Wednesday, June 24, 2009

SOA Security Testing - XML Gateways

SOA/XML Gateways are a secure bridge that integrate enterprises with their trading partners while ensuring that the information flow upholds the tenants of information assurance: privacy (encryption), integrity (signatures and schemas) and traceability (audit and archive). SOA Testing XML Gateways requires significant functional depth across security attributes (SSL, WS-Encryption, WS-Signatures), identity facets (SAML, WS-UserName, WS-X.509, WS-Kerberos), structural tests (Schema and Schematron) as well as message exchange patterns based on XML, SOAP, and REST.

Forum Sentry is one such XML Gateway with significant differentiating emphasis on security. Jason Macy, VP Engineer and CTO at Forum Systems recently recorded an informative webcast highlighting the security for XML Gateways. Once such Gateways are deployed, using comprehensive SOA Testing products such as SOAPSonar is essential to ensure that the gateway is operating as expected.

  • For more information on SOA Testing Techniques, click here.
  • For more information on XML Gateways, click here.

Monday, June 15, 2009

SOA Build, Test and Secure Paradigm

With the recent Crosscheck Networks' acquisition of Forum Systems, the SOA/XML landscape continues to trend towards market consolidation.  Enterprises now expect well-integrated products that help IT professionals across Web Service Life cycle and not just pre- or post- production alone.  

  • For building web services, consumers need to get their client-side code developed even before the services are ready.  This is where service simulation becomes critical.  
  • On the flip side, developers and testers of service providers (service endpoints) need to iteratively test the functional, performance and security characteristics of such services.  
  • Once the service endpoints are ready to go, an intermediate XML Gateway needs to be deployed to protect the endpoints.
Through well integrated products such as SOAPSonar, SOAPSimualtor and Forum Sentry, Crosscheck Networks and its wholly-owned subsidiary, Forum Systems, provide compreshensive Web Service Build, Test and Secure functionality for Industrial Web Services Deployments.

Monday, June 01, 2009

SOA Tips: Transaction Monitoring

Recently, I had a great conversation with Jack Vaughan on transaction traceability and monitoring with SOA. He graciously published some of our talking points under SOA Advisor, a useful section under that provides actionable tips on a variety of SOA, XML, and Web Services related topics including SOA Testing.

To see SOA Tips, see:,289482,sid26_tax309147,00.html