Many companies are loath to open up their networks to the free flow exchange of XML data that Web services require, for fear of the security risks that come with it. With that in mind, Forum Systems on Wednesday announced Forum Sentry, an appliance meant to secure XML data end-to-end in electronic transactions.

Forum Sentry addresses a number of traditional security disciplines, including data confidentiality via encryption, integrity with authentication and digital signatures, and auditing, from its logging, archiving and non-repudiation facilities. The product's differentiator is that it applies all these disciplines to XML data processing, says Weston Swenson, CEO of Forum Systems, based in Salt Lake City.

The company's appliance sits in front of an application server or next to a firewall. In either case, it examines data as it passes by and determines whether it is an XML format. If so, it does a further examination to determine whether any predefined policies apply to the data, perhaps calling for it to be encrypted or digitally signed.

Users define security policies from a Web-based graphical interface or command line interface. For example, a policy may dictate that stock transactions above $1,000 must be encrypted and digitally signed. Users can also define how to deal with transactions from particular IP addresses or even individuals, Swenson says. The idea is that the transaction is protected end-to-end with whatever level of security the user deems appropriate. Auditing and timestamp routines provide non-repudiation, meaning a user can prove that a transaction was both initiated and accepted.

The appliance has separate processors dedicated to parsing XML transactions, which is required to determine how to handle each component, and to digital signature processing. Whereas a typical 1.8gHz Intel server may be able to handle about 40 digital signatures per second, Swenson says Forum Sentry can process about 670 per second.

The Java-based Forum Sentry works with any application, with no APIs required, as well as with any client or server operating system. It can also work with existing authentication systems.

Pricing for Forum Sentry starts at $34,995. It is available now.