Features
..........................................................................................................................................................................


Simple security policies



 


Working hours security policy


 


ITAC WS-Guardian® has working hours-based security policies that provide access for a service consumption only during a specific timeframe for a particular user and is defined by the company supplying the web service.

Example: The university allows the notes registration to authorized users only from 8:00 am to 3:00 pm, when the academic records area is open and it is from where the services are invoked.

 

 

..........................................................................................................................................................................



 

Content-based security policy

 


The content-based security policy is an authorization configuration established in ITAC WS-Guardian® to control the access to services according to the content of the request sent from the client to the Web service; ITAC WS-Guardian® checks the content of SOAP message and finds into the body of the XML message, the specific words that enable the access to the service.
Example: When the supply area of a supermarkets chain, which is a bank customer, is going to perform a transaction using the business portal, the platform prevents the messages sent from being authorized if they contain, inside the body of the message, an "amount" label which content is a number bigger than 50,000,000

 

 

..........................................................................................................................................................................



 


IP Addresses security policy

 


An IP address-based security policy is a configuration that defines which numbers/addresses (those that identify a device's interface and are assigned by the Internet Service Provider- ISP ) can access to the Web service guarded by ITAC WS-Guardian®

Example: The portfolio user can only access to the consulting service from the computer identified with the IP number 192.168.200.150 since that is the assigned workstation to the officer that runs the process in which the consulting service is invoked.

 

 

Note: It is important to clarify that an IP address is different and much more reliable than a computer name, given that the IP address identifies the interface by which the computer accesses to the internet, instead, the computer name is a relatively informal name that is given to the device connected to the computer network.

..........................................................................................................................................................................



 


Weekdays security policy

 


Working hours are not standardized for all companies, nor the scope of the service to provide, hence ITAC WS-Guardian® allows the provider of the Web service, through the weekdays security policy, to filter the access to the service and also to set the days that he or she considers appropriate for the service provision.

Example: The service won't be available from 13 to 18th of June, to any user, given that there are some holidays in the country and the operations represented by these services cannot be invoked.

 

 

..........................................................................................................................................................................



 


XML Signature security policy

 


ITAC WS-Guardian® enables the authentication and non-repudiation of a service through the use of security policies using digital signatures.

Example: Based on a message that a sender submits to a centralizer, a query with an associated business cost is generated. At the end of each week a bill is generated with all the messages submitted by the sender. In order to prevent that other areas or clients of the centralizer perform the query on behalf of others, the message is signed (digital signature), so that the receiver can ensure the message's origin and likewise, the sender could not deny that he/she sent the message (non-repudiation).

 

 

..........................................................................................................................................................................



 


Security policy using XML Encryption

 


The security policy using XML encryption enables to maintain and guarantee the information's confidentiality, so that this is transposed or hidden since the moment it is generated until it reaches its authorized recipient.

Example: This policy can be applied to the entire message, or only to some of its sensitive fields, such as transaction amount, account or credit card number or some check digit – PIN

 

 

..........................................................................................................................................................................



 


Security policy based on HTTP Headers

 


The security policy based on HTTP headers is a connection protocol that allows the entry of requests made by a client only when the SOAP message's header matches with the security parameter set by
ITAC WS-Guardian®

Another use of this policy is the validation that a particular HTTP header is located on the message. This header can be added for example, by a network element such as a load balancer or a firewall, indicating that the message has passed through that device.

 

 

 

..........................................................................................................................................................................



 


Security policy composed of two policies: IP Address and XML signature

 


The UsernameToken security policy ensures that only the user with an authorized IP address, and that subsequently shall authenticate itself through a username and password, is really the one that is consuming the service.


 

 

 

..........................................................................................................................................................................



 


Security policies based on timestamps

 


The security policy based on timestamps is a mechanism that enables to track the time or moment of creation, modification and expiration of a document, namely, it allows to demonstrate its per-existence and integrity in a given time.

ITAC WS-Guardian® allows you to assign a time in seconds that defines a message's lifetime.


 

 

 

Back to menu

..........................................................................................................................................................................

 

 

 

 

 

 

© Copyright 2018. ITAC. / Diseño y Producción Sitio Web : ITAC : www.itac.co / Todos los derechos reservados. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.