The difficult thing about blogging, is knowing when and where to dive in. So, I'm going to start with a little career background and then try to pick up a thread or two in future entries. I saw the potential benefit of Web Services and I was involved in many of the standards as early as 2000 to make sure it aligned with IBM long term business strategy, it is very heart warming to see how it is being adopted today in SOA. Having worked on security in operating systems (UNIX at Bell Labs) and distributed computing (DCE at HP) I started in Lotus working on Java client security. I went to work in Emerging Technologies under Rod Smith initially participating in some of the early browser security investigations, working with Tony Nadalin and Larry Koved. With colleagues in Raleigh, I began prototyping the "publish, find, bind" pattern for services and it led to the UDDI Universal Business Registry, and on into the UDDI speicifcations. Throughout, I was on point for working with research folks in the security area, and worked closely with Hiroshi Maruyama and Michiahru Kudoh in XML security which led me to be involved with Web Services.
Hiroshi, Tony and I began discussions with colleagues at Microsoft, when we realized that we each had thought about adding security to SOAP messaging models but in a slightly different way. The result was the Web Services Security Roadmap and a set of specifications; WS-Security, WS-Policy, WS-Federation, WS-Trust, WS-Secure Conversation. After working toward reference implementations and beginning the standardization process for the various proposed specifications in the W3C and OASIS, I went into the Enterprise Integration Services group under Ed Kahan. There I had the experience of working with customers on the early days of SOA which was enlightening. While in the field I started collecting security patterns and worked with a team of security folks and Jonathan Adams on trying to integrate security into the E-business patterns. Unfortunately, this never saw the light of day and I hope to add to the blog about some of this going forward. With the acquisition of Data Power, I thought it would be exciting to see many of these initiatives come together in an appliance form.
Now I'm trying to build a community around SOA policy, using the new work in DP, Tivoli and WS-RR as an illustration of pragmatic SOA policy. I'll use this blog to explore policy topics and I'm hoping that my colleagues will join in because policy is really the representation of a set of shared requirements. It should be fun.
Diving in to the blogosphere