Security in your Software-as-a-Service (SAAS) Application

‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).

IBM Developer works logo

Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.

  1. Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
  2. Most SAAS companies host multiple clients on one server = New security concerns.
  3. LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
  4. Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
  5. The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.

Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.

Grabbing people's brains and shoving them into a PC

It didn’t go down too well when an elderly relative asked me over Christmas ‘what exactly do you do?’. After fobbing him off with the usual ‘something in computers’, he was shocked to find out that I spend most of my time ‘Grabbing people’s brains and shoving them into a PC’.

This kind of blog-related-violence is normally associated with Twenty-Major (Warning , Parential Guidance required , unless you’re over 80), so before you call the police , let me explain.

Look at your hands. Unless they’re scarred and calloused (from the weekend’s DIY) the chances are that you work in the knowledge economy. You could work for a Bank , Insurance company, Legal company or be a medical professional but most of your work consists of one thing:  You push pieces of paper around that have some magical value.
Or you would push pieces of paper around if it hadn’t all been computerised in the last 10 years. Now you swap files and emails to get things done.  And you swear on a regular basis when the computer can’t find the information you’re looking for, or someone doesn’t understand the email you sent them. But the important bit, the information processing,  still remains in your brain.
Red Piranha Logo

Which brings us to Red-Piranha (site update in progress) and the shoving of people’s brains into a computer. While we can copy an MP3 music file (with Adam’s and Bono’s imagination in it) and send it around the world, but we can’t photocopy your brain. We don’t want all of it, just the part that gets the magical value-added work done. The bits about drinking beer and playing volleyball on the beach we’ll quite happily leave with you.

So this is what Enterprise Web 2.0 is all about : getting the computer to take a load off your brain so that you’ll have more time to spend on the beach drinking beer. Chapter 3 (draft) of our Enerprise Web book has just been put online, which shows you exactly how to do this.

Everything you wanted to know about Business rules

If you’ve reading this blog for a while , you’ll know that I’m into Business Rules. You know, the logic (formal and informal) that are unique to each company / organisation and govern how an insurance claim gets settled , the price you pay for an airline seat, or how your order from Amazon get’s shipped. Rule Engines are a way of getting this knowledge out of people’s heads and into a computer.

Artimis Alliance

Rules are a very simple idea (you just state what you know to be true), but rule engines are not. Ironically, the problem most people have is ‘this is to simple to work’. If you want to get find out more more, the ‘Down to Earth Business Rules blog’ from Artemis Alliance is a good place to start.
They also have a Squidoo Lens (a set of links to other resources) that is worth looking at.