Morrison says a plus with OAuth is that it is a “good basic idea that sits well with modern developers.” On the other hand, because it is a pure, open standard, it lacks the discipline needed to ensure wide interoperabilty.” With much that remains undefined, Morrison says there is a tension between OAuth as a “quick, grassroots standard and the more rigorous requirements of a formal standard.” But OASYS is now working to formalize OAuth, which may yield positive results.

From his perspective, Morrison says that developers should be mindful of the huge role mobile devices are playing in driving identity management. “With mobile there has been a move toward specific, focused apps, most using RESTful-style protocols. Many of them find themselves depending on OAuth as a means of establishing identity to a remote server,” he says. That, in turn, is driving APIs to be more OAuth aware. “Mobile apps are really driving the whole API explosion,” he continues.

Another important issue to consider, says Morrison, is the increasing importance of multiple identities being established through mobile communications. For example, a mobile device may need to establish the identity of the app it is using and then (for activities requiring security) the identity of the individual user of the app. In other words, identity management can be a multiple layer challenge.

With an increasing number of enterprises expressing interest in moving SOA into cloud computing environments, security has been and continues to be at the forefront of concerns. Offerings like this one provide a way to manage identities in a more federated environment where business unites and external trading partners become a part of the architecture.

The product handles mediation, authentication and authorization of identity exchange for portals, web applications and XML-based web services inside federated service-oriented architectures. Using standards like SOAP and REST, Forum STS places a focus on customer-facing projects that are accessed from entities both internal and external to an enterprise.

The product’s approach involves the use of identity tokens, which the system translates from one protocol or messaging format to another. Using tokens, the company says, will decrease the need for developer involvement in identity management.

The company says Forum STS provides the following features:

• Centralized authentication, authorization and access control with identity token translation (cookies, Basic Auth, SSL, SAML, WS-Identity)

• Direct integration with major identity systems, including CA Siteminder, IBM TAM, RSA ClearTrust, Oracle Access Manager, Sun JSAM, HP SelectAccess, Kerberos KDC, ActiveDirectory, and LDAP

• Hardware acceleration and caching mechanisms to boost performance and scalability

• Security built on a JITC DoD PKI-, FIPS 140-2 Level-II infrastructure

• Simplified Token Exchange, which consumes and generates protocol and messages-based identity tokens, eliminating the need to code against proprietary libraries

If look at the recent deals, you see that AmberPoint SOA management software can manage transactions flowing across distributed environments that may include BizTalk Server as well as environments including DataPower appliances. That is quite a range.

As has been said elsewhere, ‘tracking the transactions’ is the name of the game in performance management these days. In SOA and composite applications, with many moving parts, it is a daunting game.

“You have to track each transaction individually. They don’t live in one spot,” said Ed Horst, Vice President of Product Strategy, AmberPoint.

With transactions, Horst reminds us, “the whole is greater than the sum of its parts.”

“Each individual piece may be performing per its requirements, but the overall transaction is not.” This is something that classic styles of performance tracking can miss. As Horst says: “All the ‘lights are green,’ but the transaction is not completing properly.”

Ops and developers know the business side of the house has short patience when the discussion is cycles and CPU utilization. They probably have more interest in the notion of transactions, at least if they are transactions that involve money. Rhetorically: Which poor performance events get the most attention?

Horst puts it this way: “Proper completion of the overall transaction is what leads to revenue for companies. It is where the money is. It is also where the fire drills are.”

Amid other AmberPoint activity this month, the company released a new version of its Business Transaction Management software, one that introduces Active Transaction Recording and a Transaction Search Engine.

The Transaction Search Engine takes its cue from one of the great technology success of recent years; that is: Search Technology.  We are used to looking and screens showing ‘red-lit’ problem areas, and then sorting through reams of logs to find aberrant behavior. The Transaction Search Engine provides a console that quickly locates specific transactions based on technical or business data – this could include account numbers or part numbers related to the transactions under question.

“The Transaction Search Engine allows you to use anything you know to search against the transaction history we have recorded,” said Horst.

He talks briefly about the role ITIL can play, and in more detail about an emerging notion that a ”Service Manager” role may have a place in the modern orgainization. He considers the notion of who today is responsible for ensuring services meet business needs and that infrastrucutre is adquate to support those services.

Baer asks if what is needed is ”a sort of uber role that ensures that the service
(1) responds to a bona fide business need
(2) is consistent with enterprise architectural standards and does not needlessly duplicate what is already in place, and
(3) won’t break IT infrastructure or physical delivery.

This is a thoughtful piece. Clearly, the sobriquet ”Service Manager” may need some tuning, as the title seems equally apt for an individual charged with scheduling oil changes or refrigerator repairs.

Related ITILness
”What’s a Service? Who’s Responsible?” - OnStrategies blog

“Try to test for things that you don’t expect to happen, he said in a new SearchSOA podcast. ”That’s particularly important when you’re testing security aspects of an architecture. Make sure what you’re testing is not part of the expected flow.”

Fredell also recommends that architects assume that things will go wrong with their SOA implementation and plan for glitches. 

“Architecting for fault tolerance, you assume what can go wrong will definitely go wrong,” he said. “If you’ve got a component of your architecture servicing requests, when that component fails, what does it fail over to, to insure that the clients of your service are not affected.

SOA requires thinking outside the box because it is different from monolithic or client/server applications in that you may not have control over all of the Web services interacting with your SOA application, the CTO said.

“The beauty and the risk associated with service-oriented architecture is on the one hand you can compose services and meet business needs very rapidly,” Fredell said. “On the other hand, you may only have control over one side of the equation, the side where the service is implemented. That may mean that people do things that you really don’t expect.”

Access an interview with Thomas Fredell on SOA and the Unexpected

“The newest market leading Systinet UDDI registry forms the cockpit for managing not only services, but with the newly added Business Process Execution Language (BPEL) support, takes the helm for business processes, too,” Gardner writes. “HP plans to further push the envelope on a master management value even further into IT operations and IT Service Management, as well as a PPM role with the registry.”

The addition of a configuration management database (CMDB) sets the stage for a wider “culture of governance” to emerge in enterprises, Kelly Emo, SOA product marketing manager at HP Software, tells Gardner. 

Gardner also points to a comprehensive assessment of HP’s governance products and strategies by fellow analyst Brad Shimmin posted on the Current Analysis Website.

In SOA provides a test for QA, HP finds, SearchSOA covered HPs expansion of governance to cover quality assurance. And in an earlier article, HP integrates design and runtime SOA governance, SearchSOA covered the design time / runtime integration in Systinet.

First, Progress snapped up IonaTechnologies Inc., adding Iona’s Artix ESB technology and CORBA legacy customer base. Then on Friday Progress announced that it has also purchased Mindreef Inc., the privately-held vendor of testing and service validation tools for service-oriented architecture (SOA), for an undisclosed price.

The Progress acquisition of Mindreef almost got lost in the hoopla surrounding the purchase of Iona, wrote analyst Joe McKendrick on his ZDNet blog on Thursday. He pointed out the importance of Mindreef’s philosophy of reaching out with its tools to practically everyone involved in SOA development.

“Mindreef’s emphasis has been on enabling professionals from all sides of SOA – architects, developers, and managers – to better collaborate on service design and implementation,” McKendrick wrote.

Jason Bloomberg, senior analyst, ZapThink LLC., who earlier in the week said the Iona deal made good sense for Progress, also saw value in the Mindreef acquisition.

“Both the Mindreef and IONA deals are great moves for Progress,” Bloomberg said. “Governance, quality, and management are more important to SOA success than middleware is, so it’s a great sign that they’re adding SOA quality to the mix.”

Change management is a crucial piece of SOA that appears to be missing in many vendor offerings, the ZapThink analyst noted. 

“After all, unless you enable broad-based service consumption and composition in environments of continual change, which is what SOA is all about, you can’t have effective SOA. It’s surprising that more SOA infrastructure companies haven’t made a deeper investment in SOA governance, quality, and management solutions, since they will rapidly realize that the success of their SOA initiatives depend on successfully addressing those issues.”

 This week’s acquisitions of Iona and Mindreef were a win-win for Progress in Bloomberg’s view.

“Progress is doing a great job of rounding out its SOA offerings by adding Mindreef’s SOA quality solutions to the mix,” the ZapThink analyst said.

In a statement released on Friday regarding the Mindreef acquisition, Progress said it was adding three Mindreef tools to its Actional SOA Management product line:

• SOAPscope Server
• SOAPscope Architect
• SOAPscope Developer

Progress and Mindreef are planning a Webinar in mid-July to further explain how the products will fit together, according to McKendrick.

The two companies were both rated as leaders in respective governance areas by two major analyst firms, said Roberto Medrano, SOA Software’s executive vice president, in making the argument that the new whole will be greater than the sum of its parts.

Pointing to a Gartner Inc. magic quadrant for “Integrated SOA Governance Technology Sets” published at the end of 2007, he said, “Why do we say we’re leaders? It’s not because we say it. Gartner says SOA Software is a leader in SOA governance. LogicLibrary is there as a visionary. The combination of SOA Software as a leader and LogicLibrary as a visionary certainly puts us up there.”

Medrano then points to a Forrest Research Inc. wave chart for ”SOA Service Life-Cycle Management,” published in the first quarter 2008, which shows LogicLibrary and SOA Software in the running for leadership roles in a graphical scrum with IBM, Hewlett Packard Corp., and Software AG. BEA Systems Inc., now being acquired by Oracle Corp., rises above the rest in the Forrester view.

The acquisition of LogicLibrary by SOA Software follows a trend among governance vendors that is likely to continue, writes Dana Gardner, principal analyst of Interarbor Solutions LLC., in his blog today about the deal.

“The merger underscores not only the SOA vendor consolidation trend (ongoing), but also highlights the market driver of more end-to-end governance and management aspects of SOA deployments,” Gardner writes. “HP and TIBCO also had recent announcements that point up a wide and more automated approach to SOA governance/management.”

“What’s more,” Gardner added, ”I expect to see more of this ‘total management’ approach to SOA coming from the open source SOA infrastructure providers, too.”

The strength of the SOA Software/Logic Library combination, Medrano argues is that while the two companies are highly rated on the same analysts’ charts, their technologies are complementary, adding to the greater whole with little overlap.

“There is no real competition between us and LogicLibrary in terms of the assets and products that we have,” the SOA executive said. Concluding that with their product lines merged: “We become one of the few if not the only one that provides the entire SOA governance for all the enterprise assets.”

Alan Himler, who until today was CEO and chairman of LogicLibrary and is now senior vice president, product management for SOA Software, said the combined governance technologies cover more than Web services.

“The beauty of it is that it covers not just services but other types of assets,” he said. “We can offer a solution from the distributed level up to the mainframe.”

The executives of the two companies points to the individual technologies they offered:

SOA Software technology included:

• policy lifecycle governance
• SOA registry, service lifecycle, compliance policy
• operational governance
• service security, mediation, management, operational policy

LogicLibrary offered:

• SOA asset lifecycle management
• SOA development governance and SOA repository
• IDE and SCM integration

Medrano pointed out specific areas where LogicLibrary products will strengthen SOA Software offerings. He said the LogicLibrary Logidex product complements its SOA Service Lifecycle Management position with added capabilities including:

• Compliance policy definition and validation
• Mainframe artifact discovery
• Management policy definition and integrated implementation and enforcement
• Depth of support for service definitions
• Enhanced standards support
• Richer RBAC model and IDM system integration
• Federated identity and trust mediation

SOA Software’s Workbench is strengthened with capabilities from LogicLibrary including:

While financial details of the acquisition involving privately held companies was not released, Medrano said it involved a stock transfer. He said Los Angeles-based SOA Software will maintain the LogicLibrary offices including the Pittsburg, PA headquarters, and the Rochester MN research lab. The majority of the staff will also be retained, he added.

That’s the reason Red Hat Inc. bought Amentra Inc., a integration services provider headquartered in Richmond, VA., which specializes in providing SOA knowledge transfer for its clients. In making this deal, Red Hat is betting that Amentra can provide the consulting services needed to support JBoss,  the middleware company Red Hat acquired two years ago.

In a recent Q&A interview at JBoss World, Craig Muzilla, vice president of middleware business at Red Hat, talked about the pain points organizations run into when tackling SOA.

In an interview after the Amentra deal closed this week, Muzilla stressed how important SOA expertise is to the middleware market in general and JBoss in particular.  He said companies making the transition from legacy mainframe or client/server to SOA often lack the expertise in-house to do the job.

“Amentra has a unique methodology focused around knowledge transfer,” he said. “Not only do they help design SOA and help the customer do some projects and implement project, but they also transfer that knowledge so the customer can be more self-sufficient.”

Bradley F. Shimmin, principal analyst of application infrastructure at Current Analysis LLC. agreed that knowledge transfer is one of the strengths Amentra adds to Red Hat and JBoss. Saying that this acquisition is “a perfect fit for Red Hat,” he noted that existing consulting services for JBoss had relied heavily on partnerships, and were not a match for the consulting services offered by the larger SOA vendors, such as IBM. The Amentra acquisition will begin to help close that gap.

Providing consulting in support of JBoss may be critical if Red Hat is too rearch its announced goal of capturing 50 percent of the enterprise middleware market by 2015.

In the blogsphere, Red Hat has received some criticism for its marketing of the JBoss products, which Muzilla sought to clear up earlier this week on Dana Blankenhorn’s ZDNet blog.

After the Amentra deal was announced, Larry Dignan, also blogging on ZDNet, wrote: “The deal, announced Thursday, gives Red Hat some foot soldiers to sell the company’s stack of software including JBoss. which has been a tough sell.” 

Of course, Amentra is not on a par with something like IBM Global Services.

Shimmin notes that Amentra is based on the East Coast and that is where most of its clients are located, although it is doing work as far West as Chicago and Texas. The company is looking at expanding further West to the Pacific Coast. Plans to have any European or international operations seem to fall into the yet-to-be-determine category.

Obviously that can change dependent on the service in question, but it dawned on me that a good set of examples would be in order. Thomas Erl has listed some essentials for what should be in a service description:

• the service endpoint
• each service operation
• every input and output message supported by each operation
• the data representation model of each message’s contents
• rules and characteristics of the service and its operations

That’s a great starting point, but it’s no substitute for the finished product. Fortunately there is a reservoir of WSDL expertise out there, namely you, or at least some of you who are reading this. What we’re looking for is your WSDL examples. Send them to us and we’ll publish them so that other architects and developers will have some concrete examples to reference.

It can be WSDL 2.0 or WSDL 1.1. If some of you have tried to use WADL for REST-based services, we’re interested in that as well. You should include an explainer of why you made the choices you did and any key takeaways for those who are referencing your example. What we’ll do is create a specific spot on the SearchSOA.com site for all the submissions, a working WSDL resource center.

Enough people are doing this that we ought to provide them with guidance on how to do it well. You can e-mail submissions directly to mmeehan@techtarget.com.