TEAM Zarate Tarrani Notes From the Field

You need only to follow the trade press and e-mail newsgrams to know that security is a top concern these days. This is especially true if you're in healthcare because of the law mandating compliance with HIPAA. My most recent experience in security was on a project in Kuwait. One aspect of that project, for Kuwait National Petroleum Company from December 2000-May 2001, was specifying an enterprise security infrastructure as a part of the company's strategic plan. I spent the better part of today revisiting this topic and thought I'd share some of my notes and research.

A logical starting point is a presentation titled LDAP and Security for two reasons: (1) directory services such as LDAP (lightweight directory access protocol) are key to an enterprise-wide security infrastructure, and (2) this presentation is a good introduction to LDAP. A more technical presentation is Simplified Management of Hosted Services through LDAP in which the power and utility of LDAP becomes apparent. Drilling down into more technical aspects, The LDAP Protocol presentation explains the protocol itself.

If you're serious about implementing LDAP you should be aware of the open source version and a free LDAP Browser. Moreover, if you're using Java to develop your infrastructure or associated services, then the LDAP and Java Naming Services presentation will spark ideas.

LDAP in and of itself can quickly become a hairball unless you design your services intelligently. The key is to understand role-based access controls (RBAC), which in turn requires an understanding of set theory. The best resource for RBAC is the National Institute of Standards and Technology RBAC page. You'll find a plethora of tools, papers and other artifacts, including the Draft RBAC Standard. Another excellent source of information is at George Mason University's Laboratory for Information Security Technology.

Still on the topic of enterprise architectures, a technology worth exploring is JXTA. This is a set of open, generalized peer-to-peer protocols that allow any connected device (cell phone, to PDA, PC to server) on the network to communicate and collaborate. The home of Project JXTA has all of the resources you need to evaluate and/or employ this technology. JXTA, by the way, is short for Juxtapose, as in side by side. It is a recognition that peer to peer is a juxtaposition to client server or Web based computing

Digging deeper into issues we always bump into QA. Issues in Testing Java Applets and a related source, Automating the Java build and test process address some aspects of Java QA. Another interesting resource is JUnit, which is a regression testing framework written by Erich Gamma and Kent Beck. Also take the time to visit IT Toolbox's Java page for a wealth of resources.

A surprising find is a site I just discovered called Quality Assurance & Software Testing Downloads. I thought I knew where every test and QA site on the web was until I found this gem. Although I haven't fully explored it, the content and downloads I did look at seemed to be high quality stuff. Before leaving the topic of QA and testing I'd be remiss if I didn't mention XPractices, which is a page devoted to extreme programming practices. There is a lot of test material here that any XP practitioner, development manager or QA professional will find useful.

I'll come full circle back to enterprise architectures in general and end this entry with a recommended whitepaper titled Web Services, Business Objects and Component Models by Philippe Mougin & Christophe Barriolade of Orchestra Networks.