Spanish Government case Study
Vordel secures Spanish eGovernment SOA for inter-departmental and government-to-citizen services
The VordelDirector SOA security and management product is being used to manage and protect Web Services for the Spanish Government's Social Security Administration.
 |
Background
The Information Administration of the Spanish Social Security, known as GISS (Gerencia de Informatica de la Seguridad Social), is a group
of Administrative Bodies and Public Entities designed to guarantee Spanish citizens, and foreigners who reside in Spain, a series of social
security, health and economic benefits.
As part of the Spanish Government’s initiative to implement an eGovernment framework, designed to improve the delivery of services
to citizens, business customers and other government departments the GISS sought to expose tax-status information, so that internal
government departments could check if people or businesses have paid their taxes, prior to doing business with them.
Challenge
The GISS had a requirement for a solution capable of addressing a number of Web Services management and security issues. Firstly, the
chosen product would have to enforce the requisite levels of identity-based access controls to ensure only authorized users had access
at any time to particular information and services. Secondly, the solution also needed to facilitate the monitoring of service delivery
agreements and manage the roll out of new services to internal government departments and external citizens using these services.
A prerequisite for any solution was that it would integrate with the existing custom built access management system used by GISS.
Furthermore, it would have to support Software AG’s Service Oriented Architecture infrastructure. Given that the Government’s intention
was that the existing services would eventually be extended to additional departments and citizens, the solution needed to be scalable and
capable of meeting Service Level contractual response times.
Why Vordel?
The GISS had built its own internal authorization system for the authentication of all web users via a standards-based SAML interface.
Integration with this authorization system was straightforward for VordelDirector as it supports SAML out of the box.
Furthermore, VordelDirector protects the Web Services from potential damaging content-based attacks via XML messages, such as, DTDs or
unexpected attachments. This is done by validating all XML messages against the appropriate Schemas. Service Levels are tracked in order
to detect throughput problems. All XML traffic is logged and recorded with detailed report generation. Real-time browser-based monitoring
is provided by the Vordel Monitoring Console, to monitor the health and status of all Web Service endpoints.
Benefits
The VordelDirector solution provides the following key benefits:- Secures the delivery of reusable services - built on top of existing mainframe systems in the Spanish Government’s Services Oriented Architecture (SOA).
- Reduced security administration costs - for government departments connecting into the service via the centrally administered Vordel Management Console.
- Reduce cost of additional development - the GISS is able to leverage its existing silos of user profiles and apply these to the protection of Web Services traffic.
- Regulatory compliance - protection of data in keeping with all relevant data privacy regulations.
- Effective Governance - to overcome the complexities arising from composite applications, different security zones, ongoing audit requirements and service level agreement enforcement.
This site, and all contents and graphics, copyright © 1999 - 2008 Vordel Limited | Legal notices | Privacy policy