Welcome!

VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mark O'Neill

In an insightful post, Paul Miller asserts that "Cloud providers’ own systems will tend to be more secure than those that the majority of potential customers have in-house today". You may ask - So why is cloud security seen as a problem then? The problem, as he points out, is the customers who place insecure applications into those pristine, secure Cloud hosting environments: The customers who open up all the ports you so carefully closed by default. The customers who use ‘password’ as their password. The customers who deploy sloppy code that’s riddled with holes. The customers who, frankly, are just human… and who don’t live and breathe security in the same way that at least someone inside the data centre probably does. http://cloudofdata.com/2009/08/security-and-the-cloud-will-focus-shift-to-the-customer/ So who is to blame if a customer deploys an insecure application... (more)

Dead or Alive? There's an API For That

This week's Time Magazine has a piece by Gaelle Faure entitled "How to Manage Your Online Life When You're Dead" which describes what happens to online profiles, Webmail, and social networking data when someone dies. Consider "Deathswitch": Deathswitch, which is based in Houston, has a different system for releasing the funeral instructions, love notes and "unspeakable secrets" it suggests you store with your passwords and account info. The company will regularly send you e‑mail prompts to verify that you're still alive, at a frequency of your choosing. (Once a day? Once a year?... (more)

How To Remove WS-Security Tokens From a SOAP Message

After you've validated a UsernameToken, or checked an XML Signature, it is often good practice to then strip out the WS-Security blocks containing items like tokens and signatures, before sending them downstream to a Web Service. In some cases, you are stripping these out because you don't want the password to remain in the message. In other cases, you may know that the downstream Web Service will choke on the WS-Security block. It also makes the message smaller. The Vordel XML Gateway ships with a built-in stylesheet for stripping WS-Security blocks from SOAP messages. You can s... (more)

The Multi-Domain Registry/Repository

Frank Kenney from Gartner coined the term "Multi-Domain Registry/Repository", or MDRR, in a tweet recently. What is an MDRR and why is it important? To understand, think of a registry/repository traditionally seen as part of a SOA architecture. It is supposed to include addresses of the services available in the SOA, plus metadata about the services, such as their policies. Now think about how organizations are starting to rely on Cloud-based services, such as Amazon S3 (storage) and Force.com (sales force automation). These services are not on-premises SOA service, so they are not... (more)

Connecting to the Cloud in Japanese - クラウドに接続する

The Connecting to the Cloud series of articles, which I wrote for IBM DeveloperWorks, is now available in Japanese. The series introduces cloud platforms such as Force.com and Amazon SQS, including code samples in Java, and governance and policy, again including code samples (an Amazon policy expressed in JSON). The Gateway "onramp" model is described. Here are the links to the Japanese versions of Parts 1,2, and 3 of the series: クラウドに接続する: 第 1 回 アプリケーションにクラウドを活用する クラウドに接続する: 第 2 回 ハイブリッド・クラウド・モデルを実現する クラウドに接続する: 第 3 回 クラウドのガバナンスとセキュリティー ... (more)