I asked some folks in my talk before the US Partner Senior Architects Summit yesterday if they had created services that no one used.  Not surprisingly, some hands went up.  One architect piped up with this “I’ve seen a service that was used improperly and it brought down the enterprise.”

Um, OK.  Sure.  I can write a service badly.  I’m sure you can too, without much effort.

Some folks would say “that’s why we need SOA Runtime Management Tools!” 

Bunk.

Every app is completely responsible for protecting itself. 

Whether it is from a Denial of Service Attack to the web site, or an attempt at unauthorized access to the data, or an improper use of the service interface, apps must manage their own stability.  We need to realize that a service has the same flaws and foibles as any app.  It can be used.  It can be misused.

Plenty of ways to solve for this.  A subset, off the top of my head:

  • test the heck out of your service interface.  Testing is our friend.
  • configure for DoS attacks against the service interface
  • use intermediaries that support throttling, so that you can manage the inbound traffic
  • secure the interface, so that only members of known groups or even specific system accounts, have actual access.
  • don’t advertise.  Don’t flag your ‘service’ entry in the repository as ‘public’ or ‘feely callable’ if you aren’t. 

That is not a SOA Governance problem.  This is a training problem. 

By Nick Malik

Former CIO and present Strategic Architect, Nick Malik is a Seattle based business and technology advisor with over 30 years of professional experience in management, systems, and technology. He is the co-author of the influential paper "Perspectives on Enterprise Architecture" with Dr. Brian Cameron that effectively defined modern Enterprise Architecture practices, and he is frequent speaker at public gatherings on Enterprise Architecture and related topics. He coauthored a book on Visual Storytelling with Martin Sykes and Mark West titled "Stories That Move Mountains".

2 thoughts on “Improper use and the SOA free market”
  1. Trying to squeeze this in before yet another gym workout. As I have been talking about on my personal blog , I have really amped up my running as well as my weight-lifting programs. I joined a 2nd gym at work since it’s cheap and on the same floor as

Leave a Reply

Your email address will not be published. Required fields are marked *

16 + one =

This site uses Akismet to reduce spam. Learn how your comment data is processed.