XML Web services is a term referring to a set of related standards that enable program-to-program communication. Acceptance of these standards is a key step in changing the economics of executing loosely coupled application integration. As an industry, we need to reduce the time and expense required to enable organisations to work together. Achieving those efficiencies requires the kind of standardization we are currently seeing in the XML Web services initiatives.
IT managers see security as the single biggest obstacle to deploying XML Web services. For example, Business Week recently reported that a survey of IT managers found that 45.5 percent considered security their single biggest Web services concern.
To address this concern, a new category of infrastructure software is appearing. Sometimes referred to as a network gateway or XML switch, but more frequently described as an XML application firewall, this new class of software is addressing the security and network monitoring needs of emerging XML data networks that firewalls today do not address.
Actually, in some ways "XML application firewall" is a confusing term, as this type of firewall is clearly distinct from existing IP-level network firewalls. In other ways, however, the term is very appropriate. XML application firewalls are like network firewalls in that they are focused on securing and monitoring your network. However, unlike network firewalls, they work at the application level using an in-depth knowledge of the Web services, service requestors, and message content. It is the XML Web services standardization of application-level data that makes application-level firewalls practical.
