. I was really impressed by the bright ideas
in the book "(soa for dummies);
is there any openware project that embodies
or further documents those ideas? .
3.22 .. 3.23:
bk.addx/soa/Its Role in Your Connected Systems Strategy 2004:
. this 2004 article assumes soa starts with
a common language that we agree on in advance .
. we've seen businesses on the internet
agree on xml,
but that language should be used
only for the handshake,
which asks:
"(what binary language do you speak;
something more efficient than wordy xml? ) .
. reviewing what I learned in "(soa for dummies),
you design an soa sytem by arbitrarily choosing
a common binary language for your messaging system .
. then you provide a converter for each of your programs
that will translate between their command language
and your system messages language .
. a fundamental requirement of soa
is token-based (smart-carded) logged messaging,
where every interaction leaves a paper trail
so that while maleware can happen
it is always discovered, and the source known .
3.24: bk.addx/soa/token-based security
. make web services secure:
"(. use token-based security:. wiki`Security_token .
an STS [Security Token Service] that emits
SAML tokens that can be cached on the client
(like kerberos token but with open standards).
Your webservices can be secured with
the wsFederationBinding
and you can do access checks based on
saml assertions that contain claims.
. here's a post that shows a web client
but it applies to smart clients as well .)
Web Services Trust Language:
"(Web Services Trust Language (or WS-Trust)
defines extensions that build on Web Services Security
to provide a framework for
requesting and issuing security tokens,
and to broker trust relationships.
WS-Trust describes:
1. Methods for issuing, renewing, and validating security tokens.
2. Ways to establish, access the presence of, and broker
trust relationships.
CICS supports the February 2005 version of the specification )
WS-Trust specification:
CICS can interoperate with. the meat: an open soa security std .
a Security Token Service (STS),
to provide more advanced authentication:
An STS is a Web service that acts as a
trusted third party
to broker trust relationships between
a Web service requester and provider.
In a similar manner to a
certificate authority in an SSL handshake,
the STS guarantees that the requester and provider
can "trust" the credentials
that are provided in the message.
This trust is represented through the
exchange of security tokens.
CICS acts as a Trust client
and can send two types of requests to an STS.
* validate the security token
in the WS-Security message header;
* exchange the security token for a different type,
enabling CICS to send and receive
from a wide variety of trust domains,
such as SAML assertions and Kerberos tokens.
. use SSL to secure the connection
between CICS and the STS.
3.24: addx/soa/efficiency and accountability:
. security is slow because it involves
carding for permissions and logging uses;
therefore, the os applies security only to
accesses of obj's it deems are
critically in need of protection .
. the dev' too, can be asking for protection
of particular obj's, types, or type classes .
[3.26:
. the os`security is protecting the user,
while the dev`security is asking the os
for help with organizing large projects;
security helps find where the bugs originate .]
. logging interactions and param's
can determine a crash's cause
amidst multiple authors or products .
. copying is minimized to make logging cheap:
msg's from task queues are
requeued on the log's queue,
so then only a ptr is copied per instruction .
logging timestamps:
. in a strictly modular system,
a concurrent system may not need
to log a msg's {creation, executed} timestamps
in order to assign blame during a system problem;
[3.26: but,
it might be helpful, so it should be optional .]
3.25: sci.addx/soa/saas (sw as a service):
. may be keyword for soa token:
security done at the local level
rather than the web (where each process
also has its own processor) .
3.26: lib.addx/soa:
docs.oasis-open.org/ws-sx/
www.oasis-open.org/committees/tc_cat.php?cat=soa
www.oasis-open.org/committees/tc_cat.php?cat=security
. SCA Client and Implementation Model for C language.
. Service Component Architecture (SCA)
defines a biz model using a soa,
based on the concept of Service Components .
3.27: addx/gemini kernels:
look at this viral load:
> I just received a notification
> that I have used over 10GB of data this billing cycle,
> which is unusual (as I haven't been doing anything ...)
--. there should be
even in a monolithic system like linux
a gemini system, where a supervisor system would be
untouchable even by root
and this sup' would give you an honest reading
of things like the traffic you're generating .
No comments:
Post a Comment