@IT エンタープライズJavaシステムの課題

@IT:Java Solution 第9回読者調査結果
Java Solution
第9回 読者調査結果

Aeroplan: Reactivity: Case Study: Circumventing Web Services Security Problems

カナダのFrequent FlyerプログラムがWebサービスを採用、XMLファイアウォールにReactivity。
Enterprise Systems | Case Study: Circumventing Web Services Security Problems
Aeroplan adopts an XML firewall
by Mathew Schwartz

Making the jump from XML to SOAP XML-based Web services wouldn’t be easy, however. Four years ago, when Aeroplan chose XML as a message-exchange format, there were few standards; it had to create its own XML formats. Today, “those XML services are not Web-enabled,” notes Kattou. “So a big mandate was, we did not want to rewrite those services and open up the code to this kind of Web and IVR code for Web services. We just wanted to open up a real-time channel, if you like, to our partners.” Of course, “once you expose your XML services as Web services, they’re Internet-facing, and anyone could attack them,” notes Kattou.
Security concerns aside, another hurdle was portable bridging?to adapt the IBM MQSeries transport-layer protocols Aeroplan uses, which are TCP/IP-based, to work with HTTP (and HTTPS). The company also wanted an easy way to filter out XML tags partners shouldn’t see.