Thursday, April 12, 2007

Building SOA using Microsoft SQL Server 2005

Microsoft SQL Server 2005 provides one of the leading edge web services-aware Database. It is easy to install and configure and can rapidly expose a stored procedure as a web services WSDL operation. With an integrated HTTP stack, MS SQL Server 2005 does not require a separate web server like IIS.

For an overview of SQL Server SOA capabilities, see Jerry Dixon's article:

SQL Server and SODA
— Over the past year, I've been discussing some of the various technologies found inside SQL Server 2005. Three of these technologies are CLR integration, HTTP endpoints, and Service Broker. (Articles on these topics were published, respectively, in the November 2005, March 2006, and November 2006 editions of the DNDJ.) Each of these is a powerful tool in its own right, and can be used to great effect in almost any SQL installation. When used together, however, they become much more powerful.

For tutorial on setting up endpoints and exposing a stored procedure as web services operations, see Peter DeBetta's article:

New HTTP Endpoints Create SQL Server 2005 Web Services.

SOA Testing Microsoft SQL Server is simple. The WSDL generated is WS-I BP compliant and can easily be loaded into testing tools such as Crosscheck Networks SOAPSonar for Functional, Performance, Interoperability and Vulnerability Testing of the exposed endpoints.

Friday, April 06, 2007

How SOA Increases your Security Risk

Bret Latamore published an interesting piece in ComputerWorld on how SOA increases your security risk. The article emphasized what I can compress as follows: Flexibility is the enemy of Security.

Anytime one works towards an open, standards-based architecture to integrate internal and external systems, people and processes, the vulnerability target for attack vectors increases quadratically with the number of nodes that are "open."

The article highlights one of the most important aspects of SOA deployment: Identity Management. With chained web services where a web services may call a number of downstream web services, identity must be carried as a part of the content within the SOAP/XML message as a SAML assertions. Within such environments, each SAML assertions validity at every node has to be established. SOA Testing such environments with Identity requirements across chained web services is complex and requires specialized SOA Testing products.

Another important point highlighted in this piece is that legitimate XML traffic within SOA deployments may inadvertently carry malware that originated upstream, but because of the chained and interdependent nature of web services, this malware now gets to a place where it never got to before in siloed environments. Such malware propagation within SOA can be prevented by infrastructure from Crossbeam and Forum Systems.

For complete article, see "How SOA Increases your Security Risk"

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015145

Sunday, April 01, 2007

STAREAST 2007: SOA Testing Tutorial

STAREAST 2007, the premier software testing conference is taking place in Orland, FL on May 14-18. For the first time, a new day long SOA Testing tutorial is being offered to attendees.

SOA
Testing is becoming important to QA Professional and ramping up on web services concepts such as WSDL, SOAP, XML processing is essential in deploying reliable, scalable and interoperable web services within a SOA.

We are thrilled to see the leadership exhibited by the STAREAST 2007 organizers, especially Lee Copeland in recognizing the importance of SOA Testing.

Anyone interesting in learning about SOA Testing concepts is encouraged to register and attend.