About RDS

Books and Papers

IT Conversations






Would you like to receive a weekly digest of this weblog via email? Sign up to receive my free IT Strategy Letter.


Web Services Strategies

Beyond the technology, IT strategies for implementation of Web services by Doug Kaye.

A Continuum of Services. I've been thinking about this scale of service architectures:

  • Wrappers
  • URI-based GET/POST interfaces (e.g., REST)
  • SOAs
  • Orchestration
What are the properties that place these concepts on a continuum? For one, this is the sequence in which most IT shops are implementing web services. It also tracks the scales of tight-to-loose coupling and the availability of supporting technologies.
Posted Tuesday, September 30, 2003 11:35:42 PM   

Beyond Fear. Security guru Bruce Schneier turned me down for an interview for IT Conversations (he's aiming for the mass market, not IT professionals), but since I'd already read his new book, I thought I would at least post a review. Beyond Fear--Thinking Sensibly About Security in an Uncertain World has the potential to become an important book if it can get the attention it deserves. The title is accurate: The book is about fear and (un)certaintly.

Bruce has done a great deal of thinking about what security really means in virtually every aspect of our lives--not just in the IT world from which he comes, but in airports, digital identity, our homes, banks, cars, and for our states and nations.

What impressed me most was the range, depth, and sheer quantity of examples Bruce has found to support his ideas. I don't know if these are little factoids and anectdotes he's collected over the course of his distinguished career, or whether they're nuggets he uncovered just for the book, but I would guess the former. The book's real value is in the richness of these examples. Here are a few word bytes I highlighted in preparation for the prospective interview:

  • Objectives. "If the goal of security is to protect against yesterday's attacks, we're really god at it."
  • Tradeoffs. One of Bruce's previously used examples is of the produce vendor who places fruits and vegetables on a stand in front of his store. The risk that some will be stolen is mitigated by the additional business it attracts.
  • Reality. "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
  • Agendas. "Did you ever wonder why tweezers were confiscated at security checkpoints, but matches and cigarette lighters--actual combustable materials--were not?...If the tweezers lobby had more power, I'm sure they would have been allowed on board as well."
  • Freedom. "The world's liberal democracies are the safest societies on the planet."
  • Insurance. "It allows the store to convert a variable-cost risk into a fixed-cost expense." (That was an Aha! for me. Bruce doesn't buy theft insurance, BTW.)
  • Civil liberties. "When the U.S. Government says that security against terrorism is worth curtailing individual civil liberties, it's because the cost of that decision is not borne by those making it."
  • Fear. "...people make bad security trade-offs when they're scared."
  • Transitive trust. "If you trust Alice, and Alice trusts Bob, that does not automatically mean that you trust Bob...When trust must be transitive, it creates brittleness." [Think about those SAML-based apps, eh?]
  • Complexity. Complex systems have even more security problems when they are nonsequential and tightly coupled.
  • Weakest links. "The sytem didn't fail in the way the designers expected."
If, like me, you nod in agreement as you read these, then buy and read Beyond Fear. You'll enjoy it.
Posted Tuesday, September 30, 2003 11:22:44 PM   

Web Services Reliable Messaging. Prasad Yendluri, principal architect at webMethods, has written this good look at the issues surrounding reliable-messaging protocols. He begins with the objectives and explains why, in a multi-hop architecture such as will be typical for web services, we need protocols that operate at a level above the hop-to-hop transports. He then describes the prior art of RosettaNet, BizTalk, and ebXML.

The meat of the paper is a good and detailed presentation of WS-Reliability, of which webMethods is a co-sponsor to OASIS. Finally, the author explains the differences between that protocol and WS-Reliable Messaging proposed by IBM, Microsoft, and BEA. He says it's "a hurried response to the WS-Reliability specification...[one for which] the authors of the specification reserve all intellectual property rights...[and that it contains] dependencies on other proprietary specifications such as WS-Policy...Despite any potential merits and new concepts introduced by WS-Reliable Messaging, the specification is plagued by intellectual-property issues associated with the specification."

The paper contains valuable explanations and examples, but consider the source with regard to the politics. [Source: webservices.org]
Posted Tuesday, September 30, 2003 9:04:39 AM   



Current Weblogs

Web Hosting Strategies
Web Services Strategies
Noise (personal)
Blogarithms (all)
(more info)




Click below for single-day archives of Web Services Strategies weblogs.

September 2003
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Aug   Oct

Click to see the XML version of this web page.


All content on this web site is governed by a Creative Commons License.
©2001-2003 Doug Kaye and RDS Strategies LLC (