Welcome Welcome to our blog about all kind of topics that are related to software development. We blog about:
SOA, BPM, EDA, ECM and all the other buzz words. Beware some post might not be so common as you think. We are not scared to go against main stream thoughts.
Technologies like java, maven, springframework, OSGi and front end technologies and frameworks like jQuery, DWR, Flex.
Finally to make this happen we need tools and of course a Mac (well some of us do). So we blog about that as well.
Linked in We now have a linked in group, join the group if you are a regular reader and want to see who else reads this blog.
 |
By Ben, on July 26th, 2008
When designing components for a SOA landscape (or any multiprocess system), the primary concern is with the communication behavior of the component: how messages are passed to and from the component and in what order, what those messages are and what constitutes a valid message and what doesn’t. When the time comes to implement the component, related concerns come into play: how are messages projected from the communication language into the domain model and into the implementation language, how are communication patterns met and ensured, et cetera. In addition the project technical architect has to consider how to implement the component’s domain without hardlinking it to any other components whose domains are known or to the communication medium du jour (unless the component’s purpose is linked to that medium).
Now here’s the strange thing: with all the concerns that go into design of components at all levels (from the enterprise architect down to the developers of the different components), one of the most overlooked things in SOA component building is the handling of cross-component error handling.
Continue reading SOA component design: thinking about error handling
By Allard, on June 1st, 2008
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
In part 1 , I’ve dealt with Username Token authentication, an easy to use way to provide an authentication mechanism for your web service.
In part 2 , I have described Transport Layer Security (TLS) -formerly known as Secure Socket Layer- and message encryption.
In this part, the last one in this series, I will explain how the the digital signature can provide some form of security in web services.
Continue reading Feeling secure with Web Services – Part 3 – Digital Signature
By Allard, on May 26th, 2008
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
In part 1 , I’ve dealt with Username Token authentication.
In this article, I will describe Transport Level Security (TLS), formerly known as Secure Socket Layer and message encryption.
Continue reading Feeling secure with Web Services – Part 2
By Allard, on May 20th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your services, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
This article will go more in-depth in the Username Token authentication.
Continue reading Feeling secure with Web Services – Part 1 – The UsernameToken
By Allard, on May 17th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In this article, I’ll explain the different methods of securing your Web Services, how each of the methods work and what you actually secure by applying each method.
Continue reading Feeling secure with Web Services – Introduction
By Ben, on March 21st, 2008
jQuery(document).ready(function($) { window.setTimeout(‘loadFBShareMe_76()’,5000); }); function loadFBShareMe_76(){ jQuery(document).ready(function($) { $(‘.dd-fbshareme-76′).remove();$(‘.DD_FBSHAREME_AJAX_76′).attr(‘width’,’53′);$(‘.DD_FBSHAREME_AJAX_76′).attr(‘height’,’69′);$(‘.DD_FBSHAREME_AJAX_76′).attr(‘src’,'http://widgets.fbshare.me/files/fbshare.php?url=http://www.gridshore.nl/2008/03/21/shooting-ducks/&size=large’); }); }If you want to make an omelette… you have to shoot some ducks! A counterpoint to Arjen Poutsma’s WS-DuckTyping
Author’s note: this was actually an article written by me for a different publication some time back. However, this is its first publication.
Introduction
In [...]
|
|
Popular