Entrust Secure Transaction Platform

The Entrust Secure Transaction Platform delivers security to enable Web services transactions and server-based applications.

Web Services Need Security

Web services is the next phase of Extranet evolution destined to achieve efficiencies of automation and faster customer service by integrating business processes within the enterprise and with business partners. Security is recognized as a major obstacle to wide-spread adoption of Web services.

A key enabler for extending access to information and business process has been the level of security and trust organizations can implement in their systems. As organizations provide wider access to their sensitive information, the risk of serious damage due to malicious manipulation becomes a critical challenge.

“The business benefits of Web services can be erased in an instant if a customer’s security is compromised or critical business intellectual property is exposed.” Gartner
“How to Be Leading Edge — And Safe — With Web Services”
February 2002

The Entrust Secure Transaction Platform delivers a set of fundamental security capabilities to enable Web services transactions to become trusted transactions. This security product portfolio for Web services will help address the fundamental security issues of:

  • Authentication - how can the service provider be confident that the requestor is who they claim to be, and vice versa? And, how can a service provider easily support the multiple types of authentication methods (for example, digital certificates, userIDs and passwords, and more…) that exist today and will continue to exist for the foreseeable future?
  • Authorization - how can the application determine whether the requestor is approved to use the service?
  • End-to-end Encryption - how can Web services transactions be protected from unauthorized access during end-to-end transmission and storage?
  • Digital Signatures - how can there be an audit record of transactions to make users accountable for the transaction?

Extending Investments in Security and Web Services

Entrust has designed the Entrust Secure Transaction Platform to help leverage and extend existing investments in client/server and Web portal security solutions to allow governments and businesses to migrate to and adopt Web services as their Web strategy evolves. Many customers have reduced operation costs and improved levels of service with the Web services solution from Entrust.

The Entrust Secure Transaction Platform consists of a set of Foundation Security Services that provides essential security capabilities to enable secure transactions. These services provide the building blocks for integrating authentication, authorization, digital signatures, and encryption into transactions. These fundamental trust services are provided through Web services interfaces to allow for easy integration and deployment.

Foundation Security Services include the following:

Direct Integration with Foundation Security Services

Through the Entrust Secure Transaction Platform, Entrust is expanding the ways in which organizations can integrate security into Web services applications. Historically, Entrust customers and partners have used the Entrust Authority™ Security Toolkit for Java to add security to Web services applications.

Rather than embedding security functionality through a toolkit, this new platform offers Web services interfaces to application developers. The Entrust Secure Transaction Platform will enable organizations to directly call the Foundation Security Services from their Web applications, or to alternatively integrate these services into SOAP firewalls and application server plug-ins that provide security transparently to applications.

When integrating security in this manner, for example, an application would directly call out to the Identification Service to determine if it should accept a Web services transaction from another service. In this instance, the application might receive a digitally signed SOAP message, where the digital signature on the message can be used to identify the originator of the message and also provide integrity on the message contents. In such a case, the application would pass the signer's digital certificate to the Identification Service to determine whether or not the signer is trusted by the organization. Once the signer's identity is known to be trusted, the application could then send that identity to the Entitlements Service to determine if the signer has the right to send a SOAP request to the Web service.

In a similar fashion, a Web services application could interface with the Verification Service to obtain a centralized digital signature and timestamp on a transaction.

Consistent Security Policy Enforcement

Like all Entrust products, the Entrust Secure Transaction Platform strives to remove complexity and achieve consistent and transparent enforcement of security policies across applications, platforms and services.

Web Services and XML Security Standards

To foster widespread adoption and interoperability of security and Web services, Entrust will continue to be an active participant in the security standards organizations.

Today, customers and partners implement the Entrust Authority Security Toolkit for Java to secure Web services transactions using the "XML-Signatures Syntax and Processing" specification (XML Digital Signature), a W3C recommendation and IETF draft standard that Entrust helped initiate and co-author in 1999. The Entrust Secure Transaction Platform also provides support for major Web services and Internet security standards including SAML, XACML, XML Digital Signatures, XML Encryption, XKMS, WS-Security, X.509v3 digital certificates, Secure Sockets Layer (SSL) and many others.

Availability of the Entrust Secure Transaction Platform

The Entrust Verification Service, Entrust Identification Service and Entrust Entitlements Service are now available.

For additional information, have an Entrust representative contact you directly.