We provide enterprise consulting services spanning the range from service development to full service architectures. At the development level, we can help you with any Java web service issues from the most basic choice of technologies to the thorniest web service security configuration problems. At the architecture level, we provide expert guidance for security architecture as well as service structuring and design issues, including best practices for interoperability, extensibility, and versioning. The following sections detail some of our specific areas of expertise.
Java web services
Java web services can be built on many different open source and commercial web services stacks, each with different capabilities and potential issues. Many of these stacks implement the JAX-WS 2.x standard for service configurations, but even among these JAX-WS implementations there are still major differences in how you configure and use the services. These differences are even greater when issues such as security are involved.
We're active participants in the development of the industry-leading Apache CXF web services stack, and specialize in supporting clients using CXF. CXF offers high performance combined with great flexibility, but can sometimes be overwhelming with the number of different ways you can configure and use it. We can help you through all the nuances of working with CXF for both JAX-WS SOAP web services and JAX-RS REST web services.
Even if you're not using CXF, we can still help. We've been specializing in Java web services for more than a decade, and offer the widest range of experience across the greatest number of Java web services stacks. We can provide you with fast support in any issues you encounter with your web service development.
Web service security
Web service security is a complex topic involving a range of web services standards, including WS-Security, WS-SecurityPolicy, WS-Trust, WS-SecureConversation, and more. If you're designing secure web services for enterprise use you need to make sure that your security implementation matches your requirements without imposing any unnecessary complexity on clients. If you're working with an existing secure service, you need to comply with the service requirements in order to access the service.
We're experts in the full range of web service security technologies, with a long history of implementing security, solving securing issues, and training developers on security. Whether you're designing secure services or having problems with security in existing services, we can help!
Service security architecture
Security architecture is a crucial aspect of converting your organization to a service model. You need to be certain that access to services is authorized, that confidential data is kept secure, and that any necessary audit trails are maintained. But security always comes at a cost, in terms of flexibility, convenience, and performance.
The ideal security architecture for your enterprise is one which provides all appropriate assurances of access, confidentiality, verifiability, and other security aspects, while imposing the least costs on the enterprise. In most cases, this means first classifying your services into risk categories and assigning the appropriate security measures for each category, then establishing identity management solutions to match the organization and requirements. As experts in web services security we can help you with both determining service security requirements and choosing identity management mechanisms for your enterprise services.
Service architectures require long-term service commitments and planned life cycles. But services can rarely be frozen, and as requirements evolve over time you need to be able to modify or extend your services with added functionality while preserving compatibility for existing clients. If you need to deploy a new version of a service every time a change occurs you'll soon be swamped under a proliferation of service versions and end up with a "Spaghetti SOA".
The flexibility to handle changing requirements over time isn't automatic with service architectures. At the highest level, structuring web services for the enterprise requires attention to composibility and reuse of services across different applications so that you start with a solid set of service components. At the design level, issues of data structure reuse, XML schema interoperability, service extensibility and versioning approaches are all important for flexibility. As experts in web service structuring and XML data binding we can help you chose service structures that fit your enterprise needs both now and in the future.