Making the Cloud, Microservices, and Enterprise IT work!

Web service security is a tricky business.  EVERY service exposed by any service provider, be it .Net, Java, the Mainframe, or any other provider needs to be secured.  Certainly if it’s exposing sensitive data (say customer data), allowing activation of a business process, and most especially if it’s involving a financial transaction. But how do you do it?  While every vendor and (almost) every technology announces compatibility with every web service security buzzword (WS-Security, SAML, X.509, etc.), they don’t describe how to actually make use of all this security data attached to the web service request. I’ve had recent discussions with IBM, Oracle, and Software AG (as leading SOA middleware tool providers) on this exact topic and the results are disappointing. The architecture model for this says that to provide SOA security I should use the tools as a SOA security layer, allowing my services to go about their business and the security tools to grab and pr...

Is BPM (Business Process Modeling and Execution) the SOA killer application? I had a very interesting interaction with a global VP of BPM of BPM for a major vendor.  The encounter went like this… VP on behalf of vendor demonstrates BPM tools to potential client.  Everyone oohs and ahhs at the impressive presentation, graphics, and overall possibilities of BPM.  The vendor product looks impressive, it works, and actually has reasonable (runtime) performance. Then I ask the VP “how many processes can this client create in a year?”.  After all, creating a BPM workflow / process is relatively quick and easy.  In theory a couple of days to create it, another week to test it and deploy it.  Maybe a mid-sized organization should be able to generate 26 processes per year per person assigned to BPM. The VP responded, “7”.  “Seven”, I remarked, “why so few?”  He explained first of all the BPM processes won’t have all their steps exposed (at all o...

I attended Software AG's Innovation World 2008 held in Israel this week. I haven't had a chance to take a look at Software AG's strategy since about 2 years ago, when I was working intensely with Webmethods which Software AG purchased. Attendee's are pretty firmly divided between Software AG's mainframe product lineup, namely Adabase and Natural, and Webmethods customers (or those looking forward towards SOA technologies). While Software AG has been extending their legacy product line to offer mainframe transactions as web services, they're clearing focused on Webmethods as an ESB and BPM provider as their future. While the conference lineup had a number of senior Software AG people, including some technical Ph.d's, the tone of the conference was decidedly marketing. Customer success "movies" were presented throughout. Presentatons were very high level overviews with much marketing fluff. The only presentation with any technical information was...