Bell Canada: No.1 Canadian telecoms provider
Deployment Country: Canada
Solution: Secure delivery of Web Services to corporate market for B2B extranet
Products: Vordel API Server, BEA Application Server, Entrust GetAccess Identity Management.
The Vordel API Server facilitated the flow of both Web browser and API-based traffic through the telcos portal using a single policy store of user identity information.
Canada's largest telecommunications company, offers integrated information and communications technology services to businesses and governments, as well as consumers delivering solutions for all their communications needs, including telephone services, wireless communications, high-speed Internet, digital television and voice over IP.
The telecoms provider wanted to build on the success of its business customer web portal, by launching complementary new APIs to enable customers and partners integrate their back office systems directly into its own. This API-based platform would not only automate and improve the efficiency of order processing, by removing the need for re-keying information into HTML forms, but could also reduce integration costs and potentially provide new revenue streams.
As a result of market deregulation this telecoms provider was facing increased competitive challenges from rival operators entitled to access customer account information to facilitate number and account portability. Consequently, the company had to simultaneously improve the customer centric focus of its business by increasing business efficiencies and accelerating the roll out of new services [order processing, bill presentment and CRM access for reselling agents], whilst opening up its customer sensitive information to direct market competitors.
The company had to manage the flow of both Web browser and API traffic through its portal using a single policy store of user identity information. Furthermore, they had to implement a security infrastructure to protect the REST and SOAP environment and implement strict controls for compliance with regulatory privacy commitments for data sent over API channels
Re-use existing security infrastructure obtaining return on assets - avoid the cost and extra management complexity of new "silos" of users and policies. The solution allows users management and policy management to be common across Web browser, SOAP and REST traffic and traffic.
Comply with deregulated telecoms market mandates pertaining to account portability regulatory guidelines for auditing and non-repudiation - the use of strong authentication and authorization, as well as keeping an audit trail of all transactions, satisfies regulatory requirements for Integrity, confidentiality and auditability preserved for all business sensitive transactions.
Maintain market competitiveness and complement the corporate strategy of a Customer-centric approach - this security solution allows the telecoms provider to extend services to partners and end-users in an increasingly competitive market place.
High level architecture diagram - Click to enlarge