XML Security Gateways

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Hey all, I just got finished reading this article here:

I don't think you can access the page without an account -
but basically the author says that many XML security vendors are
indicating that using an XML security gateway is a good way to keep
Developers from coding security.

The overall message in this article seems to be that:
a) the author doesn't think that these XML security gateway vendors are
correct in their suggestion of the way to remove developers from doing
b) the author thinks that Developers _should_ be removed from coding

My questions are:
1. What exactly are "XML Security Gateways" other than devices like
IDS's and firewalls that can be configured using web services (i.e.
using SOAP)?
Is that all an "XML Security Gateway" is?

2. Why is it such a good idea to keep developers out of security?  I
think it is important that developers are very security conscious and
ensure that they apply secure coding practices.  I don't think that he
means that developers shouldn't be administering security (which would
make sense to me) - because he goes on to say:
"They are quite right that you should keep developers away from coding
for security, but even without an XML security gateway, this can be
accomplished if you..."

If anyone has any information on questions one or two then I would
appreciate the information as I was fairly confused by this article.


PS The article title is "Keeping Developers out of Security"

Site Timeline