Back to Security Pattern Catalog
Secure Message Router
: Perimeter Security, Tampering
Using web services workflow in an organizational workflow or across the Internet with multiple partners poses a lot of challenges. When the multiple nodes process and alter a message as part of the workflow, then a single encryption does not work. A more complex scenario is when the messages are fragmented into different parts and each intermediary has access to a particular fragment but is unauthorized to other message parts. When multiple parties are involved, it becomes difficult to communicate with a standardized infrastructure.
How can you provide a security intermediary infrastructure that can handle multiple recipients using a standards-based framework, that can provide message-level configuration security mechanisms, and that can support SSO for accessing disparate security infrastructures?
Establish a security intermediary infrastructure that aggregates access to multiple application endpoints in a workflow or among partners participating in a Web service transaction. Secure Message Router acts on incoming messages and dynamically provides the security logic for routing messages to multiple endpoint destinations without interrupting the flow of messages. It makes use of a security configuration utility to provide endpoint specific security decisions and mechanisms, configuring message-level security that protects messages in entirety or reveals selected portions to its intended recipients. At the sender end, the Secure Message Router acts as a policy enforcement point for outgoing messages.
XML message routing with a broker that implements secure message router.
Message Interceptor Gateway, Message Inspector, Obfuscated Transfer Objects
Single Sign On, Router
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz