« Another One Bites the Dust: Oracle Snaps Up Agile Software for $495 Million | Main | Service-Averse Architecture: The 'Big Kahuna of IT Problems' »

At a technology track panel on SOA security at InfoWorld's fantastic yearly SOA C-level extravaganza, otherwise known as the SOA Executive Forum, they're talking about what needs to happen to secure service oriented architectures.

On the panel is Mark O'Neill, CTO of Vordel, the author of the book Web Services Security and a contributing author to Hardening Network Security, both published by Osborne/McGraw-Hill. He talked about the benefits of web single sign-on, digital asset management, and recommenda that people access their web services along with other identity management tools, such as PKI digital asset management solutions.

Mark warned that with Web 2.0, services can be built from the bottom-up, using mashups, and that carries a significant risk, he said. "When we've looked at what other organizations are doing, a lot of times, if you have a particular widget in mashups that is going to be running with other untrusted widgets, there can be issues... It really is the Wild West from the security point of view. It's easy to write a widget that could spy, etc.. There is a lot of risk from a security point of view, and rather than people tying together their own mashups, they should look to vendors who have worked on this [in the sandbox, on 'sandbox issues'] already."

Jim Culbert is CTO at Weather Services International, a provider of meteorological data, services and systems. Jim oversees the company's technology, integration and service delivery strategies. Mr. Culbert spent the early part of his career in distributed systems sponsored research and development at MIT where he continues to lecture on system development topics. Jim has been a regular speaker on SOA and Web Services over the past seven years and has authored and contributed to numerous articles on these topics.

Jim explained that his company's recent SOA security challenge involved trying to tie in many small customers together, with secure certificates (identity management certificates) to plug into an organization SOA. With a lot of different mom-and-pop shops logging in to utilize the SOA, it was hard on one end to assist the individual customer to feel comfortable with the mechanism, and also difficult to tie everything back into sales and distribution. Challenges included tracking creditials and developing centralized (or decentralized) provisioning systems to tie the customers back in.

Breaking SOA bottlenecks, one company at a time. Slow, laborious process, it seems.

Posted by elizabeth in SOA and Web Services |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1876