Identity Broker available in Hardware, Software, VMWare, and Cloud Image
Enables enterprises to centralize access control and identity management through a standards-based WS-Trust based interface. Interfaces with all major identity servers. Provides simplified portal federation and SOA federation. Forum STS Identity Broker provides comprehensive identity token translation with direct integration with all major identity servers including CA Siteminder, IBM TAM, RSA ClearTrust, Oracle Access Manager, Sun JSAM, HP SelectAccess, Kerberos KDC, Active Directory, and LDAP.
Our rack mount appliance offers 64-bit multiprocessor with crypto accelerator and optional FIPS Level III HSM. Our software form factors include packaged installation for Windows, Linux and Solaris. We also offer the SOA gateway product for VMWare, and Cloud Images for Amazon EC2, OpSource, and Rackspace.
Service Virtualization
Parse, merge and administer compound WSDLs from multiple endpoints.
Selectively expose service definition to consumers based on credentials.
Cloak service endpoints
Access Control
Deep integration with Identity Systems for authentication and authorization.
Granular control: protocol, service, operation, and message level identity bridging across Protocol- and Message-based identities.
Threat Mitigation
Defend against message-based threat Vectors such as XML Bombs, Malware, SQL Injection. Schema Validation, on-board AV scanning, Intrusion Detection and Prevention rules, throttling, blocking, and alerting.
Data Privacy & Integrity
Content-level message encryption and signatures, transport independent. Extensive WS-Standards support for superior interoperability.
Granular message capture for archiving and auditing
Information Enrichment
Message Enrichment via external services.
Prevent Information Leak through outbound message filtering.
Message Transformation and Routing
Centralized Policy Mgmt
Web-based interface for secure policy management across instance deployments.
Partial Policy import, export and full policy mirroring across instances.
Decouple and centralize SOA policies from Service and Client developers.
Patented Performance
Patented, accelerated XML, identity, and protocol processing for crypto operations. Streaming technology for
Jumbo payload processing.
Non-Intrusive Deployment
Eliminate software libraries and APIs for transaction processing and agent-less transaction monitoring.
Flexible Deployment Options include Hardware, software, VMWare, and cloud images.
Base Standards
XML 1.0, SOAP 1.1/1.2, WSDL 1.1/1.2, UDDI 2.x+, XPath 1.0/2.0, Schema 1.0, DTD, XSLT 1.0, REST, SOAP with Attachments, MTOM, WS-Addressing, WS-ReliableMessaging, WS-I Basic Profile.
Supported Protocols
HTTP, HTTPS, IBM MQ Series, Tibco Rendezvous, Tibco EMS, JMS, FTP, FTPS, SMTP, AS2, sFTP.
Protocol mixing and remote server failover and load balancing.
Cryptography and PKI
Import, generation and management of X.509 and PKCS Formats. Direct Java Key Store Import.
PKCS #1, PKCS #7, PKCS #8, PKCS #11, PKCS #12, X.509 Certificates and CSRs. All key sizes for RSA, DSA, DES, 3DES, SHA-1, RC4, AES,
OCSP, CRL via LDAP, XKMS, HTTP, FILE, CDP.
Cert Chain Validation for XML Security and SS. FIPS 104-2 Level III HSM for Secure Key Storage and Management
Identity
Protocol level and message level access control. HTTP Basic Auth, X.509 Mutual Auth, Digest Auth, Cookies, HTTP Form Post.
WS-Security Auth (Username Token, X.509, Kerberos and SAML), SAML 1.0 and 2.0.
Adaptors: CA SiteMinder, LDAP, SunOne, MS Active Directory, RSA ClearTrust, Oracle CoreId, HP Select Access, IBM TAM, Sun JSAM, and any WS-Trust IDM.
Security
Request and response security processing.
XML Digital Signatures and Encryption with granular Element-Level Security.
WS-Security 1.0 and 1.1.
SSL v2.0 and v3.0, TLS v1.0.
XML Firewall with content-level filtering via built-in rules, XPath, schema tightening and RegEx. On-board virus scanning and malware detection in message and attachments.
Logging and Monitoring
Data-Level evidence repository with external archiving to MySQL, IBM UDB, Oracle, MS SQL.
Syslog monitoring, SNMP v3 w/ Forum MIB and JMX, SOAP logging, database logging.
Integrated 3rd party monitoring: HP-OpenView, CheckPoint ELA, Oracle WSM, CA WSDM.
Log to any SOAP enabled endpoint.
On-board WS traffic reporting, statistics and monitoring for SLA enforcement
Transformation
Wire-speed streaming XSLT Transformation. Full support of compound XSLT.
Attribute Mapping across protocol headers, Certificate/LDAP attributes and XML content.
Administration
Simple Web-based UI. Command-line Interface (CLI) with SSH access and Serial.
Global Device Management with Full Policy Mirroring and Partial Policy Promotion.
Role-based Access Control (RBAC) and Multi-Domain Administration
Forum Systems is a wholly owned subsidiary of Crosscheck Networks. The Forum Sentry XML Gateway and STS Identity Broker products are developed and sold by Forum Systems.
Please click here to visit the Forum Systems web site and learn more about these products.
There are some common XML Gateway myths that this post would like to dispel. These myths are a manifestation of vendors overwhelming the customers wi [...]
Reducing the Complexity of Application Security
Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive. A corporation that can [...]
Forum Systems latest XML Gateway targets SOA Federation
Looks like Forum Sentry, the pioneer and leader of XML Gateway and XML Firewall technology has announced its latest product that now addresses the gro [...]
Finally! What companies such asForum Systemspioneered a defensive layer for through its XML Gateway product,Forum Sentry, andCrosscheck Networksinven [...]
Qualifying your XML Gateway Horsepower
Often in our tech industry there is a penchant to spout off performance numbers without qualifying the metrics and conditions under which these number [...]
XML Gateways are becoming standard in enterprise SOA deployments with the following common themes:Identity mediation is the first step for the majorit [...]
Why is an XML Gateway a requirement?
The main two reasons to justify the capital expense of an XML Gateway are performance and security. When the enterprise deems those two reasons releva [...]
Forum Systems, the pioneer inXML Gatewaysbecame the first network appliance to be issued a Patent for XML security functionality. This issued patent [...]
XML Gateway: Best Practices, Requirements and deployment Strategies
XML Gateways are a great IT component for managing information flow between your enterprise and your trading partners. They provide the required fun [...]
XML Gateways: Reducing the inherent Cost of Security
Dennis Sosnoski, Consultant and Trainer, Sosnoski Software Solutions, Inc. published an informative article titled: "Java Web Services: The high-cos [...]
XML Gateway - Load balancing Techniques
As an XML Gateway, Forum Sentry sits in front of your SOAP/XML/REST Web services protecting back-end services. For externally facing services (traffic [...]
Is Your XML Gateway Secure? Advantages of a Certified XML Gateway
An XML device or application that provides security functions does not mean that the solution itself is secure. A secure XML hardware device requires [...]
