Software architects, developers, and project managers who've worked "in the
trenches" of SOA design and implementation over the last few years have
learned some hard and valuable lessons. Some of these lessons can help you
avoid the serious traps and pitfalls associated with SOA design and
implementation. Most of the gotchas that can run your SOA project into the
ground are issues that can be addressed early in your project and revolve
around proper project management and planning, architecture, and design.
This article offers seven guidelines for keeping your SOA projects on track,
based on lessons learned in past SOA projects. Ignore them and you may find
yourself S.O.L (SOA Outta Luck)!
1. Understand the Requirements and Manage Expectations
Proper requirements analysis techniques aren't unique to SOA, but they should
be mentioned, because this is where you run the... (more)
Over the past five years, the promise of enterprise information sharing has
made great strides with the evolution of Web Services and the promise of
Service Oriented Architectures (SOA). An architectural shift that moves us
away from point-to-point client/server systems,
SOA provides new challenges related to propagating trust between services at
multiple points in an n-tiered architecture. Many government and industry
applications have mission-critical security requirements that make achieving
strong enterprise security goals mandatory, and over the past few years,
there have b... (more)
Over the past five years, an "alphabet soup" of new Web Services Security
specifications, standards, and buzzwords has been thrust upon the technology
scene. As we have watched the evolution of many Web services security
specifications, it has sometimes been difficult to wade through the murky and
dangerous waters of implementation patent issues, vendor wars, competing
specifications, and challenges of interoperability. These waters have
thankfully become clearer over the past few years, due to vendor agreement
and some diligent work in standards organizations such as OASIS and t... (more)
When SOAP-based Web Services solutions began appearing five years ago, one of
the major challenges was securely propagating end-user identity in Web
Service chaining scenarios. Certainly a user could authenticate to a portal,
and that portal could talk to a Web Service that talks to another Web Service
that talks to another Web Service (and so on), but the big question was - how
could each point in the Web Service chain be assured who the requesting end
user really was?
Initial trials of identity propagation solutions became like the "Kevin Bacon
game." The assurance of the end ... (more)
Kevin T. Smith is a technical director at McDonald Bradley, where he leads the SOA and Semantics Security Team (S3T) focusing on securing Web services for multiple projects. An author of several technology books on XML, Web services, Java development, and the Semantic Web, he is a frequent speaker at many conferences, such as JavaOne, OMG Web Services, Association for Enterprise Integration (AFEI), and Net-Centric Warfare.
Scott Sellers
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
