In a previous article I had argued that the end-to-end model was a bad one for SOA. In comments on that article Nick Gall made the point that I was using the term end-to-end incorrectly. I countered that the meaning of the term was different for application protocols than for transport protocols (where Nick's usage … Posted in SOA/Web/Etc.. Use this permalink for a bookmark.
After three years of rotting in prison with no charges as an 'enemy combatant', American citizen, Jose Padilla, arrested on American soil, has finally been charged with a crime and transfered from military to civilian authority. Lawyer's on Padilla's behalf had appealed his status as an 'enemy combatant' leading to a variety of legal cases … ∞
"This is an industry, it's a business. We exist to make money. We exist to put commercials on the air. The programming that is put on between those commercials is simply the bait we put in the mousetrap." – Ted Koppel, retiring anchor, ABC New, Nightline Obvious? Yes. But still worth remembering. Quote taken from … ∞
In this article I first look at the use cases for encryption in SOA and explore three scenarios: hop-by-hop, end-to-end and beyond messaging. I conclude that most folks just need hop-by-hop messaging, specifically SSL. I then look at issues relating to encrypting messages outside of the enterprise and conclude that most services probably don't need … ∞
In this article I explain why (in my non-qualified opinion as a non-lawyer) I think most people are wasting their time when they worry about non-repudiation of SOA messages.
In my search for how real people are implementing SOA I just about never see SOAP, and WSDL seems unheard of. But when I point this out I inevitably get yelled at and told SOAP and WSDL are used all the time. Which is true, but misses the point. Because what SOAP and WSDL are … Posted in SOA/Web/Etc.. Use this permalink for a bookmark.
In an article I wrote about TOR I mentioned that one of the reasons to use TOR is that you don't know what you have to hide. Things you do today, like reading certain materials, visiting certain websites, exchanging e-mails with certain persons could, in the future, prove to be enough to destroy your life. … ∞
In SOA application modeling there are two basic approaches, end-to-end and hop-by-hop. The end-to-end model is based on an originating sender, a series of intermediaries and a final destination. In the hop-by-hop model each service only knows about the next hop service and nothing more. Below I argue that the end-to-end model inevitably leads to … ∞
Authentication is often seen as a cheap and easy security solution but it is anything but. Authentication is a significant threat to re-use and it can cause a false sense of security that leaves services open to real threats. But when authentication is called for there are outstanding, well proven solutions that are almost certainly … Posted in SOA/Web/Etc.. Use this permalink for a bookmark.
SOAR-ity is intended to allow for "reliable" (this term is almost always a misnomer) messaging over HTTP. It achieves this goal by introducing two new request headers, MID which provides a unique ID for a message and MsgCreate which contains the date and time on which the first instance of the message with the associated … ∞