Securing the SOA Landscape part of Industrial SOA series

imgIntroduction

Security requirements are usually relatively easy to manage when using local restrictions in conventional closed systems. They become more complex in the distributed system landscape of an SOA. Not limited to only an application or an application domain anymore, security must work across a range of applications and business processes.

Numerous security standards have been created in order to realize these comprehensive security requirements. These include WS-SecurityPolicy, WS-Trust, XML Encryption, XKMS, XML Signature, WS-Federation, WS-SecureConversation, SAML1, SAML2, and many more. Currently, no product or open source framework can fully support all of these standards. In our experience, incompatibilities arise whenever an SOA product or deployed Web service framework needs to communicate outside of its small ecosystem.

Not surprisingly, project managers who are confronted with increasing expenses tend to start looking for viable alternatives. They then usually choose to develop inflexible solutions in-house that can quickly implement risky anti-patterns, such as transferring usernames and passwords within the functional payload. The variety of different standards makes it difficult to formulate a clear understanding of the available security standards and internal product dependencies, in light of the individual restrictions to designing a well-secured system.

Our aim is to provide IT experts and SOA architects with tips on how to handle security responsibly, using tried and true best practices as a basis.

How Much Security Do I Need?

Security plays a crucial role due to SOA’s extensively networked nature, yet is not required by all of the different types of applications and architecture layers to the same degree. Defining both internal and external security requirements for the entire organization and its individual departments by conceptually developing the implementation is therefore important.

Read the full article at the Service Technology Magazine or Oracle Technology Network.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

Enterprise Service Bus article part of Industrial SOA series

Everyone seems to need to use an enterprise service bus (ESB) nowadays, but there is so much confusion about its actual benefit and the various concepts this term entails. This uncertainity is revealed in statements like, "Help! My boss says we need an ESB," or "Why do I need an ESB at all? Can’t I achieve the same thing with BPEL or BPMN?" or even "We can do everything ourselves in language X." This article is an attempt to answer some of the most important questions surrounding this term using concrete examples, so that the areas of application that can be deemed "correct" for ESBs can be clarified:

  • What exactly is the definition of an ESB? Is it a product or an architecture pattern?
  • What are some practical uses for an ESB?
  • Do I need an ESB to build an SOA platform?
  • Which requirements do I need to satisfy?
  • Which criteria can I use to select the ESB that is most suitable for my needs?

Defining the ESB
An accepted definition for this term has yet to be firmly established that is most likely caused by a lack of industry standards, whereas standards like BPEL and BPMN 2.0 exist for process engines and other components. The term “Enterprise Service Bus” was coined by Gartner in 2002, and further introduced by the analyst Roy Schulte to describe a category of software products that he observed were available on the market at that time. Ten years later, there is still very little agreement on what exactly an ESB is or what it should deliver. There are different definitions depending on the manufacturer or source. Among other things, an ESB is defined as:

"A style of integration architecture that allows communication via a common communication bus that consists of a variety of point-to-point connections between providers and users of services."

"An infrastructure that a company uses for integrating services in the application landscape."
Read the full article here.

img

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

SOA Maturity Alongside Contract Standardization Published: June 27, 2013 – Service Technology Magazine Issue LXXIII

Introduction: In Search of the Holy Grail of SOA

In this article, we present and explore the fundamentals of applying the factory approach to modern service-oriented software development in an attempt to marry SOA industrialization with service contracts. As service developers and designers, how can we successfully fulfill factory requirements and achieve the essential characteristic of industrialized SOA while remaining compliant with standards on the service contract level? img

Thinking in terms of contracts has been found to be requisite for granular sourcing strategies that virtualize underlying implementations. Contracts also function as a common language between business units and IT teams, across cloud computing technologies, and for future-proof and agile enterprises in general.

Let’s imagine that today’s "pre-industrialized" world has become one in which contracts are been replaced by organizational and technical silos and the best solutions available. In today’s SOA landscape, functional components are created for specific applications, often redundantly and lacking organization-wide standardization at the interface level. These components work well in a "silo" landscape in which the "application SOA" architecture is particularly suitable within the context of single applications.

Figure 1 illustrates the simplicity of combining services within applications that results from standardized design and structures being used as the framework for interfaces and exchanged data: Read the full article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

Canonizing a Language for Architecture: An SOA Service Category Matrix Published at Service Technology Magazine Issue LXXII

Services have to meet different architecture and governance requirements and their relevance is determined by how the services are reused. The arrangement and structure significantly affect the analysis and design of the services, which in turn determine the level of granularity. Categorizing services makes it easy to arrange them according to service usage in the procedural landscape, which helps prevent unwanted entanglements.

SOA architectures that have not undergone categorization quickly become “adapter” SOAs that lack a clear division of responsibilities. The orchestration of business processes in these architectures is interspersed with technical service calls that can lead to unaccountable call sequences.

To tackle these challenges, a vocabulary that SOA professionals can use to describe different types of services has been developed. We explore the various possibilities for categorizing SOA services in this article, before introducing the range of service categories that we have successfully implemented in projects. The SOA service categorization matrix in Figure 1 contextualizes the concepts that are presented.

Read the full article at the Service Technology Magazine or Oracle Technology Network

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

Podcast Show: The State of SOA By Bob Rhubart

Service Oriented Architecture may not get the attention it used to get, but it is still alive and kicking – and more important than ever.

The latest OTN ArchBeat Podcast program features a panel discussion on the State of Service Oriented Architecture. The panel for this conversation consists of four gentlemen who collectively represent exactly half of the team of experts behind Industrial SOA, a new series of articles available on OTN.

The Conversation

  • Listen to Part 1: The panel discusses why SOA is more important than ever.
  • Listen to Part 2: The panel discuss SOA in the context of business/IT alignment challenges and shares insight on the differences in SOA approaches between Europe and the US.
  • Listen to Part 3: (May 8) The panel explains the concept of Industrialized SOA and discusses what it means for Cloud computing, Mobile, Big Data, and other trends.

Jürgen KressHajo NormannClemens Utschig-UtschigTorsten WinterbergDanilo SchmiedelGuido SchmutzBernd TropsBerthold Maier

For further SOA publications please visit our wiki. Please feel free to add your SOA & BPM publications!

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

SOA Blueprint: A Toolbox for Architects – article at OTN and Service Technology Magazine

image32

this article introduces the foundations that need to be established in order to implement functional SOA processes. Rather than presenting specific tools, we will define a broadly applicable SOA blueprint whose individual modules can be topped up with commercial products or increasingly available open
source offerings.

A Company Blueprint

Upon examination of Figure 1, the vision of adaptive enterprise computing is illustrated as a meta-blueprint for the overall company with three differentiated levels:

  • Infrastructure Level – This level is formed by databases, storage systems, application servers, and all other IT resources that are required to run IT systems.
  • Application System Level – This level houses entire applications, both individual applications and standard software, as well as services relating to SOA, workflow and BPM systems.
  • Process Management Level – Functional requirements are manifested in the process design and then implemented at the lower levels.

Figure 1An advanced service-oriented architecture is the most effective option for implementing the functional requirements at the application-system level. The more superior the mapping of existing business services to the functional steps in process models is, the more the business-IT gap shrinks.

Various back-coupling loops represent the actual added value of this meta-blueprint, meaning consistent usage of services and technical processes enables the measuring of KPIs. This in turn facilitates process control and ultimately the optimization of processes. The more progress a company makes in implementing their SOA, the greater and faster are the effects to be achieved for adaptive
enterprise computing. … read the full article here

The articles is published at OTN and the Service Technology Magazine.

Send us your feedback Twitter @twitter/soacommunity  #industrialSOA

Jürgen Kress  Hajo NormannClemens Utschig-UtschigTorsten WinterbergDanilo SchmiedelGuido SchmutzBernd TropsBerthold Maier

For further SOA publications please visit our wiki. Feel free to add your SOA & BPM publications!

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

Industrial SOA article at OTN and Service Technology Magazine

image3SOA and service-orientation have laid the foundation for a variety of emergent service technology innovations, while the original building blocks of SOA and service-orientation continue to evolve by embracing fundamental service technologies, concepts and practices. These new technology innovations do not replace service-orientation; they use it as their basis.

Service-orientation continues to evolve towards a factory approach, towards industrializing integrated platforms, such as BI, master data management (MDM), mobile front-ends, BPM, adaptive processes, Big Data and Cloud Computing – all of which add architectural layers upon SOA-based infrastructure. All of these technologies can interface via standardized data and functions, published as service contracts, in order to avoid redundancy – that’s service-orientation. Let’s take a closer look. The amount of data, which companies produce and store tends to grow on an on-going basis. This includes structured data (for example, from ERP systems or data warehouses), as well as unstructured data (for example, from e-mails). With the rise of social media services like twitter, Facebook, Pinterest and the emphasis on Customer Experience Management, the amount of data and data sources has increased dramatically. To integrate all of these data sources through an SOA-approach is essential. The models, principles and patterns behind SOA and service-orientation can be applied to formalize interoperability between… read the full article here

The articles are & will be published at OTN and the Service Technology Magazine.

 

Send us your feedback Twitter @twitter/soacommunity  #industrialSOA

Jürgen Kress  Hajo NormannClemens Utschig-UtschigTorsten WinterbergDanilo SchmiedelGuido SchmutzBernd TropsBerthold Maier

For further SOA publications please visit our wiki. Feel free to add your SOA & BPM publications!

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

Industrial SOA article series – for architects and experts

imageIndustrial SOA is a 14-part  article series focused on service orientation, written collaboratively by a group of recognized experts and community leaders in service oriented architecture.

"SOA and service-orientation have laid the foundation for a variety of emergent service technology innovations such as cloud computing and big data, while the original building blocks of SOA and service-orientation continue to evolve by embracing fundamental service technologies, concepts and practices."

  • Preface: Industrial SOA
  • Chapter 1: SOA Blueprint
  • Chapter 2: Project Categories
  • Chapter 3: Service Categories
  • Chapter 4: SOA Maturity
  • Chapter 5: Enterprise Service Bus (ESB)
  • Chapter 6: Security
  • Chapter 7: Transactions and Compensation
  • Chapter 8: SOA and User Interaction (UI)
  • Chapter 9: Mobile
  • Chapter 10: Events
  • Chapter 11: MDM and SOA
  • Chapter 12: BPM and ACM
  • Chapter 13: SOA and Cloud

Send us your feedback Twitter @twitter/soacommunity  #industrialSOA

Jürgen Kress  Hajo NormannClemens Utschig-UtschigTorsten WinterbergDanilo SchmiedelGuido SchmutzBernd TropsBerthold Maier

For further SOA publications please visit our wiki. Feel free to add your SOA & BPM publications!

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

SOA article – What is SOA? Why is SOA important? What is the status of SOA? What is the future of SOA? Wow can you start with SOA?

Published with my Brazilian friends and article about SOA, if you want to learn

  • imageWhat is SOA?
  • Why is SOA important?
  • What is the status of SOA?
  • What is the future of SOA?
  • How can you start with SOA?

What is SOA?

Thomas Erl’s SOA Manifesto highlights the business view of SOA and Wikipedia the technical view of SOA. Key in each successful SOA project is to understand the business value, define the business metrics and build a ROI business case.

Why is SOA important?

SOA can support you to align your business goals with your IT architecture. Companies who implement SOA are much more flexible to adopt and change their processes. For example telecommunications companies can offer new services or update their service prices. A SOA architecture can also give the business real time access to the data they need – business activity monitoring (BAM). With BAM information business users can make their process decisions based on real time data. Information from different systems can be standardized to combine and integrate them. In our example we could combine a customer record from a sales and a billing system. It will help the business to understand the whole view of the customer.

What is the status of SOA?

Since 2005 many SOA systems have been successful implemented. In the beginning SOA was used often as a technical integration platform – services and service bus. Later business process execution language (BPEL)… read the full article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image Facebook clip_image002[8] Wiki Mix Forum

Industrialized SOA – topic of Business Technology Magazine

Ausgabe $issue_number.$issue_year - $titleAlthough it has become quieter around SOA, the concept is not buried at all. On the contrary, over the years it has reached a new maturity level. Hypes such as Cloud Computing and Big Data have pushed SOA out of the headlines; however “the new hypes have not replace service orientation, but built on it.” The authors of this edition rank among to the SOA pioneers in Germany. They have gathered their collective knowledge for this issue and created a unique picture of the current state of SOA. According to them SOA has developed evolutionarily towards industrialization, towards a holistic platform – and thus towards a new Industrialized SOA.

The issue 3.12 of the BT magazine (in German)  is available as an iPad App (http://it-republik.de/business-technology/bt-magazin-ipad-app), via mail (http://it-republik.de/business-technology/bt-magazin-ausgaben/Industrialized-SOA-000516.html) or at the kiosk!

The magazine is published by:

image

Berthold Maier Jürgen Kress Hajo Normann Danilo Schmiedel Guido Schmutz Bernd Trops Clemens Utschig-Utschig Torsten Winterberg

For more information see www.bt-magazin.de

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Mix Forum

Technorati Tags: