You might have seen the recent news reports about the collision between U.S. and Russian communication satellites. The U.S. satellite was one of the Iridium satellites. What wasn’t reported and you probably don’t know is that an object database management system (ODBMS) is an important part of the Iridium system. Even though ODBMSs are a [...]
February 13, 2009
I am now also posting on the Cutter Blog. My initial posting is (The Acronym) SOA is (Perhaps) Dead (at Some Companies); Long Live Services. It is a response to Anne Thomas Manes’ SOA is Dead; Long Live Services on her blog at the Burton Group.
January 9, 2009
The typical definition of an atomic task or process is one that cannot be decomposed further. This is vague and subject to interpretation. The Decomposition Matrix on this site uses a specific definition: A task (for business process diagrams) or a process (for data flow diagrams) is atomic if every input relates to every output [...]
December 3, 2008
My last posting referenced the criteria for a well-formed business process diagram mentioned in Business Process Driven SOA using BPMN and BPEL by Matjaz B. Juric and Kapil Pant. I am going to expand on their criteria to create a more comprehensive definition of a well-formed business process diagram. To start, here are three criteria [...]
November 18, 2008
I recently received two new books on business process modeling. Both books looked interesting because they had great titles. As it turns out, one book is great and the other not so good. The not so good book is Business Process Driven SOA using BPMN and BPEL by Matjaz B. Juric and Kapil Pant. There [...]
October 9, 2008
The Design Decomposition Blog is written by Doug Barry.
Security and authorization is a hot topic with Web
Services. In fact, security and authorization specifications are currently in
flux. This is often the reason cited for not proceeding with any work related to Web Services.
Nevertheless, the fact that these specifications are in flux should not hold you back from experimenting with Web Services.
Much can be done without having the specifications complete. Nearly all organizations should be able to find some areas to experiment with Web Services that have low requirements for security and authorization.
In fact, Chapter 7 of Web
Services and Service-Oriented Architectures: The Savvy Manager's Guide discusses the stages of adoption for Web Services. The first four of the five stages do not require much security and authorization because they involve internal systems.
Security and authorization specifications described on this site are listed below. You can also
navigate among the specifications by using the menu tree at the bottom of each page.
Specialized XML firewalls offer the promise of protecting internal systems when using Web Services. Traditional firewalls offer protection at the packet level and do not examine the contents of messages. XML firewalls, on the other hand, examine the contents of messages. This includes the SOAP headers and the XML content. They are designed to permit authorized content to pass through the firewall.
For a listing of XML firewall products, click
here.
There are nearly 400 pages of articles on this site with over 130 pages on Web services and service-oriented architecture.
Search this site for more articles
Custom Search
Browse this site for more articles
Click on the topics below to browse the articles on this site. You can see more detail by clicking on the arrows. This highlights the location of the current
article: Security and authorization.
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD by Mike Andrews, James A. Whittaker Average Customer Review: based on 12 reviews. Customer Review: If your company has a web site, there are many people waiting to attack it and break into it. In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, authors Mike Andrews and James Whittaker detail the myriad Web software exploits that attackers will attempt to carry out. The tools and tec...
Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management by Christopher Steel, Ramesh Nagappan, Ray Lai Average Customer Review: based on 31 reviews. Customer Review: This is a great book - by far the best security design book for Java and J2EE (including Java SE 6 and Java EE 5) I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but mu...
SOA Security by Ramarao Kanneganti, Prasad A Chodavarapu Average Customer Review: based on 12 reviews. Customer Review: This is an extremely well written book. The topic is very technical but the book is easy to read and follow and does a great job of explaining the nuts and bolts of SOA Security. I also think the author did a great job of using relevant examples.