>* security mediation and enforcement of security policies >This is an interesting aspect. In smaller organizations I'd think that >services should generally set their own security policies. External >enforcement of security policies seems to me to be something that's only >appropriate when you get to large scale enterprises.
Disagree on this point. Don't think it is the size of the enterprise but whether whether one takes a Developer-centric or Operational-centric view of your SOA runtime infrastructure. Security policies SHOULD NOT be left in the hands of the end point developers (because at that point you don't have consistency in how it is implemented) and should definitely be something that should be left up to the Security folks in the Org. That requires externalizing this functionality. >I realize this approach doesn't fit well with the widespread idea >that SOA is all about governance. SOA is all about the culture and business and governance is a big factor in its success. Regards, - Anil :- :- Anil John :- http://www.aniltj.com/blog :- ------------------------ Yahoo! Groups Sponsor --------------------~--> See what's inside the new Yahoo! Groups email. http://us.click.yahoo.com/2pRQfA/bOaOAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
