Attacks on government IT systems are on the increase. Meanwhile, driven by open data and information sharing initiatives, these systems are increasingly exposed across organizational boundaries, using technologies like service oriented architecture (SOA), XML and REST APIs. The types of systems conventionally used to secure public sector IT have not kept pace with these developments. The CA API Gateway represents a powerful alternative, able to provide “military-grade” security for SOA Web services, RESTful APIs and cloud integrations.
The National Information Exchange Model (NIEM) aims to establish information sharing standards and processes across the US government. CA API Gateway technology represents a direct application of NIEM’s standards and processes for timely, secure information sharing. Specifically, CA API Gateway has capabilities for a range of WS standards, enabling the creation of robust, secure NIEM-compliant integration between backend data services and the applications that consume these services to facilitate cross-departmental sharing.
The access control solutions historically used in government information sharing are no longer flexible enough for the growing number of projects that cross previously closed organizational boundaries. These projects are adopting a centralized, policy-based approach using the eXtensible Access Control Markup Language (XACML). CA API Gateway technology includes XACML functionality and is ideally placed to act as a central point for composing, enforcing and managing access control policies in cross-departmental information sharing systems.