SOA at Cloud Expo
Techcrunch reports that Google has some implicit suggestions about
newspapers, based on the drop-down suggestions it gives when you begin a
search with "Newspapers are."
It's a nice example of the hive mind at work.
But check out the first suggestion Google gives you if you type "Cloud
Computing is" into a Google search bar.
I won't spoil the surprise here.
Interestingly, Google used to give similar suggestions for "SOA is", but the
results are now a lot less frank and confrontational than they were a month
Does this show a change in general attitude about SOA, or is it just that
Google cleaned up the results? hmm.
In an insightful post, Paul Miller asserts that "Cloud providers’ own
systems will tend to be more secure than those that the majority of potential
customers have in-house today". You may ask - So why is cloud security seen
as a problem then? The problem, as he points out, is the customers who place
insecure applications into those pristine, secure Cloud hosting environments:
The customers who open up all the ports you so carefully closed by default.
The customers who use ‘password’ as their password. The customers who
deploy sloppy code that’s riddled with holes. The customers wh... (more)
SOA at Cloud Expo
Many applications, including ESBs and Application Servers from Oracle and
Sun, consume SAML assertions.
Testing these applications can be a chore, since they require using a toolkit
or API to create a SAML assertion.
A good alternative is to use the free Vordel SOAPbox product includes the
ability to create a SAML Assertion to be placed into an XML message, just
using point-and-click configuration.
Under the "security" menu item you can see the "Insert SAML Token" option:
You configure the SAML options graphically, no coding required:
This results in a SAML Asser... (more)
Recently I was researching BPEL composites in the Oracle SOA Suite and I
found this excellent blog post by Shreekanta Roy Chowdhury about securing a
BPEL composite using Oracle Enterprise Gateway.
The post even provides a very useful Google doc (with screenshots!) of how to
install and configure OEG.
Highly recommended reading, if you are working with this particular set of
This week, my colleague Ed King presented a webinar with Eve Maler (@xmlgrrl)
from Forrester about why organizations should become identity providers. This
is an important topic. Organizations are leaking identity. The path of least
resistance is for an employee to use a SalesForce.com login, another SaaS
service login, or even a Google Apps or Facebook login to log into a
third-party site. The third-party site could be a B2B procurement hub, or a
corporate travel service. In that case, the SaaS service becomes crucial as
the IdP (Identity Provider) which enables the user to log ... (more)