MIT Techology Review covers "Swamp Computing" a.k.a. Cloud Computing

XML/SOA Testing of XML Security Policies (XML Encryption, XML Signatures) will become the centerpiece of Cloud-based deployments that are multi-tenant in nature and can inadvertently expose corporate information.

MIT Technology Review published an interesting article sumarized under MIT Technolgy Review covers "Swamp Computing"

Reducing the Complexity of Application Security

Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an infrastruture that enables rapid addition of both suppliers, buyers and partners for information exchange will perish and get demolished by a nimble and flexible competitor whose infrastructure has integration capabilities for rapid information exchange.

Mike Vizard from CTOEdge talks about the business drivers that compel companies to integrate yet face security challenges that hamper integration efforts: Reducing the Complexity of Application Security

Here's a snippet from Mike's article:

"As business-to-business interactions over the Web become more pervasive, so too does the complexity associated with securing those transactions.

Unfortunately, all that complexity serves only to dissuade businesses from integrating business processes across the Web at a time when we want to encourage that behavior. So the challenge facing chief technologists is to find a way to make it simpler to integrate business processes without having to introduce complex layers of security."

Key components that help reduce (and improve) application security include:

1. Strong SOA Governance Enforecement, Monitoring and Security through XML Gateway such as Forum Sentry.
2. Portal and Web services Authentication and Authorization decisions through Secure Token Services such as Forum Sentry STS - Identity Broker.
3. Application Security Testing and Simulation through products such as SOAPSonar and SOAPSimulator for Identity, Privacy, Integrity and Penetration Testing.

Software Magazine: Crosscheck Networks SOAPSimulator adds JMS support

Service Simulation is and essential component for end-to-end SOA Testing.  Software Magazine recently published an article on SOAPSimulator, the only stand-alone service simulation product in the market for simulating Web services, XML, REST and SOAP.

A new version of SOAPSimulator from Crosscheck Networks, the company focused on products supporting reliable Web services, adds the ability to test large attachments via IBM MQ, Tibco EMS, WebLogic JMS and native Java Messaging Services adapters...read more>

SOAPSonar - QTP Job Posting

The maturity of a market and a product can be judged by the related job postings. Much has been written and talked about SOA Testing, however, this data point -- A job posting looking for a Testing and Automation Professional -- validates three key trends:

1. The number of QA Professionals focusing on SOA Testing within an enterprise has hit a point where having SOA Test Tools, such as SOAPSonar from Crosscheck Networks, alone is not sufficient. A centralized defect tracking and test cases management infrastructure such as HP Quality Center is necessary for efficient collaboration. Incidentally, SOAPSonar is HP EMAP certified with deep integration with QC v10. For details on their integration see SOAPSonar EMAP Certification.
2. SOA Testing Skill sets are far along the comoditization trajectory with job positions not just in the US but offshore as well. This particular job posting is in Banglore, India.
3. SOA Testing requires complex skill sets including XML, SOAP, REST, WSDL, Database, Java, Message Queues, Automation Scripting, as well as fundamental Testing Techniques such as Black Box, White Box and Grey Box testing. The skill requirements will trend towards greater complexity as more IT assets are exposed using Web services and integrated with the SOA fabric.

SOA Testing Professionals will evolve as into high skilled individuals with diverse skills that touch almost all IT assets from networking to applications within and across enterprise boundaries. UI, Database and Application Testers will have to expand beyond their domains to keep up with the demands of SOA Testing.

Gartner AADI SOA Testing Sessions

It was exciting to see the extent of interest and coverage on SOA Testing at the Gartner Application Architecture, Development and Integration (AADI) event in Las Vegas last week (December 7-9th). SOA Testing has become an integral part of Enterprise Application Life cycle Management and Thomas Murphy, Research Director at Gartner did a great job in covering the core aspects of SOA Testing at the show is the following session:

SOA Testing: Confronting the Nightmare of Testing Shared Services: The Key Issues that were covered included:

• How will application testing and quality be affected by the shift to SOA and Web 2.0 technologies?
• What metrics will be effective at driving improvement and assessing the efforts of those collaboratively performing the development and testing of software services?
• Which tools will provide the best productivity and understanding of software quality and testing for the current and future SOA applications and platforms?

For more details about the SOA Testing Sessions at Gartner, click here.

SOA Appliance for Cloud Computing

Building a robust SOA is a pre-requisite to cloud computing. Without solid provisions for SOA Testing, SOA Governance, and Federated SOA, large enterprises will unlikely embark on cloud computing initiatives that truly span Infrastructure as a Service (IaaS), Platform as a Services (PaaS), or Software as Service (SaaS).

The article below shows one of the core building blocks required for an enterprise SOA deployments - Identity Management and Enforcement. Forum Systems has recently announced Forum STS - a SOA Appliance that enables Cloud computing by managing identities within and across SOA domains. For more details, see article published by Liz McMillan:

SOA Appliance for Cloud Computing
— Web services-based Service Oriented Architectures (SOA) enable communication via ubiquitous standards such as XML and SOAP. To foster efficient, effective message exchange and satisfy increasing user demands for real-time, aggregated information from internal and external business partners, trust must be established among all entities. Comprehensive mediation, authentication, and authorization of identity exchange among customer and partner portals, Web applications, and XML-based Web services provide the business with a simplified, coherent model for identity management and build the pillars of Federated SOA.