VISA and Passport Security for UK Border Agency and London Olympics

Technical Summary
Forum Sentry provides HTML, SOAP, and SMTP based security for Visa and Passport processing and workflows in the UK. Processing components include WSDL, SOAP, HTML, and SMTP. Security policies include XSD schema validation, BASE64 malware scanning, and WSDL virtualization.

Sentry Technology Components Used
This use case utilizes the following technology components that are available and integrated with the Forum Sentry product.

Protocol Policies HTTP, HTTPS, SMTP
Content Policies HTML, SMTP, SOAP
Mediation Policies Protocol Header Mapping, Node Mapping
Security Policies SSLv3, XML Threat Prevention, Antivirus, XSD Validation
Task Policies Conditional Processing
Identity Policies LDAP, X.509 Path Validation
Governance Policies Authorization failure, Authentication Failure, Virus Detected

Use Case Description

To enable a more resilient, robust, and performant architecture for the Visa and Passport enrollment and tracking, the UK Border Agency selected Forum Sentry as the Security Gateway solution to provide the WSDL SOAP and SMTP email content security validation and BASE64 antivirus scanning.

Uses coming into the border agency require VISA and Passport applications. The workflow process is protected via Sentry as a combination of SOAP over HTTPS and SMTP for email verification and process flow. Intermediary message flows between portals and back-end systems pass through Forum Sentry for the SOAP API policies which are virtualized such that the WSDL is a virtual aggregration of the SOAP services actually being invoked and provides the integration clients with a single WSDL with a single integration API endpoint. Sentry performs SOAP conformance checking, and integrated BASE64 antivirus scanning per extraction of the embedded BASE64 detected data.

Addittionally, Forum Sentry SMTP policy APIs are used as an email proxy to enforce the number of allowable attachments for the multipart content types, and to scan all emails for viruses. Forum Sentry processes SMTP just as other traffic in order to provide the security, identity, governance, and mediation processing to the data flow.