Speciale Weblog: July 2005 Archives
Morgenens indbakke bød på flere interessante artikler:
ZapThink lagde ud med at fortælle om den mest almindelige faldgrube i arbejdet med at prøve SOA af. Ikke som den store overraskelse var det forvekslingen imellem Webservices og SOA som kom ud som #1.
The Zapthink Take
If you're an IT manager, the best thing you can do to avoid the SOA pilot pitfall is to put a seasoned architect in charge of the pilot project. Never forget that SOA is architecture -- you can't buy it from a vendor, and you can't build it with programming code. Architecture is a set of best practices that guide your implementations, regardless of the technologies you choose to implement them. No one but an architect will have the expertise to drive the architectural parts of the SOA pilot.
In practice, however, SOA pilots rarely if ever consist entirely of architecture. To achieve the goals of the pilot, you must put SOA into practice with a working implementation. Never mistake the implementation, however, for the architecture. If you do, you'll be joining all the other failures in the SOA pilot pitfall.
Den næste artikel var fra networkworld.com og bestod mest af alt af en rundspørge ibland security-managers omkring holdningen til nedbrydning af perimetrene som foreslået af Jericho Forum
The firewall is good at keeping out script kiddies and denial-of-service attacks, but otherwise it's really not a good security boundary with the Web and e-mail coming in," says Paul Simmonds, global information security director at chemicals and paints manufacturer ICI in the U.K., which is a Jericho Forum member.
Men udviklingen trækker også i den anden retning (Network devices simplify integration - web services security)
Flere of flere firewall leverandører kommer i disse dage ud med bokse som er specielt optimeret til XML og WS-Security. For mange af disse kører programmet på hardware hvilket nok er godt rent performance-wise.
British American Tobacco, based in London, has been using Cast Iron routers since 2003. "Software middleware was costing us too much to run, and it was too time-consuming to build new integrations," said Kevin Poulter, application technology manager. "In terms of taking us toward a more service-oriented architecture, [a software-based approach] would've cost us a significant investment of extra product[s]."
Compared with traditional middleware solutions, "there is little or no programming, it's all graphical; and the adapters come bundled with the appliance, so there's no additional cost," Poulter said. "It doesn't matter how many SAP systems we connect with, it's the same cost. With the old-school adapter model you connected two SAP systems and that was twice the money."
...der jo så lige den lille pointe at selvom disse firewalls er avancerede så har de stadig ingen virkning overfor den fintkornede brugerautorisation. Men som en metode til at lave END-to-END security ser jeg dem som meget værdifulde.
Problemet synes at ligge i netop den faldgrube som Zapthink snakker om: Den tekniske vs. den arkitektoniske.
Den tekniske løsning virker hurtigt og man ved at man får noget for pengene, hvorimod arkitekturarbejdet tager tid og er i fare for at ende som et skuffe-produkt.
Her ser jeg Jericho Forum som en måde at udforme en del af en agil sikkerhedsarkitektur således at hele løsningen kan svare overens med organisationens SOA.
ZapThink lagde ud med at fortælle om den mest almindelige faldgrube i arbejdet med at prøve SOA af. Ikke som den store overraskelse var det forvekslingen imellem Webservices og SOA som kom ud som #1.
The Zapthink Take
If you're an IT manager, the best thing you can do to avoid the SOA pilot pitfall is to put a seasoned architect in charge of the pilot project. Never forget that SOA is architecture -- you can't buy it from a vendor, and you can't build it with programming code. Architecture is a set of best practices that guide your implementations, regardless of the technologies you choose to implement them. No one but an architect will have the expertise to drive the architectural parts of the SOA pilot.
In practice, however, SOA pilots rarely if ever consist entirely of architecture. To achieve the goals of the pilot, you must put SOA into practice with a working implementation. Never mistake the implementation, however, for the architecture. If you do, you'll be joining all the other failures in the SOA pilot pitfall.
Den næste artikel var fra networkworld.com og bestod mest af alt af en rundspørge ibland security-managers omkring holdningen til nedbrydning af perimetrene som foreslået af Jericho Forum
The firewall is good at keeping out script kiddies and denial-of-service attacks, but otherwise it's really not a good security boundary with the Web and e-mail coming in," says Paul Simmonds, global information security director at chemicals and paints manufacturer ICI in the U.K., which is a Jericho Forum member.
Men udviklingen trækker også i den anden retning (Network devices simplify integration - web services security)
Flere of flere firewall leverandører kommer i disse dage ud med bokse som er specielt optimeret til XML og WS-Security. For mange af disse kører programmet på hardware hvilket nok er godt rent performance-wise.
British American Tobacco, based in London, has been using Cast Iron routers since 2003. "Software middleware was costing us too much to run, and it was too time-consuming to build new integrations," said Kevin Poulter, application technology manager. "In terms of taking us toward a more service-oriented architecture, [a software-based approach] would've cost us a significant investment of extra product[s]."
Compared with traditional middleware solutions, "there is little or no programming, it's all graphical; and the adapters come bundled with the appliance, so there's no additional cost," Poulter said. "It doesn't matter how many SAP systems we connect with, it's the same cost. With the old-school adapter model you connected two SAP systems and that was twice the money."
...der jo så lige den lille pointe at selvom disse firewalls er avancerede så har de stadig ingen virkning overfor den fintkornede brugerautorisation. Men som en metode til at lave END-to-END security ser jeg dem som meget værdifulde.
Problemet synes at ligge i netop den faldgrube som Zapthink snakker om: Den tekniske vs. den arkitektoniske.
Den tekniske løsning virker hurtigt og man ved at man får noget for pengene, hvorimod arkitekturarbejdet tager tid og er i fare for at ende som et skuffe-produkt.
Her ser jeg Jericho Forum som en måde at udforme en del af en agil sikkerhedsarkitektur således at hele løsningen kan svare overens med organisationens SOA.
