XML Developer Tip
(Receive this column in your inbox,
click Edit your Profile to subscribe.)
Try XML security hardware
In some of my previous XML tips, I've talked about various XML security related vocabularies and markup languages, including support for X.509 Certificates, security assertions (SAML), encryption, messaging, authentication, digital signature, and more. In other XML tips, I've talked about how some vendors are pushing XML processing into hardware so that Web sites can handle higher volumes of incoming and internal XML traffic more effectively and efficiently. I suppose I should have therefore seen the emergence of a veritable raft of XML security devices in the marketplace. Well, it's here!
In the past 6 months, dozens of special-purpose XML security processing appliances and devices have become available to application or service providers who want to use this advanced technology. Such boxes help avoid the performance hits that sometimes accompany the use of XML markup, and those that are also typical of the extra processing and data handling required when heightened security is needed as well.
The primary notion that drives this phenomenon is that individual communication channels between clients (typically using Web browsers, but other applications can use the same techniques) and servers (again, typically Web servers) must be secured and managed. Such devices help to ensure that client identity may be proven, and secure links established to permit confidential data exchange (the U.S. Government's XML site has great slides on this topic). This makes sense for routine transactions like credit card or other purchases online, but is also useful for all kinds of official, signed, or confidential information exchanges.
One prevailing notion behind devoting special-purpose hardware to handle XML security is that it separates security from general applications development. In effect, it permits an extra layer of security to be interposed between what's inside and outside an organization without requiring changes to existing code. It also helps avoid the complexities and risks inherent in retrofitting older applications with newer code. And, as I've already indicated, it offers the highest level of performance available when security is added to applications and services. For everything from legacy applications to developers who want or need application security but may not have time or resources to build it in themselves, the security device approach appears to offer a workable solution—but at a sometimes hefty price (many of these devices cost from tens to hundreds of thousands of dollars, depending on features, functions, and level of performance needed).
That said, here's a short alphabetical list of some of the many companies that offer XML security hardware products:
- Forum Systems
- Reactivity XML Firewall using NCipher hardware security module
- Sarveda, Inc.
- Vordel & Chrysalis: XML Security Appliance
If you prefer to roll their own XML security implementations, IBM alphaworks and Phaos XML are the pre-eminent purveyors of development suites for that purpose. But in that case, hardware speeds and easy add-on benefits won't apply with serious additional time and effort invested during the development process.
About the Author
Ed Tittel is a VP of Content Development & Delivery at CapStar LLC, an e-learning company based in Princeton, NJ. Ed runs a small team of content developers and project managers in Austin, TX, and writes regularly on XML and related vocabularies and applications. E-mail Ed at firstname.lastname@example.org.
For More Information:
- Looking for free research? Browse our comprehensive White Papers section by topic, author or keyword.
- Are you tired of technospeak? The Web Services Advisor column uses plain talk and avoids the hype.
- For insightful opinion and commentary from today's industry leaders, read our Guest Commentary columns.
- Hey Codeheads! Start benefiting from these time-saving XML Developer Tips and .NET Developer Tips.
- Visit our huge Best Web Links for Web Services collection for the freshest editor-selected resources.
- Visit Ask the Experts for answers to your Web services, SOAP, WSDL, XML, .NET, Java and EAI questions.
- Choking on the alphabet soup of industry acronyms? Visit our helpful Glossary for the latest industry lingo.
- Couldn't attend one of our Webcasts? Don't miss out. Visit our archive to watch at your own convenience.
- Discuss this article, voice your opinion or talk with your peers in the SearchWebServices Discussion Forums.