Friday, November 13, 2009

SOA Testing in a Federated SOA environment

According to Massimo Pezzini, VP and Gartner Fellow, "Federated SOA is a systematic approach to large-scale, enterprise wide SOA that enables organizations to integrate semi-independent SOA initiatives. Often used to fix an initial lack of coordination, federated SOA should be proactively pursued from the inception of major, strategic SOA initiatives." -- Divide and Conquer: Taming Complexity Through Federated SOA.

The technology implication of Federated SOA has pushed towards a convergence of XML/Web services with HTML/Portal technologies. This has a significant impact on industry expectations on SOA Testing Tools, B2B Gateways, Application Servers and XML Gateways. For example, the latest announcement by Forum Systems, the leader in XML Gateway technology, indicates a move towards Federated SOA. See:


Continuing to set the benchmark for securing Web services, key new capabilities available via Forum Sentry include:
  • HTML Portal Virtualization – Deployed in a “proxy” setting, Forum Sentry removes the identity and security burden from Web sites and portals. Leveraging Single Sign On (SSO) functionality across existing infrastructures, Forum Sentry’s non-intrusive, agent-less design accelerates security and identity on a dedicated device – without requiring code changes to back-end Web applications and services, or additional capital expenditure costs.
  • Central Cookie and SAML Processing – Forum Sentry authenticates and authorizes both portal- and Web services-related identity tokens – the cornerstones of Federated SOA. Credentials are shared – regardless of where the services reside – throughout the entire transaction, producing an enhanced, seamless user experience without compromising security.
  • Federated Two-Factor Authentication – Promoting greater security, Forum Sentry requires two pieces of information for identity verification of internal and external partners. It removes the complexities so often associated with token sharing across portals and Web services, while still enforcing the highest levels of authentication and authorization.
  • Protocol/Document Attribute Mapping – Promoting greater ease of use, HTTP/HTML header information can be mapped into messages and documents. User information from HTTP can be transferred into a SOAP or XML message for usage elsewhere in the network – independent of protocol – enabling SOA Federation across both XML and HTML traffic.
The impact of transactional components such as Forum Sentry towards Federated SOA means that testing, monitoring and diagnostic tools now need to converge towards handling not just XML/WS traffic, but also provide the ability to test the HTTP stack as well. This is a natural fit for XML/SOA Testing vendors such as Crosscheck Networks since their core focus has been deeper in the packets in parsing and manipulating complex XML data. Floating up from the deep packet manipulation to the shallow HTTP header testing and manipulation is a simpler task that SOA testing products such as SOAPSonar are very capable of handling.

Monday, November 02, 2009

Federated SOA essential aspects: SOA Testing, SOA Identity and SOA Security

Here is an interesting article by Rob Barry titled: "In SOA, cloud resources may exacerbate security and file transfers issues." It highlights significant requirements for Federated SOA especially around large file transfer using Web services attachments. The article makes the following interesting points:


  • Attachment sizes are increasing driven by cloud computing such as transferring large files to Amazon S3 or a companies internal cloud.
  • MTOM and MIME are used now for real time file transfer over web services instead of FTP or classic MFT protocols.
  • Identity is critical to Federated SOA.
Standards such as MIME and MTOM are now being heavily deployed. For a deeper understanding regarding how MTOM works, see "Intro to MTOM."