|
The inclusion of security methods in Web services, by means of TrustedX, involves the consumption of specialized services. Given that the entire logic of the security methods is delegated to TrustedX, the implementation of the WS-Security, XML-Dsig and XML-Enc standards for securing Web messages is carried out from a SOA point of view.
The implementation architectures possible are:
- Integration gateway: TrustedX is used as a security gateway, in that, it is responsible for protecting the sent messages and for processing the received messages. This architecture has the advantage of being able to implement the security methods without having to modify the Web services.
- Security Web services: the application uses TrustedX to request protection or message processing. In this architecture, unlike the previous one, the TrustedX results are returned to the application.
- A combination of both.
The figure below illustrates the two architectures:
TrustedX's gateway functions include the capacity to receive SOAP/WS or REST/WS data, which are then processed by means of an XML Pipeline language, and finally, they are re-sent. The gateway's pipeline capacities make it possible to link a successive set of XML processing rules: transform, sign, verify, encrypt, decrypt, authenticate, authorize, access external information sources etc. which will be executed to obtain the desired data output.
TrustedX will also be responsible for the following aspects which are key to managing trust.
- Private key management, where TrustedX provides protection methods to prevent key copying or its unauthorized use, and renders key and digital certificate renewal transparent to the applications.
- Centralized security policy and trust management, where the centralized management of the trusted entities (CAs, TAs and VAs) is made possible. Also, the requirements for validating digital certificates and verifying signatures are defined.
- Facilitation of the auditing of the system and of the security methods in the corporate SOA architecture.
|
