An overview of features and basic use of the product.
Install and Upgrade
The xmlvpn enables fast and flexible partner or portal connectivity in XML and web services environments. Deployed as software in partner and portal environments, the xmlvpn provides a code-free mechanism for managing PKI, single sign-on, federation, client-side credential management, and security change management in cross-domain and portal web services integrations.
The xmlvpn interfaces with client-side applications and automatically negotiates policy-specific security and transaction preferences with the Gateway in real-time. Client systems send message requests to the xmlvpn, which functions as a client-side proxy, applying necessary protocols, headers, or transformations to the message as required by the policy in force. Policies modified through the Policy Manager are automatically applied in real-time by the xmlvpn to ensure that all subsequent messages conform to the updated policy. The xmlvpn ensures rigorous, fine-grained security with automated change control end-to-end across even the simplest service integrations, essentially ensuring loose coupling between services and their client applications so that service policy changes do not automatically break integrations.
The xmlvpn acts as a service proxy by establishing a PKI-based trust relationship with one or more Gateways. Known as a “Gateway Account,” the proxy relationship in the xmlvpn is essentially a setting that combines a Gateway with a single set of credentials that are used to process service requests.
Generic Web Services
The xmlvpn can be configured to connect to any generic web service not behind a Gateway. This may be useful if the web service is configured for secure access and returns a secured response. The xmlvpn can also communicate with non-secure services; for example, using a policy to add a timestamp to a request without signing it.
Policies and the XML VPN Client
The core function of the xmlvpn is its ability to decorate and route service messages to and from a gateway. When the xmlvpn receives a request message from a client application, it decorates the message according to the security requirements specified in the service’s policy before routing the message to the target Gateway for processing. Upon receiving a response from the Gateway, the xmlvpn undecorates and routes the service response message back to the client application.
As part of the security requirements for a service, the xmlvpn may have to establish a security session with the target Gateway. The policies that define the type of security session required between the xmlvpn and gateway, if any, are developed in the Policy Manager and saved in the target Gateway. The policies are automatically downloaded to the xmlvpn from the Gateway during the initial consumption of a service or manually imported from another location. For more information about policies in the xmlvpn, see .
This section contains additional useful information about the xmlvpn: