On 30/01/07, Michael Poulin <[EMAIL PROTECTED]> wrote: > > > > > > > > It is not that simple topic. I have a few real-life examples where the > business required certain security services to execute its business services > and create business value.
And I'm not saying that security is pointless, just that its value is delivered because it enables the business service. Unless of course the company actually is a security firm. > So, should we accept a definition of the business service based on the > business requirements? If security required, it is the business service does > not matter how this get into the requirement list (i.e. initially came from > the business or solicited from the business based on whatever policy or > actual threats). My rule on these is pretty simple. There are always lots of requirements out there, functional and non-functional, and the business service itself will have a direct requirement on the technical support services which means that it is a biz requirement. The key question though, for me, is where is the value and what is support. If you were allowed to take out the security (say it was an old style trust approach) the value would still exist, the reason for the security is for compliance (NFR) or trust enforcement (FR) > BTW, an example of actual business security case in financial sphere is, > so-called, a Singapore Rule which regulates who may see financial details of > Singapore citizens and business, i.e. it is authorization and entitlement > services. Try to perform any business analysis for that region w/o > preservation for the Rule and you may end-up in a jail. That is no 'Bond > Trading' exists w/o security. So to be very very clear (hopefully) about this. I am _not_ saying that security doesn't exist. But that security, as in the example you give, is something either mandated by consumers & the industry or by the company on the basis of trust. This does not make it a business service as _in itself_ it delivers no actual business value. I do think its important that people recognise this as then they can see where they should be focusing investment (the business service) and what should be commodity as possible (support). I can think of loads of cases where security is a 100% go-live or go to jail type of scenario. But in not one of those cases can I think of a reason for security to exist if there is no business service. > > - Michael > > > > Steve Jones <[EMAIL PROTECTED]> wrote: > On 29/01/07, Anne Thomas Manes wrote: > > > > > > > > > > > > > > Let's say for example that the government just passed a mandate that > > financial companies must now implement 2-factor authentication for certain > > types of transactions. (and it did) There is now a business requirement to > > support 2-factor authentication. Hence security is a business service. > > I'd still say its a support service, for the reason that this is a > non-functional requirement on the business requirement rather than > being a direct business requirement. What I mean by that is that > 2-factor authentication does not actually create any value for the > business. The business service is something like "Bond Trading" and > it has a set of NFRs which are delivered by support services and > 2-factor authentication is an example of that. > > Put it this way. If the rule for 2 factor authentication goes away > then there is still Bond Trading, if Bond Trading goes away there is > no 2 factor authentication. Hence the reason security is support not > business. Depending on the business you can say the same for HR, > Procurement, IT and lots of other backend pieces. > > > > Anne > > > > > > > > On 1/29/07, Steve Jones wrote: > > > > > > > > > > > > > > > > > > > > > But is it a business service or a support service? I don't think anyone > > would doubt that security is required, but I'd argue that the purpose is > > never security that is just a pre-req for going live. > > > > > > So I'd agree that its a service, just not that its a business service. > > Security isn't so much the basis for trust as the representation of trust > > once agreed, i.e. I've decided that I require a secure connection to put > > in credit card details, therefore you must support HTTPS if you want me to > > give you those details over the web. Its important in SOA to realise those > > services which are support and those which are actually business important > > in themselves. There is a huge history in IT of rating the support (IT) > > service above the business ones so for instance "security" becomes more > > important than actually getting the job done. > > > > > > Steve > > > > > > > > > > > > > > > On 25/01/07, Michael Poulin < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > Well, to my experience, security is doing A LOT for the business > > (http://java. sys-con.com/read/131811.htm, http://java. > > sys-con.com/read/163285.htm). Besides it is a foundation for the business > > trust, I had several cases where business simply could not operate w/o > > security. Here is an example: financial report distributed among > > investment experts contains some information which is assumed to be seen > > by the bankers of certain level of responsibilities and in certain > > locations only. Are you going to create multiple reports or filter data > > based on user access rights / entitlement? Though security topic does not > > belong to the forum, I believe it is a legitimate SOA service and I still > > staying on the position about SOA services I described earlier. > > > > > > > > - Michael > > > > > > > > > > > > > > > > > > > > Jim Thomas wrote: > > > > > > > > > > > > I still disagree although I admit it's a bit of a nit. The security > > > > service has nothing to do with business at all. The dependency flows > > > > in the other direction. Supposing the security service is used in a > > > > purely scientific system then "business" seems a misnomer. > > > > > > > > --- In [email protected], Michael > > > > Poulin wrote: > > > > > > > > > > I think that creation of 'generic' (infrastructure - in my > > > > understanding) services does not contradict 'business-centric' > > > > definition because, e.g., security service is not about generic or > > > > abstract safety but about protecting business interests (scientific > > > > results, in particular) and building business trust; transport > > > > services serve the same purpose - allowing business to operate. Not > > > > all services have to implement business services directly but > > > > those, that do not implement them, exist because of the needs of the > > > > business services, not because they are coooool. All this is about > > > > money paid by a business for its benefits. Please, tell me if I am > > > > wrong. > > > > > > > > > > - Michael > > > > > > > > > > Jim Thomas > > > > wrote: I would > > > > rather see: > > > > > > > > > > "SOA is a software design paradigm..." > > > > > > > > > > rather than: > > > > > > > > > > "SOA is a business centric software design paradigm" > > > > > > > > > > for two reasons. Firstly there are many wishing to use SOA in > > > > other > > > > > environments such as scientific and although they will put up with > > > > > these categorizations they see them as inaccurate. > > > > > > > > > > Secondly, the are also many developing generic services ( e.g. > > > > > security, transport, transaction, etc.) that they really see as > > > > being > > > > > used by the business services but not business services. > > > > > > > > > > Also, by removing "business centric" from that statement I don't > > > > see > > > > > any cases being eliminated either. > > > > > > > > > > --- In [email protected], "Selwyn > > > > > > Akintola" wrote: > > > > > > > > > > > > Back in November as part of my MSc. research I posed the > > > > > > question "What is SOA?". The objective was to derive a > > > > definition of > > > > > > SOA that I could use to inform the rest of my studied. Since > > > > then I > > > > > > have received approximately 50 definitions of SOA from various > > > > > > sources including from members of this group. First off let me > > > > thank > > > > > > you all for the valuable and insightful input. When I asked the > > > > > > question I also committed to being my definition of SOA back to > > > > this > > > > > > group. Her it goes – SOA in less than 100 words- > > > > > > > > > > > > "SOA is a business centric software design paradigm > > > > characterised by > > > > > > the utilisation of well defined standards and protocols to > > > > create > > > > > > services and compose applications from services. SOA mandates > > > > that > > > > > > services are loosely coupled and communicate through the > > > > exchange of > > > > > > messages thereby allowing resource sharing and reuse. > > > > > > Interoperability and platform independence allow the > > > > composition of > > > > > > applications from services created using heterogeneous > > > > resources and > > > > > > hosted on heterogeneous technology platforms. SOA is a long > > > > term > > > > > > organization wide cross functional collaborative activity whose > > > > ROI > > > > > > will be achieved by service reuse and efficiencies gained by > > > > better > > > > > > alignment IT with business." > > > > > > > > > > > > Please fill free to comment and critically review. > > > > > > > > > > > > I am now looking at SOA adoption rates, SOA benefits > > > > realization > > > > > > experiences and the relationship between the semantic web (web > > > > 2 or 3 > > > > > > or whatever it is now) and SOA. > > > > > > > > > > > > Once again thank you for the input. > > > > > > > > > > > > Selwyn Akintola > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------- > > > > > Need a quick answer? Get one in minutes from people who know. Ask > > > > your question on Yahoo! Answers. > > > > > > > > > > > > > > > > > > > > > > > > > ________________________________ > Everyone is raving about the all-new Yahoo! Mail beta. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > ________________________________ Sucker-punch spam with award-winning protection. > Try the free Yahoo! Mail Beta. > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/service-orientated-architecture/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
