Welcome!

Between Cloud, Mobility and the Enterprise is the API Middle Ground

Scott Morrison

Subscribe to Scott Morrison: eMailAlertsEmail Alerts
Get Scott Morrison via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Scott Morrison

Business has long pursued the goal of making IT more of a strategic tool and less of a necessary evil. Organizations are constantly looking for easier, cheaper, and more logical ways to build applications and unite the silos of functionality they still depend on. One approach that has met with some success is the concept of just-in-time integration - a technique to combine new functionalities as quickly and cheaply as required, whether they reside inside an organization or outside of it (i.e., with a business partner). From the architectural perspective, just-in-time integration is a cornerstone of service-oriented architecture (SOA). Under SOA, applications consist of aggregations of calls to services. Services are simply coarsely grained functions that are made available to invoking applications using a consistent semantic. They might encapsulate a well-defined un... (more)

How Secure is Cloud Computing?

Cloud Expo on Ulitzer Technology Review has published an interview with cryptography pioneer Whitfield Diffie that is worth reading. I had the great pleasure of presenting to Whit down at the Sun campus. He is a great scientist and a gentleman. In this interview, Diffie–who is now a visiting professor at Royal Holloway, University of London–draws an interesting analogy between cloud computing and air travel: “Whitfield Diffie: The effect of the growing dependence on cloud computing is similar to that of our dependence on public transportation, particularly air transportation, wh... (more)

Visualizing the Boundaries of Control in the Cloud

Cloud Security Journal on Ulitzer Two weeks ago, I delivered a webinar about new security models in the cloud with Anne Thomas Manes from Burton Group. Anne had one slide in particular, borrowed from her colleague Dan Blum, which I liked so much I actually re-structured my own material around it. Let me share it with you: This graphic does the finest job I have seen of clearly articulating where the boundaries of control lie under the different models of cloud computing. Cloud, after all, is really about surrendering control: we delegate management of infrastructure, application... (more)

Using URI Templates on XML Security Gateways

Earlier this fall, Anil John put out the following Twitter challenge: “@Vordel, @layer7, @IBM_DataPower If you support REST, implement support for URI templates in XML Security Gateways” Somebody brought Anil’s tweet to our attention this week, and Jay Thorne, who leads our tactical group, put together a nice example of just how to do this using SecureSpan Gateways. URI templates are a simple idea to formalize variable expansion inside URI prototypes. A receiving system can then trivially parse out substituted components of the URI and use these as input. There’s an IETF submissio... (more)

End-to-End Web Services Security

I recently had a great, freewheeling discussion with Daniel Raskin, Sun’s Chief Identity Strategist. Daniel runs the Identity Buzz podcasts. We talked about issues in identity and entitlement enforcement in SOA, compliance, and the problems you run into as you move into new environments like the cloud. Daniel’s post about our podcast is on his blog. You can download the podcast directly right here.  ... (more)