DataPower Optimizes XML Apps for Finance

DataPower, a small, private start-up in Cambridge, Mass., is pushing the envelope on XML-optimized firmware for devs implementing web services. See how the company gives IT teams snap-in support for web secure-XML transformations that integrate with the financial sector's demands. Also, review the latest free program.

Tags: XML, Security, Finance, Web Services, XML Standards, Datapower, XS40,


DataPower, a small, private start-up in Cambridge, Mass., is pushing the envelope on XML-optimized firmware for devs implementing web services. The company's hardware/software XML-centric device provides IT teams snap-in support for web secure-XML transformations that integrate with the financial sector's demands.

Over the past two years, Datapower has focused on developing "snap-in" solutions that augment XML performance boosts with support for XML/web services security and for highly-specialized vertical schema.

The first fruits of that effort are available this spring to financial IT architects and developers, as Datapower is offering a suite of free whitepapers, policies and web services templates to help IT departments cope with bridging together emerging web services security (such as SAML, WS-Security, and its component pieces -- XML Encryption and XML Digital Signature). and support for the financial sector's Market Data Definition Language (MDDL), as well as several key financial policy markup languages, including FinXML, FIXML, FpML, and IFX.

The free program offerings aimed at making it easier for IT staff to deliver message integrity and confidentiality to XML transmissions, were developed in conjunction with a number of Datapower's financial customers, including The Principal Financial Group.

The DataPower device can rapidly bind financial services XML applications to horizontal web services security standards, resulting in a rapid, highly secure web services deployment with lower operational complexity and management costs. This combination is well suited to the risk-averse financial services market with the end result of simplifying development efforts and rapidly improving time to market of sensitive, complex transactions using web services.

"Our whole goal is to let development teams leverage our hardware for their XML/web services rollouts, whether for XML performance, or by making pre-configured support for many security and XML standards they need to meet," Eugene Kuznetsov, CTO and chairman at DataPower told IDN. "While companies are developing the expertise for security standards like WS-Security, XML encryption, XML digital signatures, and XML-based PKI and access control, we take the burden off the developer for implementation," he added.

The Datapower program, targeted at architects, developers, security officers and network administrators, provides:
* Pre-built policies for "drop in" security for XBRL or MDDL messages running through a DataPower device
* Deployment scenarios on meshing the vertical XML standards with the horizontal XML standards within the financial services industry
* Case studies on companies that have successfully secured web service implementations.
* Whitepapers detailing how to recognize and mitigate the increased operational and security exposure for network teams and security officers

A Gartner analyst says that while financial IT shops are on the cutting edge of XML adoption, they're still looking for help to overcome concerns over security and performance. "The use of vertical XML standards in financial services is on the rise. However, for XML standards such as MDDL, XBRL, RIXML to achieve widespread adoption, robust security for privacy, non-repudiation, trust and message integrity will be critical," said Gartner's principal financial services analyst, in a statement. "Horizontal Web services standards like WS-Security, XML Encryption, XML Digital Signatures and SAML are all key enablers to the increased use of XML in financial services."

At Work with Datapower's XS40:
Tuning XML for Auto Financing

RouteOne LLC, a credit application approval joint venture for the auto industry formed by DaimlerChrysler Services, Ford Motor Credit Company, GMAC and Toyota Financial Services, uses Datapower's XS40 XML hardware/software gateway to add security features to its financial XML-based web services application network.

RouteOne's network design will link thousands of dealers nationwide to multiple finance sources to exchange credit application information online. The Datapower XS40 provides message verification, message signing, transport layer security and other auditing functions.

Remote dealers submit loan applications over the network for processing by RouteOne. Each submitted loan is sent via SOAP over SSL, and contains a digital signature for verification and auditing purposes. The XS40 performs the signature verification on the in-coming credit applications, and in turn hands applications over to the dedicated loan
application server. Results from the loan processes are then returned to the XS40, which signs each message (for non-repudiation purposes). These XS40-signed documents are then sent over SSL to the remote dealerships.

Datapower's XS40 is a self-contained hardware/software gateway which shared by applications, and provides security at the network's edge with familiar interfaces. It also provides several other benefits for application deployment and maintenance, including:

  • Transparent XML security support (via URL rewriting, high-performance XSL transforms, XML/SOAP routing, and support for WS-Security and SAML components)
  • Easy integration with pre-existing security components, (including firewalls and load balancing devices, and is compatible with single sign-on systems, and PKIs):
  • Schema validation (to ensure incoming/outgoing XML documents are legitimate and properly structured, to also protect against Denial of Service attacks);
  • Upgradeable schema support (to enable developers/admins to update and/or refresh their XML web services or vertical schema); and
  • Simple policy reconfiguration (via filters that can be pre-defined and automatically uploaded based on day/time or other definable triggers)



    back