soa

Should a SAML federation software accept the same SAML response as long as it is within the allowed SAML token lifetime? In simpler terms: IDP (identify provider) issues a SAML response, then SP (service provider) accepts/processes it. Can the same unmodified SAML response be then re-used immediately after the first use? Given that the SAML issuance timestamp is within allowed range. Security-wise it makes sense to restrict a SAML token (response) to only one use, so that even if it is stolen by a "man-in-the-middle" - it cannot be reused. But in order to implement that, the software needs to

I'm new to EDA and I've read a lot about benefits and would probably be interested to apply it during my next project but still haven't understood something. When raising an event, which pattern is the most suited: Name the event "CustomerUpdate" and include all information (updated or not) about the customer Name the event "CustomerUpdate" and include only information that have really been updated Name the event "CustomerUpdate" and include minimum information (Identifier) and/or a URI to let the consumer retrieves information about this Customer. I ask the question because some of our events

I'm starting to design a wcf service bus that is small now but will grow as our business grow so I'm concerned about some grwoing problems and also trying not to YAGNI too much. It's a e-commerce platform. The problem is I'm having too many second thoughts about where to put stuff. I will give a scenario to demonstrate all my questions. We have an e-commerce website that sells products and ultimately deliveries them. For this we have a PlaceOrder service which, among other parameters, expects an Address object that in this context (our website placing an order) is made of City, Street and

For personal and university research reasons I am thinking of building a simple CRM using a service oriented architecture. Its meaning is just to explain the architecture itself, not commercial use. I was thinking of implementing a CRM that offers a simple analytics service and customer care (user storing, personal comments, and few other things). The architecture that I'm designing defines: - WebGUI (a client of the other services) - AnalyticsService (a service that receives data, analyzes and collect it) - CustomerCareService (a service that uses RESTful APIs to apply CRUD operations). Each

After reading the Service Oriented Architecture Principles site and the respective Wikipedia article I had a thought: the Erlang/OTP platform can be considered as an SOA platform and SOA applications can be built on it. The only thing is that the Service Contract for each service in such a system is very specific: in order to call a service in Erlang/OTP the Orchestrating layer would have to make calls via Erlang messages or calls to gen_server (depends on the implementation). This would not let making any calls to the services outside of Erlang/OTP platform scope. But what if we try to build

Let us imagine we have an orders processing system for a pizza shop to design and build. The requirements are: R1. The system should be client- and use-case-agnostic, which means that the system can be accessed by a client which was not taken into account during the initial design. For example, if the pizza shop decides that many of its customers use the Samsung Bada smartphones later, writing a client for Bada OS will not require rewriting the system's API and the system itself; or for instance, if it turns out that using iPads instead of Android devices is somehow better for delivery drivers

I am taking over a project to replace an ancient legacy system from the ground up. Before I came on, the company hired a consultant who put together a basic sketch of the system and pushed SOA heavily. This resulted in a long list of "entity services", with the intention of them being composed into more complex service combinations. For instance, a user wanting committee info would hit the "Committee" service, which then calls the "Person" service to get its members, and the "Meeting" service to get its meetings, and so on. I understand the flexibility gains in this, but my concerns are about