Came across this lightweight, component based java web framework at jenkov.com. It is very tight, like 1MB, and insulated from dependencies in all but the data access module. I’m going to try to play with it some more but it certainly seems to be an elegant attempt. I can’t find much reference to others using it in the wild.
Sitting here at the first [Amazon](http://www.amazon.com) [AWS](http://aws.amazon.com/) conference, re:Invent, I listened to the keynote this a.m. from Andy Jassy, SVP for AWS. Besides an overenthusiastic JPL scientist making melodrama that would have made a soap opera director blush, he had a couple of interesting things to say about AWS. Continue reading AWS re:Invent keynote has S3 and Redshift surprises
I was reading the latest [IEEE]() Software and came across a piece by [Grady Booch](http://www.handbookofsoftwarearchitecture.com) that I wanted to capture here and reflect upon. The piece is mainly about his experience with systems that grow in complexity over time and the changes that need to be made in dealing with them as they mature through the normal application lifecycle. Continue reading Conditions for success by hard coding
Been following a very flouncy thread on *structure smells* in an EA, and the guy starting the thread couldn’t define sufficiently well the starting point for what he meant by *enterprise* and *application* architectures. Here is the [TOGAF](http://www.opengroup.org/togaf/) definition, which most sane people would accept, along with some examples of the other stuff that was coming out, for …. comparative value. Continue reading Enterprise Architecture definition
The architectural ideal is to have a single source of authority for identity and AuthN/Z claims, hopefully based on something nice and open like LDAP. Then we began to see lots of federated identity solutions entering with SAML type federations. This, and SaaS solutions in the cloud take us back to the days of multiple identity silos maintaining duplicate (at least partially) records of identity. SaaS providers even see this identity that they maintain as a business asset with which they can create stickiness with their platforms. Questions arise in terms of comparisons of internal provisioning with cloud use models, typical workflows and functions required for cloud provisioning, synch of id profiles and attrs, and what motivates SaaS providers in terms of identity stores. Continue reading ID provisioning with clouds
Some interesting webinars on modern security practices, including tokenization and federated SSO strong factor AuthN. Continue reading Strong Factor AuthN and Federated SSO
As you probably know, there is a new specification for the security audit. It
was [SAS 70](http://en.wikipedia.org/wiki/Statement_on_Auditing_Standards_No._70:_Service_Organizations), but is now [SSAE 16](http://www.aicpa.org/Research/Standards/AuditAttest/Pages/SSAE.aspx). This is an important consideration if you are consuming a service from someone else, or if you provide a service to someone. Somewhere in that mix, if you have auditors, you are going to run into the new SSAE 16. Continue reading SAS 70 -> SSAE 16 – What does it impact?
This year’s list of the [top 25 coding errors]() was released by the [Common Weakness Enumeration]() project. Development teams and management should be aware of these trends and use them as quality requirements lists in their own development processes. Continue reading Do you have any of the top 25 coding errors in your code?
Brian Hopkin’s posed an interesting (http://blogs.forrester.com/brian_hopkins/11-06-03-what_happens_when_central_it_no_longer_exists) on what would happen when there was no longer a central IT shop for an organization. It stirred up the responses, as one would expect. I, for one, fall into the camp that the cloud *will not* remove the need for IT within any organizaiton, especially larger ones. However, the cloud will contribute to the mindset that silos *can* effectively control their destinies and spin away from the central authority. Continue reading IT Empire Balkanizaiton
I was in a discussion the other day with someone questioning [REST](http://en.wikipedia.org/wiki/Representational_State_Transfer) over [SOAP](http://en.wikipedia.org/wiki/SOAP) and why on earth one would use REST rather than SOAP. Following are some thoughts on the matter. Continue reading SOAP vs REST