Enterprises rely heavily on electronic data to exchange business document and information. Whether it is intra-enterprise, say for example, Enterprise Application Integration (EAI) or inter-corporate, say, Electronic Data Interchange (EDI), data transmitted through intranet, extranet or Internet risk confidentiality and integrity. While most enterprises and organizations choose XML and web services as their standard format to carry their sensitive information, there is need to protect contents from unauthorized access and alteration. Bloombase SOA is created to address the security issues and assure data recipients the true sender of the information received, whether the information have been disclosed to third parties and if contents are as authentic as they are created by the sender.

Extensible Markup Language (XML) is the de-facto industry standard for carrying business data. It is simple, and very flexible text format. Originally designed to meet the challenges of large-scale electronic publishing. XML is playing increasingly important role in exchange of a wide variety of data on the Web and elsewhere.

Due to the extensible and generic nature of XML, complex business data in any structure can easily be modelled and encapsulated in a unit of document. XML supports unicode and is designed for internationalization and localization. Therefore, XML is highly utilized in business data interchange amongst applications and business partners. Paper documents like quotations and invoices in early days are now replaced by electronic documents enclosed in XML format.

The server side utilizes XML in various configurations and remote procedural calls (RPC). Web Services is one of the most typical applications of XML in service-oriented architecture (SOA) systems. Remote method calls and parameters are sent to remote machines for processing by encapsulated inside an XML document, so are returned values.

EAI data are where the most real-time, confidential and sensitive data found amongst an enterprise. When these data are sent via the Internet reaching business partners, there are potential risks the data are captured by unauthorized third-party and altered before reaching recipients, it poses several security threats including

• Loss of confidentiality
• Loss of data integrity
• Loss of source authenticity

Enterprises are required to protect their customer data from disclosure and to keep their business running without unwanted troubles and interruption, they should ensure data in their original form and be confident business instructions received are from their valid business partners. EAI security is a must for successful deployment of data interchange.

Bloombase SOA is designed and built according to the following international standards

• W3C enveloping, enveloped and detached XML signature generation and verification
• W3C XML encryption and decryption
• PKCS#1 signature generation and verification
• PKCS#5 password-based encryption and decryption
• PKCS#7 signature generation and verification
• NIST FIPS-197 AES encryption and decryption
• NIST FIPS-46-3 3DES encryption and decryption
• DES, RC4, RC2, CAST5 encryption and decryption
• 512, 1024 and 2048 bit public key cryptography
• RSA and DSA public key cryptography
• SHA-1 and MD5 hash generation

Yes. Bloombase SOA supports ebXML Messaging Service (ebMS) 2.0 as well as transparent security processing of ebXML payloads via transports including HTTP and SMTP.

Bloombase SOA is a network appliance with various open connectivities for messages including FTP and SMTP. Bloombase SOA appliances can be set to run with enterprise messaging servers within an hour. For enterprise messaging servers with proprietary interface requirements, Bloombase SOA possesses connectivity libraries in C, C++ and Java supporting plain socket, HTTP, Java RMI and web services which should support all platforms.

No matter your ERP/EDI systems produce or consume XML or non-XML data, if there is a need to enforce security to information exchanged, Bloombase SOA can fit in. Bloombase SOA has broad connectivities from out-of-the-box FTP and SMTP to programmable interfaces written in C, C++ or Java as well as language neutral plain socket and Web Services.

Bloombase SOA can generate and verify the following XML signatures

• Enveloping XML
• Enveloped XML
• Detached XML

A one-way hash function is a transformation that intakes a variable length data and returns a fixed length string or numeric value. A hash function is said to be one-way if it is hard to invert, where "hard to invert" means that given a hash value, it is computationally infeasible to find the original data. Therefore, a one-way hash is commonly considered a secure digest of a message. Changes of an original message to as little as one single bit will yield a totally different hash value.

Bloombase SOA supports the following international hashing algorithms

• SHA-1
• MD5

Canonicalization, in XML context, refers to the process of finding a simplified form of an XML representation that are logically equivalent, in other words, a method of XML normalization. Canonicalization is needed as XML produced by different XML outputters or platforms differ in format. To enable interoperability in heterogeneous XML message exchange environment, canonicalization is carried out on XML messages such that message digest calculated is ensured the same. Without canonicalization, signed XML may not contain correct digest value for verification, and verifier may not be able to accurately verify if the signed XML message in its original form.

Canonicalization is extremely resource intensive operation. With Bloombase's superb engineering and tuning, Bloombase SOA gaurantees canonicalizing XMLs of any size.

Service-oriented architecture (SOA) is essentially a collection of services communicating one another. The communication can involve either simple data passing or it can involve two or more services coordinating some activity.

The technology of Web Services is the most likely connection technology of service-oriented architectures. Web services essentially use XML to create a robust connection. Therefore, for customers requiring SOA protection, Bloombase SOA can also help to secure information carried in SOA requests and responses.

XML parsing, XPath, canonicalization, digest and signature generation are processor and memory intensive tasks not welcomed by general purpose microprocessors. Bloombase SOA takes a hardware ASIC approach to lower processing latency and raise overall performance. XML operations are carried out in Bloombase SOA using a streamlined and multi-threaded approach, thus requiring least memory footprints.

Message authentication refers to the operation of checking message contents and assuring contents remain unchanged and authenticity of source. It is commonly accepted digital signature generation and verification are the best strategies for authenticating messages.

Bloombase SOA creates message authenticity information and authenticates message contents supporting data in plain, email or XML.

Enterprise messages usually contain confidential data that should be kept secret and not known to third parties at all times. To protect sensitive information from prying eyes, encryption is the best solution. Intended hackers have to pay extremely high price to be able to undo the ciphered contents which are normally considered computationally not feasible.

Bloombase SOA encrypts message contents into ciphered text not understandable by unauthorized parties.