It is not that simple topic. I have a few real-life examples where the
business required certain security services to execute its business services
and create business value. So, should we accept a definition of the business
service based on the business requirements? If security required, it is the
business service does not matter how this get into the requirement list (i.e.
initially came from the business or solicited from the business based on
whatever policy or actual threats).
BTW, an example of actual business security case in financial sphere is,
so-called, a Singapore Rule which regulates who may see financial details of
Singapore citizens and business, i.e. it is authorization and entitlement
services. Try to perform any business analysis for that region w/o
preservation for the Rule and you may end-up in a jail. That is no 'Bond
Trading' exists w/o security.
- Michael
Steve Jones <[EMAIL PROTECTED]> wrote: On 29/01/07, Anne Thomas Manes wrote:
>
>
>
>
>
>
> Let's say for example that the government just passed a mandate that
> financial companies must now implement 2-factor authentication for certain
> types of transactions. (and it did) There is now a business requirement to
> support 2-factor authentication. Hence security is a business service.
I'd still say its a support service, for the reason that this is a
non-functional requirement on the business requirement rather than
being a direct business requirement. What I mean by that is that
2-factor authentication does not actually create any value for the
business. The business service is something like "Bond Trading" and
it has a set of NFRs which are delivered by support services and
2-factor authentication is an example of that.
Put it this way. If the rule for 2 factor authentication goes away
then there is still Bond Trading, if Bond Trading goes away there is
no 2 factor authentication. Hence the reason security is support not
business. Depending on the business you can say the same for HR,
Procurement, IT and lots of other backend pieces.
>
> Anne
>
>
>
> On 1/29/07, Steve Jones wrote:
> >
> >
> >
> >
> >
> >
> > But is it a business service or a support service? I don't think anyone
> would doubt that security is required, but I'd argue that the purpose is
> never security that is just a pre-req for going live.
> >
> > So I'd agree that its a service, just not that its a business service.
> Security isn't so much the basis for trust as the representation of trust
> once agreed, i.e. I've decided that I require a secure connection to put in
> credit card details, therefore you must support HTTPS if you want me to give
> you those details over the web. Its important in SOA to realise those
> services which are support and those which are actually business important
> in themselves. There is a huge history in IT of rating the support (IT)
> service above the business ones so for instance "security" becomes more
> important than actually getting the job done.
> >
> > Steve
> >
> >
> >
> >
> > On 25/01/07, Michael Poulin < [EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > >
> > >
> > >
> > > Well, to my experience, security is doing A LOT for the business
> (http://java. sys-con.com/read/131811.htm, http://java.
> sys-con.com/read/163285.htm). Besides it is a foundation for the business
> trust, I had several cases where business simply could not operate w/o
> security. Here is an example: financial report distributed among investment
> experts contains some information which is assumed to be seen by the bankers
> of certain level of responsibilities and in certain locations only. Are you
> going to create multiple reports or filter data based on user access rights
> / entitlement? Though security topic does not belong to the forum, I believe
> it is a legitimate SOA service and I still staying on the position about SOA
> services I described earlier.
> > >
> > > - Michael
> > >
> > >
> > >
> > >
> > > Jim Thomas wrote:
> > >
> > >
> > > I still disagree although I admit it's a bit of a nit. The security
> > > service has nothing to do with business at all. The dependency flows
> > > in the other direction. Supposing the security service is used in a
> > > purely scientific system then "business" seems a misnomer.
> > >
> > > --- In [email protected], Michael
> > > Poulin wrote:
> > > >
> > > > I think that creation of 'generic' (infrastructure - in my
> > > understanding) services does not contradict 'business-centric'
> > > definition because, e.g., security service is not about generic or
> > > abstract safety but about protecting business interests (scientific
> > > results, in particular) and building business trust; transport
> > > services serve the same purpose - allowing business to operate. Not
> > > all services have to implement business services directly but
> > > those, that do not implement them, exist because of the needs of the
> > > business services, not because they are coooool. All this is about
> > > money paid by a business for its benefits. Please, tell me if I am
> > > wrong.
> > > >
> > > > - Michael
> > > >
> > > > Jim Thomas
> > > wrote: I would
> > > rather see:
> > > >
> > > > "SOA is a software design paradigm..."
> > > >
> > > > rather than:
> > > >
> > > > "SOA is a business centric software design paradigm"
> > > >
> > > > for two reasons. Firstly there are many wishing to use SOA in
> > > other
> > > > environments such as scientific and although they will put up with
> > > > these categorizations they see them as inaccurate.
> > > >
> > > > Secondly, the are also many developing generic services ( e.g.
> > > > security, transport, transaction, etc.) that they really see as
> > > being
> > > > used by the business services but not business services.
> > > >
> > > > Also, by removing "business centric" from that statement I don't
> > > see
> > > > any cases being eliminated either.
> > > >
> > > > --- In [email protected], "Selwyn
> > > > Akintola" wrote:
> > > > >
> > > > > Back in November as part of my MSc. research I posed the
> > > > > question "What is SOA?". The objective was to derive a
> > > definition of
> > > > > SOA that I could use to inform the rest of my studied. Since
> > > then I
> > > > > have received approximately 50 definitions of SOA from various
> > > > > sources including from members of this group. First off let me
> > > thank
> > > > > you all for the valuable and insightful input. When I asked the
> > > > > question I also committed to being my definition of SOA back to
> > > this
> > > > > group. Her it goes SOA in less than 100 words-
> > > > >
> > > > > "SOA is a business centric software design paradigm
> > > characterised by
> > > > > the utilisation of well defined standards and protocols to
> > > create
> > > > > services and compose applications from services. SOA mandates
> > > that
> > > > > services are loosely coupled and communicate through the
> > > exchange of
> > > > > messages thereby allowing resource sharing and reuse.
> > > > > Interoperability and platform independence allow the
> > > composition of
> > > > > applications from services created using heterogeneous
> > > resources and
> > > > > hosted on heterogeneous technology platforms. SOA is a long
> > > term
> > > > > organization wide cross functional collaborative activity whose
> > > ROI
> > > > > will be achieved by service reuse and efficiencies gained by
> > > better
> > > > > alignment IT with business."
> > > > >
> > > > > Please fill free to comment and critically review.
> > > > >
> > > > > I am now looking at SOA adoption rates, SOA benefits
> > > realization
> > > > > experiences and the relationship between the semantic web (web
> > > 2 or 3
> > > > > or whatever it is now) and SOA.
> > > > >
> > > > > Once again thank you for the input.
> > > > >
> > > > > Selwyn Akintola
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------
> > > > Need a quick answer? Get one in minutes from people who know. Ask
> > > your question on Yahoo! Answers.
> > > >
> > >
> > >
> > >
> > >
> > > ________________________________
Everyone is raving about the all-new Yahoo! Mail beta.
> > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
>
>
Yahoo! Groups Links
---------------------------------
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
