Todd Biske wrote:
> > On point#1 COuld you eloborate a little bit more? I did not get the
> > issue you were trying to highlight.
>
> As most of us have probably experienced, security is often an
> afterthought. If you've got services popping up from tactical
> projects where the developers never thought about anyone else using
> those services, they may not be passing over identity credentials on
> the service request (e.g. WS-Security with Basic Username).
>
> Even if you are using WS-Security with X.509, you may still have a
> problem. This information may tell you what user initiated the
> request, but it doesn't tell you what application. If my input
> messages didn't change between V1 and V2, I now don't have enough
> information on the message to properly route. If that application
> has made changes that require V2, and I send it a V1 response,
> there's a problem.
There are interesting issues with versioning from many perspectives. In
Jini/RMI, one of the primary solutions to versioning is handled by Java via the
Serialization process. But from an interface perspective, you more typically
choose to use a smart proxy to do data transformations or otherwise manage the
interaction of multiple implementations through a single API. This allows the
whole version management to be completely invisible to the applications, by and
large so that non-public details are kept private.
Gregg Wonderly
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/service-orientated-architecture/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
