Network Rail Mobile Computing Mobile App Security

Technical Summary

Forum Sentry provides security and mediation processing for UK Network Rail. Security processing includes virus scanning, REST URI conformance checking, CRUD REST access control, response XML schema validation, content mediation conversion from XML->REST and REST->XML.

Sentry Technology Components Used
This use case utilizes the following technology components that are available and integrated with the Forum Sentry product.

Protocol Policies HTTP, HTTPS
Mediation Policies XSLT, SOAP/REST/XML Conversion, Attribute Mapping
Security Policies SSLv3, XSD Schema Validation, Antivirus Scanning
Task Policies Conditional Processing
Identity Policies LDAP
Governance Policies Authorization failure, Authentication Failure, Virus Detected


Use Case Description

Due to government requirements, UK Rail is tasked with infrastructure railway checks of over 45,000 different points of the network infrastructure, the oldest rail infrastructure in the world. In conjunction with the adoption of Forum Sentry as the central B2B gateway for external facing service interfaces, Network Rail developed an iPhone app via REST to communicate through Forum Sentry and upload the integrity checks of the infrastructure via the Sentry REST policies.

Forum Sentry authenticates the iPhones to enforce access control, and also provides conformance checking of all request and response messages to ensure structural and data type integrity of all inbound and outbound message flows. For this type of access control of REST based Mobile Computing APIs, Forum Sentry provides CRUD (Create/Read/Update/Delete) based access control, source validation checks, and 2-way SSL authentication.