Tuesday, March 08, 2005

A summary of an enterprise SOA architecture - The Rings of the Enterprise [link]

Ring Zero: WS/RMI/.NET Remoting, Java/C#, business logic + processes, databases, no security
Ring One: Messaging middleware, business system, application security, secure sockets
Ring Two: B2B collaboration, security is a big issue, firewalls, encrypted comms
Ring Three: The world, unsafe


Since Ring Zero has no security, I would expect a business process to be implemented to ensure that staff are unable to interfere with the live system / ring zero. In the simpest of applications, this would imply that a developer doesnot imbed some sort of backdoor or "feature". The security process would be code review. In a larger enterprise system it would be complete network isolation of ring zero allowing only ring zero and ring one to communicate. A deployment process that ensures only certain individuals have access to the live system and a QA review and testing process independant of the developers.

3 comments:

Anonymous said...

Great blog entry on identity management at http://blogs.ittoolbox.com/eai/leadership

Anonymous said...

Nice site!
[url=http://dmhovlcy.com/aoet/frgj.html]My homepage[/url] | [url=http://xijpyyls.com/fbxa/alvy.html]Cool site[/url]

Anonymous said...

Well done!
http://dmhovlcy.com/aoet/frgj.html | http://enodjyum.com/ugww/cnod.html