Posted by: James Denman
Security, SOA appliances, XML
Earlier this month I wrote an article on a Software as a Service provider that employed a SOA security appliance for authentication and identity federation. OmegaFi, the SaaS provider in question, fills an interesting niche – providing financial services for Greek fraternities and sororities. Helping college kids run their organizations more like a not-for-profit business is not always easy, but OmegaFi has thrived on their particular set of challenges. I recently had some correspondence with the company’s CIO, John Woolbright that I would like to share.
According to Woolbright, OmegaFi started out in the early nineties with a client/server based software application that they sometimes had to install for college students that were not yet computer savvy. The company quickly moved to Web applications as the Internet grew in popularity, and now it provides software as a service via the Web.
One of the technical challenges that OmegaFi faces is keeping up with the expectation of their core user base who are now much more tech-savvy than college students were two decades ago. Today’s fraternity treasurers grew up with Google and Facebook and expect a seamless user interface. As OmegaFi integrated with third-party systems to provide a broader range of financial services and customization options, they found their own integration architecture lacking. “We didn’t have the ability to offer up and secure data services from our system to trusted third parties,” lamented Woolbright.
To overcome that challenge, Woolbright turned to an XML gateway from Forum Systems. The security appliance focuses on identity federation to increase integration opportunities while increasing the Web applications’ overall security. According to Woolbright, there were use cases new to Forum Systems that had to be worked out. “We worked with Forum to build new types of authentication standards into their product that would work well with proprietary systems we’ve built from scratch to serve our clients’ unique needs.”
Reflecting on the process, Woolbright had a few pieces of advice for other CIOs that are looking at adding security or ID management appliances into their application infrastructure:
- First on Woolbright’s list is the breadth of third-party identity providers with which the appliance can be integrated. Focus on using industry standards to play well with other applications that are identity service consumers.
- Second, “Look for products that can use identity across both the front-end Web applications and the back-end data services so that you have identity enforcement throughout the entirety of the transaction.”
- Don’t overlook traditional gateway features like security, performance and transaction monitoring, debugging and load balancing. Woolbright stresses that gateways vary greatly with respect to the ease of use of their products and tooling.
- “Finally, it is important to look at how the appliances can help you govern your infrastructure by providing information about the transactions you are delivering to consumers,” Woolbright concludes. Adding that many tools provide useful service logging features that can ease maintenance tasks.