BT

Are XML Gateways Really the Answer?

| by Stefan Tilkov Follow 5 Followers on Jun 01, 2006. Estimated reading time: 1 minute |

Andrew S. Townley, lead architect for the Irish government’s Public Services Broker (PSB), explains the concepts behind XML gateways and takes a look at how they might be applied to secure a large-scale SOA environment. XML gateways, such as those introduced by IBM lately, promise to offload many message processing issues to hardware appliances.

Andrew lists the content-related security issues involved in securing a service-oriented environment:

  • HTTP header inspection
  • XML denial of service detection
  • XML external entity attack prevention
  • SQL injection prevention
  • Buffer overflow prevention
  • Service scanning prevention
  • Message size analysis
  • SOAP attachment analysis
  • XML well-formedness validation
  • XML schema validation
  • XPath processing
  • Auto-generation of XML Schema (XSD) from WSDL
  • Auto-generation of XML Schema (XSD) from sample XML messages

He then explains some of these issues in more detail and shows how they are (or aren't) handled by XML gateways.

The conclusion of his posting is:

A lot of people [...] think things like XML gateways are “pixie dust” for security in the same way that people thought XML was some sort of magic solution to all business data representation and exchange problems. The answer to the question posed in the title of this article [...] is: it depends. Hopefully, if you’ve made it this far, you learned a few things, and you’ll be better prepared to participate in the overall security effort and answer the XML gateway question for yourself–regardless of your role within your organization.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT