This is one in a series of blog posts describing new features of Isode’s R14.6 release, scheduled for March 2010. You can see all posts relating to R14.6 by clicking this link.
In R14.6 (scheduled for release in March 2010) we will be adding a new product, M-Link Edge, to provide boundary checking for XMPP services, either on its own or in conjunction with a high assurance guard such as Sybard from QinetiQ.
M-Link Edge is described in the whitepaper “XMPP Boundary and Cross Domain Protection” which we released in October 2009 and we’ve been including M-Link Edge in the special ‘M-Link only’ R14.5 releases that we’ve been issuing recently to meet some very specific customer requirements.
When used on its own, M-Link Edge provides boundary checking capabilities:
- Security Label Checking
- Security Label Transformation (between security domains)
- Presence Folding (so that detailed presence information can be hidden from external users, perhaps just reducing to a simple online/offline status).
When used in conjunction with a High Assurance Guard, the key capability provided by M-Link Edge is to marshal XMPP traffic into and out of the guard. This enables the guard to provide checking, without needing to handle the details of general XMPP protocol handling and distributed operation.
M-Link Edge is considered to be a separate product to M-Link, because the deployment model is quite different. Technically, M-Link Edge is a configuration option for M-Link, and it is possible to set up hybrid configurations (although these will not usually be so useful).
