We provide enterprise consulting services spanning the range from SOA architecture to service development. At the architecture level, we provide expert guidance for SOA security architecture as well as service structuring and design issues, including best practices for interoperability, extensibility, and versioning. At the development level, we can help you with any Java web service issues from the most basic choice of technologies to the thorniest web service security configuration problems. The following sections detail some of our specific areas of expertise.
SOA security architecture
Security architecture is a crucial aspect of applying SOA to your organization. You need to be certain that access to services is authorized, that confidential data is kept secure, and that any necessary audit trails are maintained. But security always comes at a cost, in terms of flexibility, convenience, and performance.
The ideal security architecture for your enterprise is one which provides all appropriate assurances of access, confidentiality, verifiability, and other security aspects, while imposing the least costs on the enterprise. In most cases, this means first classifying your services into risk categories and assigning the appropriate security measures for each category, then establishing identity management solutions to match the organization and requirements. As experts in web services security we can help you with both determining service security requirements and choosing identity management mechanisms for your enterprise services.
SOA service structuring
SOA requires long-term service commitments and planned life cycles. But services can rarely be frozen, and as requirements evolve over time you need to be able to modify or extend your services with added functionality while preserving compatibility for existing clients. If you need to deploy a new version of a service every time a change occurs you'll soon be swamped under a proliferation of service versions and end up with a "Spaghetti SOA".
The flexibility to handle changing requirements over time isn't automatic with SOA. At the architecture level, structuring web services for SOA requires attention to composibility and reuse of services across different applications so that you start with a solid set of service components. At the design level, issues of data structure reuse, XML schema interoperability, service extensibility and versioning approaches are all important for flexibility. As experts in web service structuring and XML data binding we can help you chose service structures that fit your enterprise needs both now and in the future.
Web service security
Web service security is a complex topic involving a range of web services standards, including WS-Security, WS-SecurityPolicy, WS-Trust, WS-SecureConversation, and more. If you're designing secure web services for enterprise use you need to make sure that your security implementation matches your requirements without imposing any unnecessary complexity on clients. If you're working with an existing secure service, you need to comply with the service requirements in order to access the service.
We're experts in the full range of web service security technologies, with a long history of implementing security, solving securing issues, and training developers on security. Whether you're designing secure services or having problems with security in existing services, we can help!
Java web services
Java web services can be built on many different open source and commercial web services stacks, each with different capabilities and potential issues. Many of these stacks implement the JAX-WS 2.x standard for service configurations, but even among these JAX-WS implementations there are still major differences in how you configure and use the services. These differences are even greater when issues such as security are involved. Beyond the basics, some Java web services stacks offer extended features such as choices of data binding technologies, Spring support, and scripting language support.
As specialists in Java web services for more than a decade, we offer you the widest range of experience across the greatest number of Java web services stacks. We specialize in support for the open source Apache Axis2, Sun Metro, and Apache CXF web services stacks, and can help you choose the best stack (including commercial alternatives) for your requirements as well as help you get up and running on using that stack. We can also provide you with fast support in any issues your encounter with your web service development.