Westbridge Offers Web Services Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
06:57 PM
Connect Directly

Westbridge Offers Web Services Security

It's positioning its upgraded XML Message Server as a safeguard for users of Microsoft Office 2003.

Westbridge Technology has upgraded its XML Message Server to provide security policy enforcements for Web services and is positioning the upgrade as a safeguard for users of the newly released Microsoft Office 2003 suite.

Office 2003's Excel spreadsheet program now can be translated into XML and incorporated intoWeb services, which could leave an organization exposed to new threats, says Kerry Champion, president and founder of Westbridge. "Microsoft and security are typically not complimentary words," says Champion.

Forrester Research analyst Ted Schadler wrote in a recent brief that Office 2003 provides limited support for XML, and said tools are needed to validate XML schemas and enforce security policies and standards, such as Security Assertion Markup Language [SAML] and WS-Security, for Office-generated files and documents that are exchanged on the Web. SAML and WS-Security are standards for establishing credentials for consumers and Web service users

As developers start to use Office 2003's XMS Plug-in for Excel spreadsheets, they will find there is no means of supporting authentication, encryption, and use of digital signatures for getting a secure, back-end system to accept an inquiry or message, says Andrew Yang, senior director of marketing at Westbridge.

The Westbridge XML Message Server can parse an XML message, inspect the contents, check the validity of the schema and otherwise check for tampering. Since XML provides an English-like instruction and tagging system, a hacker getting access to the message could change the contents or insert an unintended inquiry, Yang notes.

"One of the problems with Office 2003 is that a lot of people (who start using its XML features) don't understand the complexity," says Jason Bloomberg, an analyst at research firm Zap Think. A hacker gaining access to a message can insert executable code, and an XML parser will run it as it processes the message. Less likely than tampering, however, is the employee who tries to find out something he or she isn't authorized to know, Bloomberg says. XML Message Server will enforce user identification system policies on such a user, he says.

XML documents could also serve as involuntary hosts for buffer overflow attacks, where a server is intentionally crashed through errors in a message and then starts to execute a hacker's code as it reboots itself, says Yang.

The XML Message Server can construct a view of a Web service that decides what rules and policies should be applied to the user involved. The message server may also generate XML schemas and impose the schemas for certain purposes, ensuring that the data in the message is consistent with the message format.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll