• E-mail this page
• |  Print this page
• | 
• | 
• | 

SOA And Security

We had a couple of terrific how-to features this week for you on SOA Pipeline. The first focuses on security and SOA. Peter Lacey explains why, if your company is ready to begin implementing a true service-oriented architecture (SOA), you'll need to consider what technologies are used to enable messaging and message processing, and how to secure those messages as they flow through the network and are retained in memory or on disk.

In his article, Peter stresses that SOA isn't a technology. Rather, it's an application design that ensures network-accessible services are autonomous and, therefore, easily shared and reused. Although an SOA can be created using a variety of messaging technologies, such as CORBA or RMI, the SOAP messaging standard's openness and broad product support make Web services the most effective choice for creating an SOA. But SOA Web services function differently from simple integration services. When SOA Web services are created and deployed, the developer and deployment manager likely have no idea how and by whom these services will be consumed, nor what route through the network a message will take before reaching the endpoint. And there are important differences between SOA Web services and simple integration services.

Find out what those differences are, and how to deal with them in this excellent article.

Then, Denise Garth, vice president, membership and standards development, ACORD, wrote an
opinion piece about SOA Web services that is right on the money when talking about the need for IT leadership and commitment to standards for any enterprise looking to implement an SOA.

According to Denise, Web services are a practical reality, spreading more each day. Through XML and the Internet, companies can now provide services and applications over the Web in a plug and play, distributed environment. In fact, according to a Capgemini (New York) survey, 64 percent of those surveyed are planning on using service-oriented architectures (SOA) in the future.

But, as Denise writes, to get ready for Web services, you need to step back and gain an enterprise-wide perspective and understanding of your environment as well as those of your trading partners. Among other things, she writes, "as we come out of our silos, we need to take in the breadth of our resources and see how best to improve their accessibility. From there, you need to commit to a standards strategy and focus on business processes, data and messages. Then you are ready for an industry-wide language and vocabulary--an industry standard. But behind it all is the most important factor that you cannot do without: leadership. There must be a commitment to standards and the ability to bridge the IT and business worlds."

Read on to see what else Denise recommends.

« Prediction No. 4: A Central Theme | Main | Profiting From Cybercrime »