yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
The Neglected Flipside of SOA Security
Could security services be delivered through the SOA infrastructure, and provide an enterprise-level solution?

Joe McKendrick kicks off a thread on the current state of SOA Security. As usual, most discussion of SOA Security applies to "how SOA can be made secure". This is understandable. And, as some commentators have pointed out, there is a body of Best Practice out there on how to secure services in an SOA. For example, Randy Heffner provides lots of good advice on how to secure the services in an SOA)

But, there has been relatively little debate on the flipside of SOA Security - how SOA can apply to security.

Because, really, "SOA Security" is two separate things, solving two separate problems. The first, most obvious thing, is that it applies security to SOA. The problem it is solving here is "SOA is insecure". Randy Heffner's advice is good here: there are products and procedures for applying security to SOA. But, "SOA Security" also has the meaning of "applying SOA principles to security". i.e. "SOA-flavored security", if you like. The problem which is being solved there is the difficulty of deploying security. Joe McKendrick hints at this in his comment here

: "Could security services be delivered through the SOA infrastructure, and provide an enterprise-level solution, versus application or system-level approaches?"

"SOA-flavored Security" means making security more manageable and easy to deploy by isolating re-usable components of security and providing them as managed services. For example, the OASIS DSS standard explains how digital signature services can be used in order to provide signing and signature validation services over the network, accessed using a Web Services interface. This solves a knotty problem, and provides a good framework for key management. Similarly, specifications such as XKMS, XACML, and WS-Trust are really all about applying SOA to security, to solve interoperability problems, not about "making SOA secure".

I think that too many SOA Security articles focus only on the first meaning of SOA Security (making SOA more secure) than on the second (applying SOA principles to security to make it more easy to deploy and manage).

Read the original blog entry...

About Mark O'Neill
Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

Latest Cloud Developer Stories
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture....
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers