In an upcoming SOA Executive Forum, in New York, Jon Udell will be spending a day discussing various topics including security. And he's soliciting input.
Jon's talk will discuss several security topics including gateways and WS-* standards etc. I sent Jon the following suggestion:
Regarding the upcoming SOA Executive Forum. I see that you will be discussing security and SOA. I didn't see in the summary paragraphs the issue of cross platform security in an SOA.
Modern SOA implementations in large organizations are likely to include multiple platforms: mainframes, Java, CORBA, .NET, COM, MOM, EAI, etc. With even a small mix of the above technologies a SOA may have to facilitate the propagation of security contexts/credentials from one technology/platform to another. It would be useful if your talk discussed this topic, perhaps by use of a scenario where a .Net client signs on and needs to be authenticated and authorized right through a J2EE based servlet or bean and on to a backend mainframe based CICS transaction. (Transaction propagation is for another day).
An Enterprise Services Bus (ESB) (I haven't decided whether I like this term or not) is supposed to address this problem. Well at least an Extensible ESB, as we would claim at IONA1.
1For disclosure purposes please note I work at IONA Technologies which builds an extensible ESB product called Artix.
The views expressed in this article and others on www.ipbabble.com are
my own and do not necessarily represent the views of my employer.
UPDATE 10/09/08 - I no longer work for IONA. I now work for Red Hat
IP Babble is the personal blog of William Henry.
Leave a comment