DataPower charges up appliance to secure Web services

Pushing its deep XML processing and networking experience, DataPower Technology Inc. turned its fortunes toward a crowded security ring on Monday with the release of its XS40 XML Security Gateway for securing Web services transactions.

The second component of DataPower’s network access solution family, the XS40 appliance addresses bi-directional network perimeter Web services “selective sharing” of data carried by simple open access protocol (SOAP) and XML from an infrastructure point of view rather than from an application methodology, said Eugene Kuznetsov, founder and CTO of Cambridge, Mass.-based DataPower.

Kuznetsov said XS40 will use DataPower’s XG3 acceleration engine to speed up a host of best-practices procedures for XML transactions, including filtering, schema and message validation, decryption, parsing, authentication, and XML transformation.

“XML security cannot be done right unless you have full XML knowledge,” Kuznetsov said. “It’s not about the latest ‘ivory tower’ academic standard that comes out and supporting that. It’s about applications that need to exist today; security and performance are inherently linked.”

In fact, speed and performance offered by XS40 proved a critical factor for RouteOne to choose the product over a number of competing software-based and network-based alternatives to protect and ensure the validity of XML transactions over Web services.

RouteOne, a joint venture formed by Daimler Chrysler Services, Ford Motor Credit, GMAC, and Toyota Financial Services, is developing a Web services-enabled online loan application automobile credit network. The organization plans to construct a common platform to exchange encrypted information or SSL between automobile dealers, financing sources, and consumers to streamline credit approval processes, according to Dr. T.N. Subramaniam, IT chief architect at Southfield, Mich.-based RouteOne.

“I think scaling is a huge issue. DataPower was the fastest we could find and it came within the performance envelope to run this application,” Subramaniam said. “We were able to make changes without going back to them, so we were impressed with the level of configurability they were giving to us.”

Subramaniam said RouteOne plans to roll out its online credit application in the third quarter of this year.

Ted Schadler, group director, at Forrester Research, in Cambridge, Mass., said it will prove interesting how companies such as DataPower and its competitors – including Forum Systems, Westbridge Technologies, Reactivity, and Vordel – work to bridge the gap between networking and application personnel, two factions that traditionally have not seen eye-to-eye.

He noted that DataPower’s XML core processing heritage should bode well for its chances to make an impact, despite the possibility that performance bottlenecks may ultimately be less about processing and more about communication between pieces of the unified infrastructure.

XS40 features a degree of configuration flexibility to capably respond to ongoing Web services specifications initiatives such as SAML, WS-Security, and XML encryption. Vulnerability assessment testing of the appliance was performed by @Stake, a Cambridge, Mass.-based security research firm.