Over the past five years, the promise of enterprise information sharing has
made great strides with the evolution of Web Services and the promise of
Service Oriented Architectures (SOA). An architectural shift that moves us
away from point-to-point client/server systems,
SOA provides new challenges related to propagating trust between services at
multiple points in an n-tiered architecture. Many government and industry
applications have mission-critical security requirements that make achieving
strong enterprise security goals mandatory, and over the past few years,
there have been great strides in creating mechanisms for achieving these
goals in a SOA. The security solutions that exist, however, directly impact
performance. The cryptography used to achieve enterprise security goals will
also slow down your Web Service consumers and producers, so any good SOA
archi... (more)
Over the past five years, an "alphabet soup" of new Web Services Security
specifications, standards, and buzzwords has been thrust upon the technology
scene. As we have watched the evolution of many Web services security
specifications, it has sometimes been difficult to wade through the murky and
dangerous waters of implementation patent issues, vendor wars, competing
specifications, and challenges of interoperability. These waters have
thankfully become clearer over the past few years, due to vendor agreement
and some diligent work in standards organizations such as OASIS and t... (more)
Software architects, developers, and project managers who've worked "in the
trenches" of SOA design and implementation over the last few years have
learned some hard and valuable lessons. Some of these lessons can help you
avoid the serious traps and pitfalls associated with SOA design and
implementation. Most of the gotchas that can run your SOA project into the
ground are issues that can be addressed early in your project and revolve
around proper project management and planning, architecture, and design.
This article offers seven guidelines for keeping your SOA projects on trac... (more)
When SOAP-based Web Services solutions began appearing five years ago, one of
the major challenges was securely propagating end-user identity in Web
Service chaining scenarios. Certainly a user could authenticate to a portal,
and that portal could talk to a Web Service that talks to another Web Service
that talks to another Web Service (and so on), but the big question was - how
could each point in the Web Service chain be assured who the requesting end
user really was?
Initial trials of identity propagation solutions became like the "Kevin Bacon
game." The assurance of the end ... (more)
Kevin T. Smith is a technical director at McDonald Bradley, where he leads the SOA and Semantics Security Team (S3T) focusing on securing Web services for multiple projects. An author of several technology books on XML, Web services, Java development, and the Semantic Web, he is a frequent speaker at many conferences, such as JavaOne, OMG Web Services, Association for Enterprise Integration (AFEI), and Net-Centric Warfare.
David Lucas
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
