Here at Layer 7 we get asked a lot about our support for REST.
We actually have a lot to offer to secure, monitor and manage REST-style
The truth is, although we really like SOAP and XML here at Layer 7, we also
really like REST and alternative data encapsulations like JSON.
We use both REST and JSON all the time in our own development.
Suppose you have a REST-based service that you would like to publish to the
world, but you are concerned about access control, confidentiality,
integrity, and the risk from incoming threats.
We have an answer for this: SecureSpan Gateway clusters, deployed in the DMZ,
give you the ability to implement run time governance across all of your
Pictures are nice, but this scenario is best understood using a concrete
example. For the services, Yahoo’s REST-based search API offers us
everything we need–it even retur... (more)
Sometimes I wonder if anyone, in the entire history of computing, has every
bothered to read and consider the contents of a typical End User License
Agreement (EULA). Some Product Manager, I suppose (though truthfully, I’m
not even sure of this one).
The EULA, however, is important. It’s the foundation of an important
consent ceremony that ends with only one effective choice: pressing OK. This
much-maligned step in every software installation is the only real binding
between an end user and a provider of software. Out of this agreement emerges
a contract between these two partie... (more)
True story from the consulting trenches: the operations staff had left hours
ago, shaking their heads and reluctantly leaving the consultants to resolve a
problem with their code. It was well past midnight, in the middle of winter,
in a town many time zones from home. The project was late. Altogether, this
was an awkward situation that you probably know well.
The consultants - falling into that murky classification of not quite
outsider, nor regular employee - worked from hobbled accounts; the security
staff were pros and took their charge seriously. By 2:00 a.m., the group was
Business has long pursued the goal of making IT more of a strategic tool and
less of a necessary evil. Organizations are constantly looking for easier,
cheaper, and more logical ways to build applications and unite the silos of
functionality they still depend on. One approach that has met with some
success is the concept of just-in-time integration - a technique to combine
new functionalities as quickly and cheaply as required, whether they reside
inside an organization or outside of it (i.e., with a business partner).
From the architectural perspective, just-in-time integration ... (more)
It's a problem as old as networked computing. Consider two applications. They
negotiate a level of trust. How can that trust - or security context - be
transferred to a third application, one that may exist in an entirely
different security domain from the first?
This problem has been solved before, but is limited by proprietary solutions
that resist integration. The challenge now, which is a significant one, is to
solve it again, but this time for Web services - a task complicated by the
need to accommodate a broad range of established security procedures and
legacy technologie... (more)