Network World published a good article on "Choosing the right XML Security Appliance" recently.
Definitely any XML Security Appliance should support all the requirements which Igor Khurgin lists in the article. As Igor mentions, some XML Gateways do not support all types of SAML assertions (he notes that "Vendors also get picky about what SAML assertions they support (most support authentication and only a few support authorization and attribute)"). Vordel supports the consumption and generation of SAML Authentication Statements, SAML Attribute Statements, and SAML Authorization Statements (as well as supporting both sides of the SAML/XACML AuthorizationDecisionQuery message exchange).
This is a great point from the article: "Extensibility and ease of integration: No appliance can provide 100% of the required functionality out of the box." Very true. I can only speak for Vordel, but we provide extensibility through XSLT, Java, and scripting languages (including JavaScript).
The article is a great introduction, covering the base requirements. Most organizations will also need to add some specific requirements of their own. Nobody wants to buy an XML Security Gateway and then think "hang on, how does this thing work with our deployment of SiteMinder?", or hand it over to operations staff who ask "has it got an SNMP MIB I can load into OpenView?" and think "hmm I never asked the vendor that".
Thinking lazily about music and discogs
1 day ago