888-4 BITKOO | 888-424-8566 24/7 Phone Support

• Home
• Products
  • Keystone
  • Keystone for SharePoint
  • SecureWithin ™
  • Agent-Less SSO
• Solutions
  • Fine-Grained Entitlement Management
  • Governance, Risk and Compliance
  • Enterprise Single Sign-On
  • SOA Security
• Services
  • Implementation
  • Training
  • Support
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • News & Events
  • Resources
  • Careers
  • Contact Us

Solutions

• Fine-Grained Entitlement Management
• Governance, Risk and Compliance
• Enterprise Single Sign-On
• SOA Security

• Schedule
• demo
• Download

Enterprise SOA Security

Distributed systems require security. And no security system can be considered complete if it is restricted to identity federation. Reliable security technology must also include meaningful authorization management. For example, knowing “Jim” is a user should not automatically imply that “Jim” can approve a transaction, delete a transaction and/or create a transaction batch. It should merely imply that the system recognizes “Jim”. An authorization step must follow in order to determine which specific functions “Jim” is allowed to perform.

Some enterprise architects assume that web services behind the firewall don’t need to perform authorization checks, but that approach leaves the entire enterprise vulnerable to a security breach. In the absence of authorization checks, hackers can easily access platforms within the corporate network and launch unhindered attacks from there. Savvy internal attackers can also access and use the internal web services.

More cautious architects add an authentication layer to their web services. But then they assume that if the caller is authenticated, the need for authorization is eliminated. While demonstrably better than no check at all, merely verifying the identity of the caller without confirming the tasks the caller is authorized to perform is problematic and short-sighted.

As the organization’s SOA matures and evolves, architects are often asked to segregate functionality and to prohibit a user who happens to be authenticated to perform every function. When code changes are necessary to accommodate authorization, the process becomes expensive, error prone and less secure. Moreover, this approach does not provide meaningful reporting or audit trail of how and where the changes were instituted.

At the same time, authorization checks are often the Achilles Heel when it comes to SOA performance. Why? Because web services are typically (and should be) stateless, which means that every request or call must include some identifying token that is checked by the servicing side. Once that is completed, an authorization check follows. This authorization check requires calling out an authorization store, which involves I/O (input/output). But network and/or disk I/O is hundreds of thousands of times slower than performing an in-memory algorithm-based authorization verification. Hundreds of thousands of times slower.

BiTKOO’s patented federated authorization solves the performance bottleneck caused by authorization in distributed system such as SOA, substantially increasing the speed of every application.
Using the Keystone Federated Authorization engine, organizations can

• easily secure any web service with fine grained authorization and reporting
• create an audit trail for every change from any source
• and increase SOA performance by a factor of 100,000 to 1

Organizations that employ highly transactional systems will be able to dramatically reduce the number of servers and network bandwidth.

Organizations requiring collaboration outside of the firewall will breathe a sigh of relief. Now their security concerns have been firmly addressed.

With Keystone Federated Authorization engine, setting up a trust relationship between collaborating web services from multiple organizations is quick, easy, and definitively secure.

© Copyright 2008. All rights reserved. Sitemap | Legal

Home | Contact Us | About BiTKOO