After you've validated a UsernameToken, or checked an XML Signature, it is
often good practice to then strip out the WS-Security blocks containing items
like tokens and signatures, before sending them downstream to a Web Service.
In some cases, you are stripping these out because you don't want the
password to remain in the message. In other cases, you may know that the
downstream Web Service will choke on the WS-Security block. It also makes the
The Vordel XML Gateway ships with a built-in stylesheet for stripping
WS-Security blocks from SOAP messages. You can see this in the Policy
Library. Simply apply this to a service, put it into a chain to run after
you've processed the WS-Security headers, and voila the headers are gone.
Grab a copy of the Vordel Gateway from here:
ProgrammableWeb has published a story about how Netflix is taking its API
private. In the article, Patricio Robles writes that:
"Effective immediately, Netflix has stopped issuing new public API keys to
developers and is no longer accepting API affiliates. It is also putting the
message boards on its developer portal into read-only mode"
what is Netflix doing instead? It is focusing on the known developers who
wish to use its APIs. As the ProgrammableWeb article explains, this "small
group of kn... (more)
Cloud Computing Journal
Following the translations in Japanese and Spanish, the Connecting to the
Cloud series of articles, which I wrote for IBM DeveloperWorks, is now
available in Chinese. The series introduces cloud platforms such as Force.com
and Amazon SQS, including code samples in Java, and governance and policy,
again including code samples (an Amazon policy expressed in JSON). The
Gateway "onramp" model is described.
Part 1: 连接到云，第 1 部分: 在应用程序中使用云
Part 2: 连接到云，第 2 部分: 实现混合云模型
Part 3: 连接到云，第 3 部分: 云治理和安全性
Windows Azure at Cloud Expo
Today, Alexander Wolfe has been speculating about Microsoft's patent
application regarding data migration between cloud services.
Although on the face of it, a patent for Cloud migration would appear to be
aimed at removing the lock-in associated with a single vendor, the patent
application is in fact aimed within a single vendor system.
So, it doesn't address the Cloud lock-in problem which has been identified by
ENISA as the #1 risk of cloud computing
Lock-in to a single vendor can be addressed using a Cloud Service Broker
solution which mitigates aga... (more)
Jon Stokes from Ars Technica has an interesting interview today with Ping Li
of Accel Partners - excerpt: (JS = Jon Stokes, PL = Ping Li)
JS: When you say "the new cloud stack," give me some perspective on how
you've seen the evolution of the stack in the past two years.
PL: The evolution of the stack starts with the mainframe, and everyone is
always trying to recreate the mainframe by taking advantage of new
technologies. So client-server was taking advantage of processing technology.
Web services enabled applications to be networked more efficiently. A lot of
cloud innovation ha... (more)