On 29/01/07, Anne Thomas Manes <[EMAIL PROTECTED]> wrote: > > > > > > > Let's say for example that the government just passed a mandate that > financial companies must now implement 2-factor authentication for certain > types of transactions. (and it did) There is now a business requirement to > support 2-factor authentication. Hence security is a business service.
I'd still say its a support service, for the reason that this is a non-functional requirement on the business requirement rather than being a direct business requirement. What I mean by that is that 2-factor authentication does not actually create any value for the business. The business service is something like "Bond Trading" and it has a set of NFRs which are delivered by support services and 2-factor authentication is an example of that. Put it this way. If the rule for 2 factor authentication goes away then there is still Bond Trading, if Bond Trading goes away there is no 2 factor authentication. Hence the reason security is support not business. Depending on the business you can say the same for HR, Procurement, IT and lots of other backend pieces. > > Anne > > > > On 1/29/07, Steve Jones <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > But is it a business service or a support service? I don't think anyone > > would doubt that security is required, but I'd argue that the purpose is > > never security that is just a pre-req for going live. > > > > So I'd agree that its a service, just not that its a business service. > > Security isn't so much the basis for trust as the representation of trust > > once agreed, i.e. I've decided that I require a secure connection to put > > in credit card details, therefore you must support HTTPS if you want me to > > give you those details over the web. Its important in SOA to realise those > > services which are support and those which are actually business important > > in themselves. There is a huge history in IT of rating the support (IT) > > service above the business ones so for instance "security" becomes more > > important than actually getting the job done. > > > > Steve > > > > > > > > > > On 25/01/07, Michael Poulin < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > Well, to my experience, security is doing A LOT for the business > > > (http://java. sys-con.com/read/131811.htm, http://java. > > > sys-con.com/read/163285.htm). Besides it is a foundation for the > > > business trust, I had several cases where business simply could not > > > operate w/o security. Here is an example: financial report distributed > > > among investment experts contains some information which is assumed to > > > be seen by the bankers of certain level of responsibilities and in > > > certain locations only. Are you going to create multiple reports or > > > filter data based on user access rights / entitlement? Though security > > > topic does not belong to the forum, I believe it is a legitimate SOA > > > service and I still staying on the position about SOA services I > > > described earlier. > > > > > > - Michael > > > > > > > > > > > > > > > Jim Thomas <[EMAIL PROTECTED]> wrote: > > > > > > > > > I still disagree although I admit it's a bit of a nit. The security > > > service has nothing to do with business at all. The dependency flows > > > in the other direction. Supposing the security service is used in a > > > purely scientific system then "business" seems a misnomer. > > > > > > --- In [email protected], Michael > > > Poulin <[EMAIL PROTECTED]> wrote: > > > > > > > > I think that creation of 'generic' (infrastructure - in my > > > understanding) services does not contradict 'business-centric' > > > definition because, e.g., security service is not about generic or > > > abstract safety but about protecting business interests (scientific > > > results, in particular) and building business trust; transport > > > services serve the same purpose - allowing business to operate. Not > > > all services have to implement business services directly but > > > those, that do not implement them, exist because of the needs of the > > > business services, not because they are coooool. All this is about > > > money paid by a business for its benefits. Please, tell me if I am > > > wrong. > > > > > > > > - Michael > > > > > > > > Jim Thomas <[EMAIL PROTECTED]> > > > wrote: I would > > > rather see: > > > > > > > > "SOA is a software design paradigm..." > > > > > > > > rather than: > > > > > > > > "SOA is a business centric software design paradigm" > > > > > > > > for two reasons. Firstly there are many wishing to use SOA in > > > other > > > > environments such as scientific and although they will put up with > > > > these categorizations they see them as inaccurate. > > > > > > > > Secondly, the are also many developing generic services ( e.g. > > > > security, transport, transaction, etc.) that they really see as > > > being > > > > used by the business services but not business services. > > > > > > > > Also, by removing "business centric" from that statement I don't > > > see > > > > any cases being eliminated either. > > > > > > > > --- In [email protected], "Selwyn > > > > Akintola" <selwyn@> wrote: > > > > > > > > > > Back in November as part of my MSc. research I posed the > > > > > question "What is SOA?". The objective was to derive a > > > definition of > > > > > SOA that I could use to inform the rest of my studied. Since > > > then I > > > > > have received approximately 50 definitions of SOA from various > > > > > sources including from members of this group. First off let me > > > thank > > > > > you all for the valuable and insightful input. When I asked the > > > > > question I also committed to being my definition of SOA back to > > > this > > > > > group. Her it goes – SOA in less than 100 words- > > > > > > > > > > "SOA is a business centric software design paradigm > > > characterised by > > > > > the utilisation of well defined standards and protocols to > > > create > > > > > services and compose applications from services. SOA mandates > > > that > > > > > services are loosely coupled and communicate through the > > > exchange of > > > > > messages thereby allowing resource sharing and reuse. > > > > > Interoperability and platform independence allow the > > > composition of > > > > > applications from services created using heterogeneous > > > resources and > > > > > hosted on heterogeneous technology platforms. SOA is a long > > > term > > > > > organization wide cross functional collaborative activity whose > > > ROI > > > > > will be achieved by service reuse and efficiencies gained by > > > better > > > > > alignment IT with business." > > > > > > > > > > Please fill free to comment and critically review. > > > > > > > > > > I am now looking at SOA adoption rates, SOA benefits > > > realization > > > > > experiences and the relationship between the semantic web (web > > > 2 or 3 > > > > > or whatever it is now) and SOA. > > > > > > > > > > Once again thank you for the input. > > > > > > > > > > Selwyn Akintola > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------- > > > > Need a quick answer? Get one in minutes from people who know. Ask > > > your question on Yahoo! Answers. > > > > > > > > > > > > > > > > > > > ________________________________ Everyone is raving about the all-new Yahoo! Mail beta. > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/service-orientated-architecture/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
