Business has long pursued the goal of making IT more of a strategic tool and
less of a necessary evil. Organizations are constantly looking for easier,
cheaper, and more logical ways to build applications and unite the silos of
functionality they still depend on. One approach that has met with some
success is the concept of just-in-time integration - a technique to combine
new functionalities as quickly and cheaply as required, whether they reside
inside an organization or outside of it (i.e., with a business partner).
From the architectural perspective, just-in-time integration is a cornerstone
of service-oriented architecture (SOA). Under SOA, applications consist of
aggregations of calls to services. Services are simply coarsely grained
functions that are made available to invoking applications using a consistent
semantic. They might encapsulate a well-defined un... (more)
Cloud Expo on Ulitzer Technology Review has published an interview with
cryptography pioneer Whitfield Diffie that is worth reading. I had the great
pleasure of presenting to Whit down at the Sun campus. He is a great
scientist and a gentleman.
In this interview, Diffie–who is now a visiting professor at Royal
Holloway, University of London–draws an interesting analogy between cloud
computing and air travel:
“Whitfield Diffie: The effect of the growing dependence on cloud computing
is similar to that of our dependence on public transportation, particularly
air transportation, wh... (more)
Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, application... (more)
Earlier this fall, Anil John put out the following Twitter challenge:
“@Vordel, @layer7, @IBM_DataPower If you support REST, implement support
for URI templates in XML Security Gateways”
Somebody brought Anil’s tweet to our attention this week, and Jay Thorne,
who leads our tactical group, put together a nice example of just how to do
this using SecureSpan Gateways.
URI templates are a simple idea to formalize variable expansion inside URI
prototypes. A receiving system can then trivially parse out substituted
components of the URI and use these as input. There’s an IETF submissio... (more)
I recently had a great, freewheeling discussion with Daniel Raskin, Sun’s
Chief Identity Strategist. Daniel runs the Identity Buzz podcasts. We talked
about issues in identity and entitlement enforcement in SOA, compliance, and
the problems you run into as you move into new environments like the cloud.
Daniel’s post about our podcast is on his blog. You can download the
podcast directly right here.