Case Study ZapNote: The Hartford UDDI

The Hartford is an early adopter of Web Services and Service-Oriented Architectures (SOAs), in an industry that is leading the economy in the adoption of these technologies. Their insurance-industry focused initiative known as SEMCI supports requests for quotations for insurance to multiple carriers and gets a response in a standard ACORD format. The Hartford required the ability to roll out continuously changing versions of the Services they offered as a part of SEMCI. Further complicating this integration challenge was the fact that the responding carriers used different and constantly changing versions of the insurance industry standard ACORD messages.

To solve this many-to-many versioning problem, The Hartford turned to a UDDI registry to provide a metadata repository to enable integration in a continuously changing environment. The system works by leveraging a Web Services management platform to query the UDDI registry for an appropriate Service version at runtime, thus enabling the loose coupling between Service consumers and the applications they access.

As a result, The Hartford is now able to leverage their SOA to provide greater business agility to their users, and build a “future-proof” enterprise architecture to enable continual change.

Web-Services Market Poised For Consolidation

Ron Schmelzer, an analyst with XML research firm ZapThink, says Oblix “wasn’t the first company that came to mind” when he considered potential buyers of Web-services-management firms. Until now, identity management has been a system at the heart of the enterprise, controlling access to internal applications.

Now, Schmelzer says, Web services may be extended outside the company to business partners, provided they’re linked to an access-control system, such as Oblix’s NetPoint. The Oblix move may signal “another wave of consolidation” as identity-management vendors team up with Web-services management, he adds.

Read more at: InformationWeek

Oblix to Buy Confluent in Web Services Play

Jason Bloomberg, a senior analyst at research outfit ZapThink, said Oblix’ acquisition of Confluent is a departure from the norm for companies in the identity management and Web services management industries, though the synergies between the two make it an ideal arrangement.

“Most companies in these two markets have been happy with partnerships to complement one another’s strengths, but there’s no question the Oblix/Confluent combination promises to offer a more comprehensive management solution than any other one company might be able to offer,” he told internetnews.com.

Read more at: Internetnews.com

Oblix buys into Web services management

While HP and Computer Associates offer a broad suite of functions, Oblix’s software is more specific to identity management. The acquisition of Confluent by Oblix could indicate that interest in Web services management will increasingly come from a broad range of companies, beyond the traditional software management realm, according to Ron Schmelzer, an analyst at Web services research company ZapThink.

“If you asked me who I thought would buy Confluent, I would not have put Oblix on the list,” said Schmelzer. “I think we’ll start to see consolidation from different places (than traditional management providers).”

The Confluent software can help Oblix manage networking policies other than security and network access, Schmelzer noted. Confluent’s software could act as an extension to Oblix’s current software line with the ability to track whether a Web service application is available and whether it’s performing adequately, he said.

Read more at: CNet

Oblix Makes Service-Oriented Moves With Confluent Buyout

Asked his thoughts on such an acquisition, Jason Bloomberg, an analyst with ZapThink LLC, of Waltham, Mass., said: “Identity-and-access management and Web services management are both critical enabling technologies for building and running service-oriented architectures (SOAs), so there is definitely synergy between the two areas.”

“Most companies in these two markets have been happy with partnerships to complement one another’s strengths. Nevertheless, if you think of an SOA as being based on policies, then identity management and Web Services management fit well together,” Bloomberg observed.

Meanwhile, Ronald Schmelzer, also of ZapThink, said, “If you think about where portals are heading, security in the form of Single Sign-On was key to make sure that users could get a single user experience even while traversing multiple portlets and portals in a session. This is what brought companies like Oblix and Netegrity to the fore with their identity management products.”

“However, as the portals manage increasingly more complex SOAs, they will have to control not just the security interfaces, but also the service interfaces themselves to make sure that the portals and composite applications get the functionality that they are expecting,” Schmelzer said. “So, as identity management vendors extend the notion of security management beyond just tightly-coupled systems to loosely coupled SOAs, they will need to work increasingly more closely with service-oriented management vendors.”

Read more at: eWeek

Tech Update Software Infrastructure

Decision-makers have a new vendor to consider thanks to Novell’s January release of an identity management solution. “The Nsure Identity Manager is well positioned to be a leader in the enterprise identity management space alongside Netegrity and Oblix,” said Jason Bloomberg, senior analyst for ZapThink.

Read more at: ZDNet

Novell Conjures New ID Management Software

Jason Bloomberg, senior analyst with XML and Web services research firm ZapThink, gave kudos to Novell’s evolution from an operating system and directory company to a competent Web services infrastructure provider.

“The Nsure Identity Manager is well positioned to be a leader in the enterprise identity management space alongside Netegrity and Oblix,” Bloomberg told internetnews.com. “What Novell can offer that these other, more specialized vendors cannot is a much broader solution set for companies moving toward Service-oriented architectures (SOAs).”

Bloomberg said Novell’s exteNd product provides application development and integration capabilities, which, when bundled with Nsure, will offer customers a broad set of tools for building and securing SOAs that few competitors can touch.

Such product suites are considered an important linchpin to help Web services succeed, as enterprises are increasingly demanding products that bridge communications between employees and partners.

“Identity management is becoming increasingly important because applications are no longer discrete, isolated islands of information in the enterprise,” said ZapThink Senior Analyst Ronald Schmelzer. “The movement to standards-based computing… means that systems are increasingly being shared, integrated, and combined into composite applications to power the new class of enterprise applications.”

Read more at: Internetnews.com

Identity, authentication key to Web services security

When people think of Web services security issues, they tend to think of hacking or other forms of traffic snooping, said Ron Schmelzer, founder and senior analyst of Waltham, Mass.-based consulting firm ZapThink LLC. But those problems are solved easily, he said, using SSL at the protocol layer, and encrypting SOAP messages.

Schmelzer said the most significant external Web services security problems lie in the realm of authentication and identity management, because Web services transactions are conducted between two computers.

As a Web services provider, Schmelzer said, “you’re not providing access to a human; it’s another system. If we expose an interface to our SAP system, how do we know whoever is making that Web service request is authorized to make it?”

So how can a requester’s identity be verified? It’s tricky, Schmelzer said, because there’s a lack of context in public, machine-to-machine communication, making it difficult to track what company or system is initiating a Web service call. “Plus, the request may not be made directly,” he said. “It may be made through a portal or other composite application. It gets complicated very quickly.”

Read more at: SearchWebServices

Application firewalls good enough — for now — for Web services security

While functions such as identity management will become increasingly important, “If somebody can just look at the content of a SOAP message and pick out your credit card number, it doesn’t help much,” says Jason Bloomberg, a senior analyst at ZapThink LLC, a Web services research firm in Waltham, Mass.

Read more at: SearchSecurity (TechTarget)

Service-Oriented Architecture Consulting for Professional Services Organizations

Service-Oriented Architectures (SOAs) represent an evolutionary approach to distributed computing that promises a flexible IT environment that leads to business agility. As companies look to leverage the business advantages of Web Services to address strategic business needs, they are increasingly looking to build SOAs. However, SOAs require special skills and expertise. When companies do not have such skills in-house, they turn to consultants, system integrators, and other professional services organizations.

The movement to SOAs present both opportunities and threats to consulting firms: on the one hand, there will be an increased demand for architectural consulting, business process consulting and the implementation tasks associated with building SOAs. On the other hand, as SOAs take hold and Service-oriented process solutions supplant integration solutions, the market for system integration will dry up, requiring system integrators to change their business focus.

This report analyzes the market for SO