Database Reference
In-Depth Information
able to build reasonably complex flows for SOAP/REST services with an HTTP or SOAP
attribute verification and validation and so on. Development is policy-based, that is, you
can define the message flows and different policies for every step separately, maintain
nested policies (implementing a Policy Centralization SOA pattern), and apply a common
policy to the different flow elements.
Using drag-and-drop development, you can assign a scan for inbound messages, connect
to different identity providers, extract or inject SAML tokens, and protect them from
spoofing/alteration (see the message processing flow in the next screenshot). The full set
of OEG development categories is seen on the right-hand side of the next figure, in the or-
ange box . It is a truly complete set of functions, essential for perimeter protection, in-
bound/outbound message screening, authentication, authorization, and runtime audit.
Performance requirements
One of the critical requirements for a business is obviously concerned with incongruity
between security and performance. A simple dummy REST proxy service (not a real
case!), assembled as shown in the following screenshot, was even unable to stress dual-
core 8GB RAM VM, handling 500 REST transactions per second (response 3K JSON).
Actually, LoadUI from a single machine was unable to produce enough stress.
Search WWH ::
Custom Search