SOA Software Homepage
 

Regulatory Compliance

Click here to view a print-ready version of this page

SOA Software™ offers closed-loop, integrated SOA governance solutions that provide a comprehensive end-to-end audit trail for all XML and Web services transactions.  SOA Software leverages the built-in Identity awareness of its Service Manager™ and Workbench™, and its tight integration with leading Identity and Access Management platforms.  It is the only vendor that can identify the user that initiated a particular transaction and track that user’s identity through to all the end systems responsible for completing it.

In many cases Web services can become the point at which accountability and non-repudiation chains are broken, and therefore cause regulatory compliance failures.  Many implementations are unable to integrate effectively with external identity and access management solutions and cannot maintain the integrity of the identity trust chain.  SOA Software’s Service Manager offers several unique integration points and mechanisms to guarantee end-to-end trust, authentication, authorization and auditing.

SOA Software’s Delegate™ can take an HTTP cookie based credential and, through integration with its issuer, convert it to a signed SAML assertion.  This ensures that the Web service request message is authenticated and authorized for the original requestor, and not just for the portal, or requesting application.  For customers using Netegrity SiteMinder and TransactionMinder, SOA Software encapsulates a Transaction Minder agent inside the gateway to generate Netegrity signed SAML assertions that maintain the complete trust chain.

SOA Software’s Network Director™ also encapsulates Netegrity TransactionMinder or IBM Tivoli Access Manager agents to ensure the authenticity of the message sender and to provide fine-grained authorization for the requested operation of the Web service.

Both the Delegate and the Network Director provide comprehensive usage, security and message auditing.  This provides a mechanism to ensure that your enterprise complies with internal and government driven regulations such as HIPA and Sarbannes Oxley.