Professional Documents
Culture Documents
The Problem
Home entertainment devices (such as the XBox, PS3, Wii, TiVo, Smart TVs, etc) are introducing novel ways for content providers and distributors (such as Telcos, Cable companies or other media providers) to reach consumers outside traditional broadcast and cable TV, providing new opportunities to deliver content and promote loyalty. APIs are the most cost-effective way to deliver content via these new channels, but controlling what gets shared to whom when it comes to account data and media content requires strong security, such as an OAuth-based authentication model, as well as comprehensive API management controls.
The solution also provides support for secure OAuth, simplifying the implementation of 2- and 3-legged OAuth use cases based on the OAuth 1a and 2.0 specifications: Implement policy and identity STS controls to handle a wide range of OAuth token operations and credential types, including HMAC-SHA1/SHA2 or RSA-SHA1/SHA2 signature methods, SAML and the OAuth WRAP specification Mix and match how they implement OAuth with SAML in order to address typical use cases such as user-delegated authorization for accessing APIs, or cross-domain federated SSO for website users Drop in new signature and credential methods without changing their APIs
In this way, customers logging into the content provider from one of their console devices can be authenticated via OAuth, and then tracked and reported on to determine which home entertainment platforms are the most valuable to your business.
Key Features
Enable Device Manufacturers
Documentation & Resources API Key Management
Registration
Provide device manufacturers with versioned documentation to help developers quickly understand how to use APIs Provide resources such as sample applications, code widgets/examples, sample requests/response pairs, etc Assign an API key to each manufacturers application Create, suspend and revoke API keys
Register, approve and manage organizations and developers Manage users with built in Role Based Access Control (RBAC) Out-of-the-box summary reports, including API usage, developer usage, and utilization rates, etc Out-of-the-box detailed reports, including API latency, error rates, throughput, availability, etc Support for TLS / SSL encryption over the wire Support for a variety of cryptographic algorithms, including HMAC, RSA and SHA Support for asymmetric signatures using RSA OAuth access token verification Ability to limit message size Protection from common Web-based attacks, including Cross-site request forgery (CSRF), man-in-themiddle and message replay Integrated SAML STS issuer featuring support for SAML 1.1/2.0 authentication, authorization and attribute based policies and Security Context Tokens STS support for WS-Trust and WS-Federation APIs can be smoothly migrated between environments (i.e., from Dev to Test, East to West, etc) with full dependency resolution and re-mapping Supports automatic API versioning including rollback to any previous version Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and ensure consistency Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities Prioritize traffic to specific APIs based on SLAs Limit API access based on user, time of day, IP address etc. Route traffic based on geography, IP address, back-end response times, etc for optimum performance Integrated clustering for scalability & automatic failover between multiple instances of APIs/services Define custom data and identity caching parameters for optimal performance tuning Powerful message content filtering and transformation tools help identify and suppress leakage of sensitive information (i.e. SSNs, credit card numbers, etc.)
API Analytics
Threat Protection
Layer 7s PCI-DSS installation and configuration guide allows customers to configure and deploy the API Proxy as part of a PCI-compliant process Support for multiple types of element or message level XML signing and encryption Protect against Cross-Site Scripting (XSS), SQL Injection, XML content/structural threats & viruses Create custom threat profiles to extend built-in filters for message structure and XML-specific threats Track failed authentications and/or policy violations to identify patterns and potential threats Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas, etc
Supported Standards
XML, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, FIPS 140-2, Kerberos, X.509 Certificates, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, FTP/FTPS, MQ Series, JMS, Raw TCP, Tibco EMS, WS-Security, WS-Trust, WS-Federation, WS-Addressing, WSSecureConversation, WS-I BSP, WSMetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WS-SecureExchange, WS-I, WSIL, UDDI, WSRR, MTOM, IPv6, WCF To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.