By Alan Earls – For his part, Scott Morrison, CTO at Layer7, a provider of API security and governance for service-oriented, Web-oriented and cloud-oriented integration, argues that OAuth is the most interesting thing happening in identity and access management services.
Morrison says a plus with OAuth is that it is a “good basic idea that sits well with modern developers.” On the other hand, because it is a pure, open standard, it lacks the discipline needed to ensure wide interoperabilty.” With much that remains undefined, Morrison says there is a tension between OAuth as a “quick, grassroots standard and the more rigorous requirements of a formal standard.” But OASYS is now working to formalize OAuth, which may yield positive results.
From his perspective, Morrison says that developers should be mindful of the huge role mobile devices are playing in driving identity management. “With mobile there has been a move toward specific, focused apps, most using RESTful-style protocols. Many of them find themselves depending on OAuth as a means of establishing identity to a remote server,” he says. That, in turn, is driving APIs to be more OAuth aware. “Mobile apps are really driving the whole API explosion,” he continues.
Another important issue to consider, says Morrison, is the increasing importance of multiple identities being established through mobile communications. For example, a mobile device may need to establish the identity of the app it is using and then (for activities requiring security) the identity of the individual user of the app. In other words, identity management can be a multiple layer challenge.
By Jack Vaughan
It wasn’t that very long ago when Oracle CEO Larry Ellison was denigrating the cloud – but, like others, he and his company now have a strong case of cloud fever.
The company has its own take on the new technology, heading just recently at cloud computing from the direction of software management. This week at Oracle Open World, the company addressed cloud governance issues with Oracle Enterprise Manager Cloud.
Oracle Enterprise Manager Cloud capabilities include: Cloud planning tools that allow architects and cloud administrators to model their cloud environment in order to optimize use of resources, as well as a capacity and consolidation planner that supports automated workflows.
When we spoke not long ago with Enterprise Architect Ramsay Millar, the discussion centered on the types of tools that you might utilize when pursuing a framework for SOA. Now we are quite pleased for Ramsay to appear as an author on SearchSOA.com.
In ”Learning about business architecture the hard way,” he takes a look at the role of business architecture in creating failures or, more positively, in promoting successful SOAs. Without business architecture, the best we may hope for is SOA silos, he writes. Business value has always been an area of discussion for the thoughtful IT leader, but business capabilities and business architectures seem to be discussed more and more these days by SOA thought leaders. What do you think? Let us know.
Long-time SOA mainstay Progress Software said it is addressing apparent SOA limitations with a pre-integrated enterprise integration package announced this week at the company’s yearly user conference. The software is composed of the Progress Sonic enterprise service bus (ESB) and the Progress DataXtend Semantic Integrator.
Enterprises can use the pre-integrated Sonic ESB and DataXtend SI enterprise solution alone or together with the Progress Actional SOA Management platform, according to the company.
Speed in development is at issue for SOA today, said Bloor Research founder and analyst, Robin Bloor. ”For IT to be successful in supporting business, it has to evolve its approach to SOA to be more responsive, particularly in how it handles change with regard to data semantics and policy,” he said in a prepared statement. At the Progress Revolution 2011 user event last week, he expanded on his thesis that ESBs must improve.
The limits identified for expanded use of SOA and ESBs are several. They include data limitations.
“Initially, SOA didn’t address data limitations, and early SOA implementations uncovered some additional challenges, of which one of them is data – data interoperability issues, data in context, and having a data model that doesn’t need to be changed every time you make a change to an application,” said Colleen Smith. A lot of the focus in the new product combo is meant to specifically address these data limitations, she said in an e-mail message.
In some ways, mobile development is a bit like the bad old days of multiple Unix versions. Development teams can be kept busy full time just cycling through the multiple OSes they need to support.
For that reason, the plethora of mobile platforms will continue to be an obstacle for many enterprise application builders. In the view of Forrester Research Analyst Jeffrey Hammond, cost is a major factor.
There are little savings found for those who develop to multiple platforms, Forrester’s research suggests. Much of the cost of development for the original platform is encountered again in the subsequent application ports, Hammond told an audience at Forrester’s Application Development and Delivery Forum in Boston.
”People are saying it costs 50 to 70% [of the original project cost] to port to a second platform,” he said. Even in cases where needs for rewrites slim, testing and tweaking for different devices’ screen sizes can still run from 20 to 30% of the cost of the original project, according to Hammond.
But, because there are performance benefits to native mobile OS support today – and performance can be the decisive factor in mobile application success – the dilemma of multiple ports may be with us awhile.
Hammond cited one, native; two, Web; three, hybrid; and four, mobile middleware as a service as the main approaches to mobile application development at present.
Microsoft created its own world with its own language for .NET. This has created a veil that is sometimes difficult to see through. It walks its own path, and has never hyped SOA to the extent other big vendors have. its primary area of interest is additions to the Windows Communication Foundation (WCF) application development framework, which underlies its application integration servers. The down-playing of SOA should not obscure the important part Microsoft has played in driving Web services. This came to mind as we spoke recently about WCF with Ian Goldsmith, Vice President, Product Management, SOA Software. We asked him about Microsoft’s role in services software.
He said: ”There are Web services. And there is SOA. Microsoft has been pretty early in adoption of Web services. Where it has not put as much energy is in enabling enterprise SOA – in enabling the infrastructure of SOA. It is content with its application development framework. Microsoft has deliberately not focused on SOA governance.” This, of course, is fine with SOA Software, which supports heterogeneous systems.
For its part, SOA Software has just released a new version of its Unified SOA governance automation tools for Microsoft’s Enterprise SOA platform. It is a way of dealing with SOA services across both Java and .NET platforms, a requirement that many of Microsoft’s enterprise customers often have. The new products manage and govern Web services on Windows Communication Foundation (WCF), BizTalk Server, and ASP.NET, offer improved automation of deployment, expanded auto-discovery of Web services.
New in the release is improved support for various WS policy standards. Moreover, deployment has been simplified. And ASP.NET artifacts are covered now.
”We help make sure the services in WCF will comply with those in the Java world,” he said.
He continued, ”WCF actually takes a pretty rigid approach to the [WS- Security Policy] standard. Some of the Java implementation are more lax.”
Goldsmith said the SOA Software tools can automatically up-level the capability of the Java-side services, or take over and downgrade the strictness of WCF services’ WS-Policy, WS-Security Policy and WS-addressing policy, if that is what a SOA governance policy calls for.
When Microsoft first rolled out its Windows Azure cloud computing architecture, it stepped a bit out of persona, going so far as to support work on a Java SDK for non-C# developers looking to place apps on Microsoft’s new cloud. Still, most updates aimed at easier Azure cloud application deployment are of the .NET variety – not Java or J EE.
Exceptions to the ”.NET-mainly” trend for Azure have emerged. Earlier this year, interoperability specialist JNBridge released JNBridge Pro 6.0 with support for cross platform cloud implementations that span the .NET and Java languages. This week, Java in-memory data grid pioneer GigaSpaces announced tools that take complex Java application and integration software as-is and places it on the Windows Azure cloud platform.
Known as Cloudify for Azure, the software prepares applications by providing a Groovy-based domain-specific language for bundling deployment scripts, as well as basic out-of-the-box patterns for launching Java-on-the-cloud elements that can include the Apache server, Cassandra distributed database, the Spring framework, the XAP in memory data grid and others.
The developer can work in a familiar Java environment, which distinguishes Cloudify for Azure from first-generation clouds that required the development team to adopt the cloud provider’s language of choice. That can be a difficult aspect of what has come to be known as Platform-as-a-Service (PaaS).
”People get the direction to move to the cloud. Then they find out it can be much harder than they thought,” said Paul Burns, Analyst, Neovise. ”If they could move their applications ‘as-is,’ it is not that hard after all.” Continued »
Closing the gap between the needs of the business user and the capabilities of the developer is a driving demand these days. It is also a major theme of Forrester Research’s upcoming Application Development & Delivery Forum 2011 (Sept. 22-23 in Boston, MA). Continued »
While working for a large consultancy and later on his own during the 2000’s dot.com bust, Steve Yaskin commonly had to find a way to access undocumented and orphaned CRM and ERP applications in order to integrate them with Web and other applications. The approach he took to tooling, enhanced and extended, is now being applied to the task of any-to-cloud integration.
To delve into the enterprise application ‘black boxes’ of yore, Yaskin, now Founder and CTO with Queplex Corp., devised tools that connected to the data bases in question and abstracted business objects out of the resident data. A central element is what Yaskin calls a ‘persistent meta data server.’
Yaskin and company have expanded on the early tools, giving them an any-to-cloud integration twist. This week at the Salesforce.com Dreamforce conference, Queplex rolled out QueCloud on the AppExchange, which allows enterprises to integrate Salesforce with cloud and on-premise applications from vendors such as SAP, Oracle and NetSuite. It seems that a good view into enterprise application data is even more crucial now that real-time BI and cloud applications are becoming de rigueur.
Tools help as data integration project time is so often squandered on laborious data discovery stages, as Mark Brunelli notes in ”Experts reveal the top 5 data integration best practices” on SearchDataManagement.com. Visibility into data objects is a crucial first step in data integration, according to Yaskin of Queplex, who speaks with Brunelli in this article.
Slowly but surely, SOA has become an accepted way for enterprises to do software. There were many reasons for uptake to lag, not the least of which was that it was hard work to form software into manageable services. SOA services are still a work in progress, but they have become an accepted methodology. Continued »