You are on page 1of 3

SecureSpan Solution

Solutions for Insurance

The SecureSpan Solution for Securely eextend your SOA to resellers & customers, reducing
Insurance offers:
the barriers to doing business and streamlining self service
Drive Partner-based Revenues
Securely sharing your applications SecureSpan XML Gateway selectively exposes your applications in a secure
via Web services improves manner to customers & partners resulting in agile, cost-effective
cost interactions
transparency, communication and
collaboration, making it easier for Increase Revenue Potential
partners to do business with you
rather than your competition. Making
aking it easier for partners to do business with you is fundamental to growing revenues.
But while
hile a third-party system like IVANS is an effective way of connecting with your
Cost-effective Self Service brokers, what about resellers that don’t need to remain at arm’s length, such as travel
Securely incorporate your customer agents, other insurers, banks, or credit card companies? Extending
xtending your SOA to resellers
portal into your SOA, creating a self would allow them access to your in-house systems and applications,
applications reducing the barriers to
service solution that is responsive to doing business by streamlining processes across company boundaries. But this raises
customer needs, while ensuring your concerns around security and data confidentiality.
backend systems and sensitive
customer data remain protected. The
he Layer 7 SecureSpan XML Gateway has been deployed
eployed at a number of Fortune 500
companies (including AXA and Guardian Life) to address their security and privacy concerns,
Some of our Insurance customers gating user access according to their entitlements
entitlements, and monitoring/actioning policy
include: compliance to ensure al alll communications between external users and back-end
back systems is
secure. A Web services approach allows qualified partners access to your back-end
back systems,
increasing their efficiency, removing IT overhead associated with implementing and
maintaining Web applications/portals, and enabling smoother business transactions
between companies

Flexible, Secure Self Service

Providing customers with the ability to self serve can significantly reduce your cost of
business. But most customer selfself-service systems are implemented as specialized Web-
based portals that are integrated to back
back-end systems using point
oint-to-point integrations.
Building out and maintaining such systems in response to customer demand takes time and
can consume a large percentage of today’s shrinking IT budget.. A SOA-enabled
SOA portal can
significantly improve the agility of your self service solution, but securely propagating
identity credentials across the user-based Web and machine-based based Web services can be a
complex undertaking

The Layer 7 SecureSpan XML Gateway uniquely addresses both the service-side
service and
consumer-side needs of SOA portal security. The Gateway can be configured against diverse
Identity and Access Management ((IAM) products so you can leverage one or more of your
existing policy decision points to make authentication and authorization decisions.
Moreover, the Gateway has the unique ability to flow session cookies generated inside a
To learn more about Layer 7 and Web Single Sign On ((SSO) product to a Web services client.
how it can address your
organization’s SOA and Web services By bridging iidentities between security domains in a SOA, Layer 7 can help you resolve
needs, call 1-800-681-9377 (toll identity
entity federation problems; monitor and track your services across the distributed
free within North America) or network, and coordinate security preferences across multiple domains in order to ensure
+1.604.681.9377 your Web services – and sensitive customer data – remain secure
Key Features
Identity and Message Level Security
Identity-based access to • Integration with leading identity, access, SSO and federation systems from
services and operations Oracle, Sun, Microsoft, CA, IBM Tivoli, Novell
• Enforce fine-grained entitlement decisions authored in an XACML PDP
Manage security for cross- • Credential chaining, credential remapping and support for federated identity
domain and B2B • Integrated SAML STS issuer featuring comprehensive support for SAML 1.1/2.0
relationships authentication, authorization and attribute based policies
• Integrated PKI CA for automated deployment and management of client-side
certificates, and integrated RA for external CAs
• STS support through WS-Trust and WS-Federation
Enforce WS* and WS-I • Support for all major WS* and WS-I security protocols, including SOAP
standards 1.0/1.1/1.2, WS-Security 1.1 / 1.2, WS-SecureConversation, WS-SecurityPolicy,
WS-Addressing, WS-Trust, WS-Federation, WS-Secure Exchange, WS-Policy and
WS-I Basic Security Profile, SAML 1.1/2.0, XACML 2.0
Secure WSDL, REST and • Selectively control access to interfaces down to an operation level
POX interfaces • Create on-the-fly composite WSDL views tailored to specific requestors
• Out of the box support for popular Cloud and SaaS interfaces from Salesforce
and Amazon
• Service look-up and publications using WSIL and UDDI
Audit transactions • Log message-level transaction information
• Spool log data to off-board data stores and management systems
Cryptography • Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 2)
Threat Protection
Filter XML content for SOA, • Configurable validation & filtering of HTTP headers, parameters and form data
Web 2.0 and Cloud • Detection of classified or “dirty” words or arbitrary signatures with subsequent
scrubbing, rejection or redaction of messages
• Support for XML, SOAP, POX, AJAX, REST and other XML-based services
Transactional Integrity • Protect against identity spoofing and session hijacking cluster-wide
Protection • Assure integrity of communication end-to-end
Prevent XML attack and • Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting
intrusion language injection attacks; external entity attacks
• Protection against XML content tampering and viruses in SOAP attachments
• DoD STIG vulnerability tested and assured
XML Acceleration
Accelerated XML • High speed message transformations based on internal or external XSLT
processing • High speed message validation against predefined external schema
• High speed message searching, element detection and content comparisons
Hardware SSL and Crypto • Offload SSL and WS-Security operations to hardware
Traffic Management
Throttling • Granular rate limiting and traffic shaping based on number of requests or
service availability across a cluster
Cluster-wide counters • Persist message counters across clusters so that rate limiting and traffic shaping
can be strictly enforced in high availability configurations
CoS for XML • Prioritize XML traffic based on Class of Service/Quality of Service preferences
Service availability • Manage routing to back-end services based on availability or latency
management performance

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Disaster Recovery and High Availability
Cluster-wide redundancy • All appliance clusters operate in live active-active mode to ensure recovery
from any single gateway failure
• New nodes in a cluster can be added without manual re-configuration
• All policy changes to a cluster can be made in real-time
• Migration of policies can be managed across mirror sites remotely
Back-up and restore • Complete backup and restore solution for both system and user configuration
across globally redundant mirror sites
Management / Administration
WS-Policy-based graphical • Compose inheritable policy statements from over 70 pre-made atomic policy
policy editor & composer assertions
• Branch policy execution based on logical conditions, message content,
externally retrieved data or transaction specific environment variables
• Publish policies to popular registries for lifecycle management
• Service and operation level policies with inheritance for simplified
• Policy lifecycle and migration management across development, test, staging
and production, as well as geographically distributed data centers
• API-level access to administration
• SDK-level policy creation for simplified policy customization
On-the-fly policy changes • Polices can be updated live across clusters with no downtime required
Global policy migration • Manage policy migration across development, test, staging, and production
environments, as well as mirror sites
Headless operation • Control administration directly through SOAP and RMI APIs
Create custom policies • Policy SDK allows for custom policy assertion creation using Java
Form Factors
Hardware • Active-active clusterable, dual power supply, mirrored hot-swappable drives,
2-way dual core Sun 1U server
Software • Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0
Virtual Appliance • VMWare/ESX (VM Ready certified)
Cloud • Amazon EC2 AMI
Supported Standards
XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10,
X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 1.1 / 3.0,
SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS-
Federation, WS-Addressing, WSSecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-
PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0

The SecureSpan Solution for Insurance is supported on all hardware, VMWare, cloud and software
versions of Layer 7’s SecureSpan appliances.
To learn more about how Layer 7 can address your needs, call us today at +1 800.681.9377 (toll free
within North America) or +1.604.681.9377or visit us at

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.