Sei sulla pagina 1di 2
The SecureSpan XML VPN Client offers: Secure X-Domain Communications Securely bridge identity silos by enforcing

The SecureSpan XML VPN Client offers:

Secure X-Domain Communications Securely bridge identity silos by enforcing client-side authentication and provider-side authorization, while ensuring sensitive identity data remains protected.

Rapid SOA Deployment Eliminate the need to re-code and re-test client applications when a Web service provider’s security, routing, and transaction preferences change.

To learn more about Layer 7 and how it can address your organization’s cloud and Web services needs, call 1-800-681-9377 (toll free within North America) or


Se cureSpanXML VPN Cl ient

Secu rely bridge communications between divisions, branch

offic es, affiliates and third-party services

without coding.

Centr ralized organizations with semi-autonomous de partments, agencies, and t erritories, or that want closer ties to arms-leng th affiliates and contr actors can now cost-effectively create a loosely -coupled network of servi ces while ensuring security.

Secu ring Cross-Domain Communications

As mo re and more organizations spin off business entities and outsource services to third-


integr al” entities remain secure. But determining exactly who, from which organization has access to which applications and services in each separate secu rity domain can be proble matic. While many solutions to this identity bridging pro blem have been tried over the ye ars, most have proven too expensive in terms of adminis tration and/or infrastructure costs.

providers, concerns arise over ensuring interactions betw een these “separate but

The Se cureSpan XML VPN Client (XVC) works in conjunction wi th the SecureSpan XML Firewa ll or XML Networking Gateway to effectively overcome t he separation of authe ntication and authorization tasks across trust boundaries , delegating authentication to the se rvice requestor while preserving control over authorizati on for the provider hosting the se rvice.

In this way, organizations can ensure authorization happens cl ose to the service provider; passw ords never leave the source network, and yet identity is preserved for logging and auditi ng purposes. Avoid the pitfalls inherent in consolidating i dentity stores or setting up inter-L DAP/Active Directory trust or delegation.

Spee ding Deployment

In add ition to acting as a near “drop-in” solution to the federat ed identity problem descri bed above, the XVC also reduces deployment time for cli ent applications. When

access ing business services, client applications must conform t o the access control and securi ty policies layered onto the service. This typically entails coordinating policy

requir ements at design-time, coding into the client any modifi

and th en testing and/or debugging the resulting interaction wi th the service.

ations or additions required,

The XV VC, deployed as either a standalone application on a clien t system or incorporated into the cli ent-side application itself, automatically negotiates polic y-specific security, routing, and tr ansaction preferences with the SecureSpan XML Firewall or XML Networking Gateway in real time. In this way, the XVC eliminates the need to progra m the client (or re-program it as ind ustry standards, business policies and government regula tions change), automating and sp eeding the deployment of client-side, XML-based applic ations.

Key Features

Trust and Identity Infrastructure

SAML Support

Interfaces with Security Token Service (STS) via WS-Trust or WS-Federation enabling federated identity deployments.

Built-in Trust Store

Streamlines authentication by storing X.509 certificates issued by the SecureSpan XML Firewall or XML Networking Gateway onboard Certificate Authority.


Supports client credentials from a broad range of identity sources including LDAP, Active Directory, and X.509 certificate-based Public Key Infrastructure (PKI).

SSO Extensibility

Leverages and extends most popular SSO/access management systems, including CA SiteMinder, IBM Tivoli Access Manager, Novell CentraSite, and Sun OpenSSO.

Management and Administration

Automatic Policy

Automatically coordinates policies with the SecureSpan XML Firewall or XML Networking Gateway.



No end-user runtime interaction is required. Optionally runs as a service in Microsoft Windows environments.

Interaction Support

Delegated Message

Allows the offloading of message signing, encryption, compression and security decoration from client applications speeding to time deployment by eliminating the need to re-code and re-test.


Form Factors

Standalone Executable

Supports Linux and Windows platforms.


Integrated inside a SecureSpan XML Firewall or XML Networking Gateway for “drop- in” Web services federation.


Software class library available for custom thick client development.

Supported Standards

XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10, X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 1.1 / 3.0, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS- Federation, WS-Addressing, WSSecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS- PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0, MTOM

The SecureSpan XML VPN Client can be deployed in conjunction with all currently shipping versions of the SecureSpan XML Firewall and SecureSpan XML Networking Gateway appliances, soft appliances and software versions.

To learn more about how Layer 7 can address your needs, call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377or visit us at

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.