Thanks for the links Artemis.

I did not know that there were XML firewalls out there myself, although I dealt with SOAP quite a bit in my last project. I guess just not too many people have the needs to use a dedicated hardware XML firewall, and with prices like these, I can see why.

I would imagine that what the XML firewall would be doing is a lot of pattern matching (just like most layer 7 firewalls), thus I would think it's quite resource intensive (depending on the algorithm). This probably has a place in large enterprise, and perhaps inter-enterprise SOAP communication. Unfortunately, I have not had experience in that area.

I, however, have implemented something close to that... it was more of a SOAP service "proxy". Basically, we have a machine that has access to all the other SOAP servers (which can be scattered around the network, or hiding behind some firewall or VPN), and every client out there makes connection to this machine, this machine (let's call it SOAP proxy) then turns around and decides which server to forward the SOAP request to. And this is where I have implmented some very basic authentication, quickly look at the requestor and the call it's trying to make, and check to make sure this requestor is allowed to make such call. This is far from the XML firewall you are talking about, but it worked well for my project, and I would imagine most people out there who don't have the budget for a hardware XML firewall.

Finally, if you were to start a project writing XML firewall, I'd be very interested and would glad to participate.

Thanks again for your links.