We are re-writing an application and are going to use soap as the communication protocol. Our product is installed on one or more machines in a network and communication is cross-process and/or cross machine. we are looking at iis or a lighter weight host such as cassini.
I have been tasked with securing the communication. I have read alot about how to secure soap and I believe the most secure paradigm is to have an xml/soap firewall and use ws-security extensions to support authentication, integrity, ect. If you disagree that this is the best way or is needed at all please post your comments.
My question is has anyone ever written an xml firewall. All I can find is 3rd party vendors which we can not use because of licensing.
A few questions would be:
I assume the firewall is a dll that is loaded by the web server? Is this correct?
Are there any info/samples on how to set this up in iis or other web servers?
Are there any docs/samples on the interfaces or methods the firewall application needs to support or how it would be coded?