Sunday, February 21, 2010

Intel's cloud chip and physicalization

Per Intel's CTO Justin Rattner, Intel is working on a single chip cloud computer
  • Parts of the chip will be powered down when not in use
  • First iteration involves a 48 core processor that consumes 25 - 125 watts
  • New term invented "physicalization" which means dedicating one or more cores to a specific application or portion of the application. This is completely opposite to "virtualization" which means running applications on whatever processor resources are available
For complete story, see this Forbes article

Monday, February 8, 2010

Oracle extends BTM and SOA Mgt through Amberpoint acquisition

Oracle's acquisition of Amberpoint extends it's capabilities around Business Transaction Monitoring (BTM), SOA Management and SOA Governance into it's SOA products offering.

Read the following resources for more info

From the FAQ,
The AmberPoint solution will provide several critical capabilities requested by customers.
• Application Discovery – Automatically discovers components and interactions and ensures visibility of the entire heterogeneous SOA environment
• Application Performance Management – Tracks end-to-end performance and availability
• Business Transaction Management – Ensures reliability of individual business transactions and tracks the progress in real time to pinpoint any issues
• SOA Governance – Provides closed-loop governance by reporting run-time results to design-time governance solutions

Friday, February 5, 2010

Integrating REST clients with STS for token exchange

Where REST services demand a particular type of token for access, REST clients can potentially integrate with an STS server to acquire the requisite token, and pass it to the service.

I haven't seen customers yet widely asking for such solutions, but need can arise where companies standardize across the applications on tokens such as SAML for access control which carries not only the username information but also attributes associated with user profile.

In such scenarios, following flow would be applicable
  1. REST client acquires token from the STS server preferably through REST binding of STS, but any other supported binding should also be okay.
  2. Once it receives the token, it adds it to the "Authorization" HTTP header of the REST request.
  3. REST service receives the request, and a security interceptor(agent) picks up the token to check for access validity. The interceptor can optionally assert the identity into the service for identity propagation needs.
I would be interested to know if you run into such scenarios, and looking for products to support it. You can leave blog comments.

Wednesday, February 3, 2010


Secure Token Service (STS) typically have a SOAP endpoint with WS-Trust standard profiling the interactions. How about taking the complexity of SOAP away, and adding simplicity of REST interface to the STS? At the end of the day, STS is a token service that applications use to acquire tokens and should be accessible through different types of bindings - SOAP, REST, etc.

What would be the interaction pattern for such RESTful STS?
  1. Clients access RESTful STS using HTTP GET/POST method sending RequestSecurityToken (RST) as part of HTTP message.
  2. RESTful STS sends back the requested token as RequestSecurityTokenResponse (RSTR) in the HTTP response message.
  3. The STS endpoint could be secured similar to any HTTP resource using web access management products such as Oracle Access Manager (OAM) with username/password or certificate credentials.

RESTful STS can lead to wider adoption
Many languages/frameworks (such as Adobe Flex and Silverlight) doesn't support full capabilities of a SOAP stack. But, they support the basic HTTP interactions. Such frameworks could easily plug into a RESTful STS for their token needs.

Applicability of RESTful STS in the cloud
As cloud remains the innovation vehicle for 2010, I try to find applicability of any new concept into the cloud as well.
Today, Google, Amazon, Salesforce of the world provide RESTful APIs for all it's services. If they decide to broker trust using some sort of STS, then it makes perfect sense for them to provide RESTful STS with API keys and OpenId/OAUTH models to access it.

Monday, February 1, 2010

OER 11g released

Oracle Enterprise Repository (OER) 11g is released and generally available for download now. OER alongwith OSR (UDDI registry), OWSM and EM SOA Mgt Pack Plus comprise Oracle's SOA Governance offering. Of all the new features added in this release of OER, there's one feature around closed loop governance that I would like to discuss in this blog.

Closed loop governance allows architects to review at a high-level how the system and services they designed are behaving in production, and with this knowledge further enhance the services in their subsequent versions. It provides confidence and production assurance to business people that the investments they have put in SOA is actually being put to use.

In this release of OER 11g, high-level performance metrics from Enterprise Manager (EM) and 3rd party products such as Amberpoint are rolled up into OER.

Through the same pattern, do you see a need for rolling up policy attachment info from OWSM into OER?

See more of "What's New in OER 11g" here.