Layer 7 secures Web services

SAN FRANCISCO (09/29/2003) - Layer 7 Technologies Inc. on Tuesday will introduce a solution for securing and connecting Web services.

The startup company will introduce its SecureSpan Solution, a set of technologies that Layer 7 co-founder and Chief Technology Officer Toufic Boubez, said will reduce the risk and bring down the cost and complexity of deploying Web services.

"Security is a first-order problem," said Boubez, who co-authored the UDDI (The Universal Description, Discovery and Integration) protocol and was once the chief architect for IBM Corp.'s Web services initiatives. "Today it is difficult to deploy Web services without doing a custom deployment," he said.

The SecureSpan Solution consists of a gateway appliance, a software policy manager and an agent technology. Boubez and Lonny McLean, chief executive officer of Layer 7, explained that the gateway, dubbed SecureSpan Gateway, enforces security and access policies across multiple end points. The policies are centrally created and managed with the SecureSpan Manager; once created, the policies are sent to the agents that sit on the end point (the consumer of the Web service).

Layer 7's approach differs from others in this space, including Netegrity, Reactivity, Forum Systems and Westbridge Technology, by virtue of the gateway's ability to provide a different set of policies for each end point, Boubez explained. He contends that the technologies developed by other companies feature a one-way flow that pales in comparison to Layer 7's approach, which tailors policies and requirements for each individual end point.

He added that under the one-way flow, the initial instantiation of Web service policies requires the consumers of a given Web service to adjust their own policies and security mechanisms based on what the particular Web service dictates. This, Boubez said, places the burden of security on the end-user.

With Layer 7's system, Boubez contends, a change in a security policy can be pushed out to the agent and nothing is broken.

"We support multiple security preferences and policies," said McLean. "XML (Extensible Markup Language) firewalls assume one blanket policy on (consumers)."

Ron Schmelzer, a senior analyst with ZapThink LLC, a research firm specializing in XML and Web services, doesn't think Layer 7's relatively late entrance to the market will have any ill effect on their chances for success. In fact, he thinks they are right on time.

"The market is still evolving, they aren't late," said Schmelzer. "But they better start getting some customer traction because the pace of Web services deployment is quickening."

The product is generally available this month. In the future Layer 7 will look to add management capabilities to the platform.

Join the newsletter!

Error: Please check your email address.

More about Forum SystemsGatewayIBM AustraliaNetegrityUDDI

Show Comments
[]