validation, access control, and SSL communication. An XML firewall appliance often will run at wire speeds that are superior to that of the traditional software infrastructure. Adopting XML firewall delivers significant performance gains in Web-services transactions that involve SSL communication, XML filtering, XML schema and message validation, signature validation, decryption, XML parsing, and transformation.

There is a growing list of XML-aware security appliances currently available, including XML firewalls and XML processing accelerators. It is noteworthy that some security hardware vendors provide support for Web-services security standards and specifications.