Thursday, November 5, 2009
ECAUG 1.0: Architecture User Group
Wednesday this week I hosted a user group in Waltham, MA focusing on Cloud Computing experiences. I was fortunate to have Steve Robbins of Modus21 and Matson Wade representing HKM at the event. In their discussions, they broke down their experiences with Amazon Web Services specifically EC2, S3, SQS and a few other features. If you are interested in participating in the future, let us know. We can extend an invite to the Ning forum that we have setup and you can check out the presentations. A couple of criteria at the moment are you are based in the US and you are willing to proactively participate. No vendors are allowed which in turn provides a more frank and interesting discussion.
Thursday, October 29, 2009
SMB not fit for SOA?
During a training class I was leading today, a very interesting question came up which is "All this SOA stuff we have been talking about today is great for a large company but seems to be overkill for the SMB (Small / Medium Business). Since SMB makes up a much larger percentage of the business world then traditional business, why should we care?".
Well one way to look at the problem is that services are permeating the cloud computing space, in fact last week's SOA Symposium co-hosted a Cloud Computer Conference. Cloud computing is becoming a game-changer for SMB in providing a variety of tooling from productivity (documents, email, etc.) to CRM (i.e. Saleforce.com) to HR (i.e. Workday) to Infrastructure (i.e. Amazon/Azure). The one common aspect in these is the ability to interact using service APIs and thus the need for SMB to be adept at service consumption and composition.
Well one way to look at the problem is that services are permeating the cloud computing space, in fact last week's SOA Symposium co-hosted a Cloud Computer Conference. Cloud computing is becoming a game-changer for SMB in providing a variety of tooling from productivity (documents, email, etc.) to CRM (i.e. Saleforce.com) to HR (i.e. Workday) to Infrastructure (i.e. Amazon/Azure). The one common aspect in these is the ability to interact using service APIs and thus the need for SMB to be adept at service consumption and composition.
Wednesday, October 14, 2009
Versioning Podcasts
As part of my work with SOA Systems / SOABooks.com, I was asked to support Podcasts on versioning based on my participating with David Orchard (formerly BEA). Check the two podcasts out and fire over some questions if you have any.
Flexible Contracts?
After having delivered SOA Training to various clients this summer and fall many have asked how to deal with change. The contract is the center piece of services and with an effective versioning strategy it can be difficult to alter due to coupling that occurs with service consumers. David Orchard, James Pasley and others have been documenting versioning strategies. From my work with David on the SOA Patterns book(Erl 2008) and my consulting with organizations employing Agile Methodology, contract refactoring/change is a mandatory requirement.
Identifying a versioning strategy such as Strict, Flexible or Loose along with Versioning Identification and Compatibility design patterns provides a foundation for indicating change and providing consistency in managing the consumer impact.
For further details check out a presentation related to mixing Agile along with SOA Design Patterns and Meet in the Middle Strategy.
Identifying a versioning strategy such as Strict, Flexible or Loose along with Versioning Identification and Compatibility design patterns provides a foundation for indicating change and providing consistency in managing the consumer impact.
For further details check out a presentation related to mixing Agile along with SOA Design Patterns and Meet in the Middle Strategy.
SOA Symposium 2.0: Rotterdam, Netherlands
It is amazing another year has passed and SOA Symposium 2.0 is around the corner. As part of the presentation work, two areas that I have focused on in blog postings and customer work is in Agile Methodology and Service Hacking. Check out the presentations and feel free to post any questions.
East Coast Architecture Group: Cloud Computing Seminar
The past couple years has seen an increase in the discussion and interest in Cloud Computing. In my own experience it started with Salesforce.com in 2003/4 and then Workday which acquired Cape Clear in 2008. More recently I have been tracking the use of Amazon EC2/S3 etc. and the impacts that IaaS is doing to the IT community. To help customers and architects that I have interacted with in the past 10 years, my company is hosting / starting an Architecture User Group. The first topic to be discussed is Cloud Computing and people that have experiences with this medium. The following URL provides specifics on the topic and dates:
East Coast User Group: November 4th, 2009, Waltham, MA
East Coast User Group: November 4th, 2009, Waltham, MA
Saturday, July 11, 2009
Justification for constraining your XML Types
As part of work for a client and some training I need to perform in the future, I have been spending time on hacking of web services. A simple mechanism that is often unchecked is the use of types that have no restrictions within XML Schema and WSDL. An example is simple schema below where the Social Security Number is not restricted in length and type:
<xsd:element name="SSN" type="xsd:string"/>
If this element is used as a part of a SQL Query in a Web Services, there is the potential for SQL Injection attacks. SQL Injection is where hackers look for elements that are not constrained and thus can take advantage of the un-restricted size to insert additional sql. A simple mechanism to reduce this is to restrict the element via simpleType.
<xsd:element name="SSN" type="SSNType"/>
<simpleType name="SSNType">
<restriction base="string">
<minLength value="9"/>>
<maxLength value="11"/>
</restriction>
</simpleType>
This then reduces the overall buffer available for the hacker between 9 and 11 characters.
<xsd:element name="SSN" type="xsd:string"/>
If this element is used as a part of a SQL Query in a Web Services, there is the potential for SQL Injection attacks. SQL Injection is where hackers look for elements that are not constrained and thus can take advantage of the un-restricted size to insert additional sql. A simple mechanism to reduce this is to restrict the element via simpleType.
<xsd:element name="SSN" type="SSNType"/>
<simpleType name="SSNType">
<restriction base="string">
<minLength value="9"/>>
<maxLength value="11"/>
</restriction>
</simpleType>
This then reduces the overall buffer available for the hacker between 9 and 11 characters.
Subscribe to:
Posts (Atom)
