We cannot depend on all our systems being secure. Therefore, let's define a perimeter using network firewalls that hides those systems. In addition, let's set up the following mechanism:

• Define which specific IP addresses are in the perimeter.
• Don't trust anything outside that perimeter,
• Trust only what's inside the perimeter.
• Assume that the ports that are left open to handle specific protocols don't compromise system security too much.

Application-level security raises different questions and requires a different solution. The typical question resolved by an XML application firewall is: "Should this SOAP message, sent with the given confidentiality and non-repudiation protections on the behalf of a service requestor with a given identity (as confirmed by the required authentication authority) be delivered to the target operation of the target Web service?"

[an error occurred while processing this directive]

anything outside that perimeter,

Application-level security raises different questions and requires a different solution. The typical question resolved by an XML application firewall is: "Should this SOAP message, sent with the given confidentiality and non-repudiation protections on the behalf of a service requestor with a given identity (as confirmed by the required authentication authority) be delivered to the target operation of the target Web service?"

The rationale behind the deployment of XML application firewalls goes something like this: "We cannot depend on all our underlying systems being provably secure. Therefore, let's require that all requests for services pass through an XML application firewall that provides defined levels of access to different categories of service requestors while enforcing consistent and auditable security/monitoring practices across multiple business systems."

Organizations are beginning to realize that the old worldview is no longer sufficient. While network firewalls will clearly continue to be central to network designs, they don't address all of today's requirements and realities, which include the following:

• Most security breaches come from within the firewall
• Business imperatives require cross-firewall access and integration
• Ports intended to pass specific protocols are being used for a wide variety of purposes
• XML Web services SOAP messages were specifically designed to easily pass through existing firewalls by being carried over transport protocols (HTTP, SMTP, and so on) that are commonly carried through open firewall ports
• New code written with modern tools (.NET, current J2EE apps servers, and so on) will be the minority of nodes in an XML Web services data network. Legacy applications and packaged applications will be the majority of nodes. Legacy and packaged applications have dramatically varying levels of application security and it is often difficult to verify and manage the security functions they do have.