The Open Group got together with the SABSA Institute to give a new security architecture flavor to TOGAF, The Open Group Architecture Framework. It takes the form of some new guidance for working the security angle into enterprise architecture planning. A key to the SABSA approach is willingness to accept some risk while working to ensure security. That’s informed by the notion that security strategies for businesses must admit that a business is here to do business.
“The most secure store never opens,” quips SABSA Academy leader John Sherwood.
The TOGAF-SABSA collection of best practices will find a ready audience as IT moves to endorse more and more Web APIs. And it is not always about security. When Sony’s game playing audience saw their sites down due to security issues they complained – not to get the sites secure, but to get the sites running. Can you say paradigm shift?
Gamesters are different than enterprise apps users. The enterprise app users sue. The balancing act is delicate. Read about the TOGAF/SABSA Guidance.
A lot more software architects are working these days to get their arms around the concepts of events and event processing. Many people have reams of transaction data they are beginning to think about correlating and tracking. Sometimes the differences between event processing and other types of processing seem simple – but that simplicity can be deceptive. Continued »
By Jack Vaughan
Cloud computing continued to evolve in the past year– and more such evolution is about all we can confidently expect in 2012. As with other, earlier ”game changing” technologies, much of the new frontier is familiar. Cloud momentum is slowing a bit as the real work gets underway – that is, to create useful application integrations on the cloud that are equal or superior to those already available in the data center.
One especial back-to-the future cloud experience comes via the apparent resurgence of Electronic Data Interchange (EDI) or the Value Added Network (VAN), now, in the cloud era, being reconfigured and renamed as the ”cloud service brokerage.” The thinking behind the cloud service brokerage is this: It is all getting kind of complicated – maybe you should consider outsourcing your integration work, especially with the new cloud platforms. Some firms will quickly decide that integration is an expertise they can outsource, others won’t. Read ”Cloud services brokerages can lead way to cloud computing.”
The cloud variety that is known as “Platform as a Service” (PaaS) experienced a shift in emphasis over the course of 2011. The open source developer community has increasingly been turning to Web-based software development tools, and that seemed like a natural fit for cloud computing. So PaaS is starting to mean both a cloud computing runtime and a cloud computing development platform. RedHat was prominent in 2011 with this type of PaaS, but an assortment of vendors, including some big players, are in the hunt as well, not the least of which is Microsoft. Planning and strategy for cloud computing is one of the big challenges of 2012 – check out the SearchSOA.com ”SOA and Cloud Computing Strategy Guide” for more on the topic.
Beyond cloud, a whole host of hot technologies served to enliven 2011. HTML5, TOGAF, EAI, REST and Watson (all considered elsewhere in this year-ending ”This Week” newsletter edition) will flourish or fade in the year ahead. Stay tuned to SearchSOA.com for more and have a good 2012!
Earlier this month I wrote an article on a Software as a Service provider that employed a SOA security appliance for authentication and identity federation. OmegaFi, the SaaS provider in question, fills an interesting niche – providing financial services for Greek fraternities and sororities. Helping college kids run their organizations more like a not-for-profit business is not always easy, but OmegaFi has thrived on their particular set of challenges. I recently had some correspondence with the company’s CIO, John Woolbright that I would like to share. Continued »
Last week, Jay Bhatt took the reins at Progress Software Corp., the company announced. Bhatt will serve as president and CEO. Progress, which markets to both resellers and enterprise end-users, is a major player in the areas of SOA, BPM and CEP.
Prior to coming to Progress, Bhatt was responsible for Autodesk’s global Architecture Engineering and Construction Solutions Division, where he was in charge of software development, marketing, product management, product design, business development and finance resources. Mr. Bhatt also served as the CFO and Head of Corporate Development for Buzzsaw.com, before that company was acquired by Autodesk in 2001.
“I am honored to be selected for this important role and thrilled to be joining Progress Software at this critical time in the company’s evolution,” said Bhatt, as stated in the company’s press release.
“Progress has an excellent team, a large and impressive customer base, a loyal partner group and a very attractive portfolio of innovative products and solutions that enable businesses to become more responsive,” said Bhatt in a statement. ”
Bhatt takes posts formerly filled by Richard Reidy, who had held the jobs on an interim basis since an August announcement that he would vacate the positions. – Valerie Sarnataro
Innovative messaging and data architectures are being widely applied in Web applications these days – but approaches that work for the top-tier sites may not work well for others. While traditional RDBMs may not be the best path, the effort involved with making next-generation NoSQL DBs work may entail too much for typical shops, one noted database expert says. Perhaps not surprisingly, the expert, Michael Stonebraker, is presently touting an alternative to both traditional RDBs and upstart NoSQL DBs. He calls that alternative “NewSQL.” Continued »
Talend, which recently added ESB capabilities to its data integration platform, has added business process management (BPM) capabilities to Talend Unified Platform v5, announced this week at Gartner’s AADI Summit in Las Vegas, Nev. The move is part of the company’s effort to bring application and data integration closer together.
While Talend purchased its ESB capabilities (via acquisition of Sopera in 2010), it has chosen an OEM partnership with open source BPM maker BonitaSoft to fill-in its Talend Enterprise BPM offering.
Talend v5 with BPM enables users to integrate business workflows into their existing application and data infrastructure, said Yves de Montcheuil, vice president, marketing, Talend.
There are several reasons why application and data integration are converging, he said. “Organizations are under pressure to bring together the technologies to help efficiencies, but also to get more consistency in the way you bring data to integration,” said de Montcheuil.
He said the BPM software will add useful orchestration service support to the overall offering. Meanwhile, BPM can become part of the governance process, given the new integration.
From one SOA test expert’s perspective, 2011 saw a notable rise in agile development and related open source test software. Meanwhile, middleware testing continues to grow more complicated.
“What I saw this year was a rise of open source testing as an alternative to proprietary testing, as well as the continuation of service-oriented architecture,” said Frank Cohen, CEO, PushToTest, speaking with SearchSOA.com.
Both the Agile drive and the open source drive may soon impact middleware more widely, Cohen indicated. But a failure to come up with a common business interface pattern continues to challenge the user community.
“The IT industry has failed to create a standard for business integration. You can trace that back to Sun, Microsoft, IBM and Oracle not reaching an understanding on JBI [Java Business Integration],” he said, referring to a Java standards undertaking that is widely seen as having faltered.
“Without JBI, there is no way to model what the outcome of a business process is – nothing to write a test to, if you don’t have a standard that says what it does, ” said Cohen.
“The IT industry has failed to create a standard for business integration. So there are software developers building middleware either by hand coding at the language level using Java or building out a [proprietary] model,” he suggested.
PushToTest implemented a multi-step business workflow on Oracle, IBM and Tibco platforms to try and discern developer productivity and application performance differences end users might encounter. Involving Web services, the benchmark defines and implements a use case, adds HTTPS/SSL security, makes a change to a message schema and implements an asynchronous message delivery, and then runs a functional and performance test. PushToTest packs this all up in a SOAKit.
Cohen presented SOAKit performance results at a Tibco-sponsored presentation at this week’s Gartner Application Architecture, Development & Integration Summit in Las Vegas, Nev. PushToTest offers the software test suite as open source, available for free from its site as the SOAKit.
We spoke with Apigee’s Sam Ramji recently. He and the company, which focuses on API products for enterprises and developers, find themselves among those at the center of one of the rising trends in security services: OAuth.
In the past Ramji led open-source strategy across Microsoft, and was a founding member of BEA’s AquaLogic product team. He now acts as strategist for Apigee, where, along with others, he writes for the Apigee API Best Practices blog. He likens the token-based OAuth protocol to a valet key that allows users to go from Web site to Web site (from Twitter to TweetDeck, from Facebook to Twitter, from the New York Times to Facebook, and so on) without multiple logins.
”OAuth allows an application to act as an intermediary to services like Twitter – etcetera – on behalf of the end user,” he said. This type of token service for site hopping is a key mark of the Web 2.0 and the so-called ”App Economy” today. “We couldn’t have done this years ago,” said Ramji.
OAuth is said to play nicely with widely used Web-based REST methods. Moreover, Ramji suggested that OAuth makes a ”good enough” security service available to a broader group of developers. The mobile device explosion seems likely to expand OAuth use.
Previous alternatives involve a more complex set of processes for developers to learn. Of course, OAuth has its limits. OAuth aims directly at site-to-site application-to-application hopping over HTTP. It would be used in some enterprises along with SAML, OpenID and other more complex security services located as gateways nearer to vital backend systems.
OAuth can be seen as an indicator of a sea change in services, said Ramji. ”It is as a token-based security system that allows users’ account information to be used by a third-party application in a way that does not expose the user name and password to that application.”
What can go wrong? ”The process of wiring up OAuth is pretty complicated for the average developer,” said Ramji. ”Also, it is still a spec in motion. No two apps really quite line up easily.”
Apigee’s work is emblematic of the work of API-intensive companies that may change the economics of the software industry. –Jack Vaughan
The mobile web application development world may create many unanticipated aches and pains if word out of Adobe this week is a guide. The company said it would give up work on Flash plug-ins for mobile browsers.
Of course, the late Steve Jobs’ well-publicized disdain for Flash – he cited speed and memory issues among others – put Flash-on-the-iPhone into a skid well over a year ago. It had been perhaps the most ubiquitous web browser plug-in on PCs.
HTML5 has been on the rise in the mobile space, but why abandon a flagship product on the hot mobile platform?
Since the initial announcement met much concern among Flash development community members, an Adobe manager of developer relations looked to clarify things. Adobe’s Michael Chambers emphasized the cost of mobile development efforts due to mobile devices’ :
• Differences in screen sizes, resolution and interaction models between mobile devices and desktop PCs
• Generally slower, and higher latency network connections (which is often metered) on mobile devices, which makes it cumbersome, sometimes expensive, and sometimes impossible to repeatedly load rich content from the web on demand.
• The tight integration with the underlying operating systems that native applications provide.
• The tight integration between mobile app stores and the mobile operating systems, which removes most of the friction for discovering new content.
” For each new device, browser and operating system released, the resources required to develop, test and maintain the Flash Player also increases,” he continued. If it is true that this is difficult for one of the largest software companies, how vexing will mobile development strategy be for development heads at non-software companies? What do you think?