Friday, January 11, 2008

Things to watch out for Java Developer in 2008-Part 3

In continuation of the series of articles I started discussing about the technologies to watch out for Java Developer in 2008,in this final part I would like mention about
Google Android and SOA(Security).
I would like to start with SOA security.SOA has been such a buzzword since last year and more & more enterprises are now turning to a new IT architectural approach called Service-Oriented Architecture (SOA).And there in lies the challenge for managing the security of SOA enterprise applications.Security in IT can be broadly classified as network security,
platform security, and application security .Application security is the main area of focus in SOA architecture

The basic definition of SOA is ,Service Oriented Architecture (SOA) is an architectural style that guides all aspects of creating and using business processes, packaged as services, throughout their lifecycle, as well as defining and provisioning the IT infrastructure that allows different applications to exchange data and participate in business processes loosely coupled from the operating systems and programming languages underlying those applications. SOA represents a model in which functionality is decomposed into distinct units (services), which can be distributed over a network and can be combined together and reused to create business applications.These services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services.

Web services were developed as a way to enable the creation of reusable code, simplify development, and streamline system integration. While these goals were met, the open standards that emerged have not yet fully addressed security. Specifically, XML, SOAP, WSDL, and UDDI are open standards that enable the transmission and description of data and procedure calls between systems.And none of these open standards have inherent security model.So why do we need open standards?The answer is,Open standards must be adopted to enable integration across enterprises.
Orchestration of business processes across multiple suppliers, partners,
and customers must be possible,thats why.

In the context of SOA, instead of securing a single application, you should
secure the architecture. On one hand, you need to keep the services open so that applications, both internal and external, can easily reuse them. On the other hand, unless these services are properly secured, they can be misused to cause security breaches. How do we secure services without reducing reusability?So how best can we secure our SOA applications?
The answer is ,standards such as WS-Security, SAML, WS-Trust and WS-SecurityPolicy and Application-oriented Networking (AON).

SOA adopts three approaches for application security and they are Message-level security,Security as a service,Policy-driven security.
WS-Security allows message-level security to be implemented with SOAP.
A security service can offer applications the ability to authenticate, authorize,
encrypt/decrypt messages, sign messages/verify signatures,and log messages.It may also scrub messages to protect applications against known and unknown vulnerabilities.SOA supports standards such as Security Assertion Markup Language (SAML) and WS-Trust that can be used to implement such a service.

A security policy declaration becomes handy in enabling Security requirements and mechanisms not to be hard-wired into applications.Thats where security policy comes in handy.It separates security logic from business logic, leaving the former to security specialists. It becomes easier to ensure consistency of security enforcement across multiple applications.
WS-SecurityPolicy is the standard that is emerging to make this new approach possible
Other standards are,WS-Federation Web Services Federation Language
This specification defines mechanisms to allow different security realms to federate by allowing and brokering trust of identities, attributes, authentication between participating Web services.
WS-Security Describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication.
WS-SecureConversation Defines extensions that build on WS-Security to provide secure communication. Specifically, it defines mechanisms for establishing and sharing security contexts, and deriving session keys from security contexts.
WS-Trust Defines extensions that build on WS-Security to request and issue security tokens and to manage trust relationships.
XML-Encryption Specifies a process for encrypting data and representing the result in XML.
Application-oriented Networking (AON) Application-oriented networking has arisen in response to increasing use of XML messaging (combined with related standards such as XSLT, XPath and XQuery) to link miscellaneous applications, data sources and other computing assets. Many of the operations required to mediate between these different participants, or to monitor their exchanges, can be built into network devices that are optimized for the purpose. The rules and policies for performing these operations, also expressed in XML, are specified separately and downloaded as required

For further understanding,read the following articles.
Web Services Architecture,”is available at

Security in a Web Services World: A Proposed Architecture and Roadmap,” a white paper published in 2002 by IBM and Microsoft, is available at

Apache WSS4J,a publicly available extension of Apache Axis 1.x to add limited support for security, is available at

Apache Rampart, a publicly available extension of Apache Axis2 to add limited support for security, is available at

Cisco’s Application-Oriented Networking (AON) product page is at

B)I must say Iam excited to conclude this series of "Things to watch out for Java Developer in 2008" by talking about Google Android
.With so much buzz and excitement around smartphones specially Apple iPhone,will Google be left behind to become a leader in that niche market as well.I must say I always keep an eye with whatever Google comes up with,be it the Google Maps,Google Web Toolkit,the Search Engine itself and Google Earth Sky.And AT&T is the last remaining major wireless carrier in the United States to not publicly endorse Google's Android initiative. Sprint,Nextel,Sybase,Motorola,Qualcomm,HTC and T-Mobile had both come out in favor of the platform when they joined the Open Handset Alliance, a multinational group with over 30 members dedicated to promoting Android, in November last year.And thats why developing applications for mobile devices(mobile computing) is something every Java Developer(me definitely) should also consider seriously now and adding technologies like Blackberry Java Development Environment,IBM J9 & Google Android to their career graph.I must say Iam completely bowled over by Google Android.
In comes Google Android,
the first complete,open and free mobile platform.
Android is the first truly open and comprehensive platform for mobile devices. It includes an operating system, user-interface and applications -- all of the software to run a mobile phone, but without the proprietary obstacles that have hindered mobile innovation.The Android platform is a software stack for mobile devices including an operating system, middleware and key applications. Developers can create applications for the platform using the Android SDK. Applications are written using the Java programming language and run on Dalvik, a custom virtual machine designed for embedded use which runs on top of a Linux kernel.The features of Android are,
* Application framework enabling reuse and replacement of components
* Dalvik virtual machine optimized for mobile devices
* Integrated browser based on the open source WebKit engine
* Optimized graphics powered by a custom 2D graphics library; 3D graphics based on the OpenGL ES 1.0 specification (hardware acceleration optional)
* SQLite for structured data storage
* Media support for common audio, video, and still image formats (MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, GIF)
* GSM Telephony (hardware dependent)
* Bluetooth, EDGE, 3G, and WiFi (hardware dependent)
* Camera, GPS, compass, and accelerometer (hardware dependent)
* Rich development environment including a device emulator, tools for debugging, memory and performance profiling, and a plugin for the Eclipse IDE
The architecture of Android SDK is,
To develop Android applications using the code and tools in the Android SDK, you need a suitable development computer and development environment, as described below.
Supported Operating Systems
* Windows XP or Vista
* Mac OS X 10.4.8 or later (x86 only)
* Linux (tested on Linux Ubuntu Dapper Drake)
Supported Development Environments
Eclipse IDE Eclipse 3.2, 3.3 (Europa)
Eclipse JDT plugin (included in most Eclipse IDE packages)
+ WST (optional, included in most Eclipse IDE packages)
JDK 5 or JDK 6 (JRE alone is not sufficient)
o Not compatible with Gnu Compiler for Java (gcj)
o Android Development Tools plugin (optional)
o Not compatible with Gnu Compiler for Java (gcj)
o Apache Ant 1.6.5 or later for Linux and Mac, 1.7 or later for Windows

Suggested Reading

Suggested Video Tutorial
Android Architecture-part 2

Android APIs

Android Demo

Thats all for now!

Speak up! Say whatever you have to say

Print this post