I asked what she did for a living. She said she was a software engineer working with SOA. I did not think about my plane ride much until I arrived in San Francisco to attend the SOA World Conference & Expo this past Monday and Tuesday. The first day of the conference as I walked into the hotel, guess who I saw? My friend who I met on the Turkish Airlines flight from Istanbul. What a small world, isn't it? Her company was one of the sponsors of the event.

Service-Oriented Architectures are all the rage. But it's one thing to talk about them, another to design them, and yet another to implement them. What Patterns can you use to design the external interfaces of a Web Service, and keep it service-oriented? How do you avoid the tight-coupling in functionality and time of traditional RPC, and instead achieve the loose-coupling of functionality and response found in a document-centric web service? What Patterns can be used to design the internals of a web service, and keep it light-weight and flexible? In this session we'll analyze a service-oriented document-distribution system to learn what types of patterns you can use and how to take advantage of them. And you'll see a complete implementation in C#, which will demonstrate the versatility of the .NET Framework and the tools used to implement the service.

Eclipse provides support for Java program development such as editing, compiling, and debugging, and is readily extensible through its plug-in mechanism. Many have been involved in the development of plug-ins that support the building and launching of embedded applications (with support for various platforms, such as J2ME/MIDP, PocketPC, and PalmOS). This talk will show how applications can be developed, compiled, analyzed, and compressed to fit on really small devices. It will include reports on practical experience, it will provide background information on developing Java applications for resource-constrained environments, and explain what Java standardization processes are under way.

Web services facilitate a pplication-to-application integration and interoperability across different platforms. However, critics usually point to an inefficient processing model and bandwidth requirements for developing Web services. This is often cited as a reason why Web services cannot perform and scale well in production environments. This session takes a detailed look at performance and scalability issues around Web services in the real world, as well as strategies that architects and developers can adopt to mitigate such risks in these applications. Some analytical and modeling strategies that enable acceptable application performance will also be covered.

A service-oriented architecture (SOA) is the design blueprint for seamless connectivity between business processes and IT infrastructure, enabling innovation and improving productivity. SOA provides the most efficient, standard way to dynamically interoperate with any customer, supplier, product or employee. SOA makes integration intrinsic. Web services are the foundation building blocks of an SOA, and they are already proliferating inside most enterprises. In an SOA, Web services become business services with the ability to perform a particular function or access data dynamically. This presentation will discuss the four abilities that a registry provides for an SOA.

Why a Java technology standard? Why technology communities? This session will explore the circle of adoption and business opportunity from an IT Manager and IT developer perspective, as well as, how Java technology fits into these circles, and the significance of conformance and the 'Write Once, Run Anywhere' promise. This session will also examine the role the Java Community Process (JCP) program plays by carefully focusing on binary compatibility and bringing together the community to agree on standards and the results of this effort - multiple implementations from many sources based on Java technology.

Replacing complex, monolithic applications with nimble applications built from exposed services promises increased developer productivity, greater flexibility, and ultimately reduced cost. The adoption of Web services and SOA can also remove a significant level of complexity and integration problems from enterprise application development projects. But, as with any large-scale project, IT departments must have the right plan and the right resources in place to ensure a successful transformation of their computing infrastructure. This article will explore what IT organizations need to know to be successful in their attempts to migrate the enterprise to a service-oriented architecture.

This session will present a collection of programming tips and tricks related to consuming and providing Web services in Java. This collection has been created by a number of developers and consultants and is the result of many real-life project experiences. We will focus on implementation aspects for Web services and not go into any detail on architecture or conceptual issues. In other words, these are the problems that developers face once they have started coding.

Service-oriented architecture, Web services, and J2EE technologies are dramatically changing the ways in which enterprises develop and deploy their Internet-facing applications. Because these applications potentially have a global user base, correctly architecting applications is a particular challenge. A combination of grid computing and utility computing offers a way to provide computing resources when and where they are needed, but developers must factor in certain considerations during design. This session will provide an in-depth overview of three real-world case studies using Grid computing in combination with Web services and J2EE to create Internet-based SOAs. It is designed for application architects and developers, and attendees will learn how applications can be designed to operate in a distributed computing environment such that performance and scalability problems are bypassed during deployment.

The Smart Client is a relatively new application development model bringing together the rich, interactive user experience of WinForms and the ease of deployment of ASP.NET applications. We'll look at Smart Client architecture, design, and implementation using the Smart Client Offline Application Block with a bias toward a service-oriented architecture (SOA). I will also briefly review what is on the horizon as new and different for Smart Client applications in Visual Studio 2005 and .NET 2.0.

IT leaders are hoping to leverage the benefits inherent in Web services and Service-Oriented Architectures (SOA) to enable their businesses to be far more competitive and to find new operational efficiencies. But, can we depend on these new technologies and approaches? Management and security are a common concern today and this session provides the necessary background and perspective on both the business and the technical issues. We will examine important principles and recommendations using real-world examples to illustrate key concepts.

The recently created Web Tools Platform Project extends Eclipse with a set of open source Web service development tools and APIs. This talk gives an overview of the project and focuses on its Web services support. The project is divided into two subprojects: Web Standard Tools and J2EE Standard Tools. The Web Standard Tools subproject contains support for XML Web Services, including tools based on standards defined by W3C, Oasis, WS-I, and others. The J2EE Standard Tools subproject contains support for standards defined by JCP, such as JAX-RPC and JSR-109, and for reference implementations of these standards, such as Apache Axis. The project contains both a set of tools for Web service developers and a set of APIs for Web service tool creators. The talk includes a demonstration of the tools.

The Basic Business License Web-based application of the District of Columbia enables the processing and issuance of business licenses. The licenses are issued according to business activity and transformed into business endorsement categories. In this project, SDDM Technology participated in the development of an n-tier application. The SDDM Technology team was responsible for the business logic and the data access tiers. The team applied Microsoft's .NET technology to develop the business rules. ADO.NET was used in conjunction with Oracle packages to access and manipulate data from the data tier (Oracle database). Data was requested from and passed to the Presentation Layer (Java technology) using SOAP/XML. In short, the District of Columbia business license problem was resolved using service-oriented architecture and Web services, taking advantage of the available technologies.

Service-oriented architecture (SOA) represents the opportunity to achieve broad-scale interoperability, while providing the flexibility required to continually adapt technology to business requirements. No small feat, particularly when one considers the extent and complexity of today's IT environments. As both a technology concept and IT discipline, the challenge inherent in SOAs is maintaining the right architectural approach. If all services in an SOA are treated as interdependent point-to-point interfaces, then the complexity of implementing and maintaining them in this spaghetti-like architecture becomes enormous. The enterprise service bus (ESB) has emerged as one of the first true SOA product offerings, bringing SOA from pattern to production. ESBs provide a framework for building and deploying an event-driven, enterprise SOA and accommodate the configuration, hosting, and management of integration components as services across the business.

This session will address how to approach service-oriented architecture (SOA) management from a project-based level while still allowing room for future expansion and incremental growth to an enterprise-wide SOA. The session will provide valuable insight into how SOA management can help organizations ease the complexity of moving toward a loosely coupled environment.

Many businesses are pursuing migration strategies that will allow them to begin leveraging some of the major benefits of .NET in the short term, such as managed code and Web services, while positioning them to further build on the platform in the future. But developers have several options to choose among, from a 'face lift' to migrating just the user interface tier, to a 'just do it' approach for the entire system, encompassing full design, development, and deployment in .NET. This session will address how to assess the business objectives and then plan migration based on current infrastructure, from the complexity and separation of the code base, to COM objects in use, and the database structure. We will take a look at the benefits that organizations seek in migrating applications from ASP to ASP.NET.

This session explores the best way to approach decisions about securing your applications, highlighting the tools and techniques used by both the hackers and the hacked. In this unique setting we watch an application evolve from easily hackable (worst practices) to average security (still too easy to hack as you will see) to secured reasonably within a reasonable cost in terms of effort and dollars. Consider this session the Spy vs. Spy, Hacker Edition. Presented by the world's leading security experts.

In the past year, Web services and service-oriented architectures (SOAs) have become mainstream because of their ability to provide business agility and flexibility through integration, productivity, and reuse. With SOA enablement on the rise, IT groups must address SOA governance as a means of controlling what and how services located within an SOA are deployed. This session will discuss SOA governance, specifically how an organization can manage and control assets and artifacts located within an enterprise, while ensuring that deployed assets meet an organization?s business and technical architectural standards. It will also outline governance best practices such as monitoring the UDDI publish process in order to seamlessly tie together the development and operational views of Web services within the enterprise.

One of the key concepts in ASP is the way Web controls are provided as plain .NET classes. Not much has been said or written about how to use (and extend) this model most efficiently. This session will explain all of that. ASP.NET introduces advanced object-oriented features into the world of Web Development. All ASP pages are based on Web Controls. The initial set of Web Controls is provided by Microsoft as part of the ASP.NET package. However, ASP.NET allows for relatively easy and straightforward extension of the Web Controls model. This session teaches how to build and use Web Controls using Visual Basic.NET and C# code.

You might think you know what an object is, but do you really? Things are not really as they seem in this interesting session that explores the effects of casting, shadowing, overriding, and other OOP mechanisms on objects, and how you can easily be tricked into thinking one plus one does not equal two.

The Web Services Interoperability Organization chartered its Basic Security Profile Working Group to develop an interoperability profile involving transport layer security, SOAP message layer security, encryption, signatures, and other security considerations. This session will discuss the interoperability challenges presented by current Web services security standards and the work of the WS-I Basic Security Profile. The session will highlight typical Web services security threats and countermeasures and the related design goals, usage conventions, and conformance testing of the soon-to-be-released Basic Security Profile.

This session will provide guidelines, best practices, and a methodology to tackle a problem that is sapping the budgets of enterprise that have invested heavily in J2EE technology - the migration of enterprise applications between J2EE application servers. The strategy and planning for such initiatives is very complex and requires planning in advance. Enterprise applications, once deployed, have a multitude of dependencies, besides the dependency on Java APIs. The drivers for migration can include version upgrades, corporate agenda, maintenance costs, industry alliances, rapid upgrades to the J2EE platform APIs, etc. A planned migration ensures a successful implementation while minimizing the impact. This session will describe a strategy to plan for the migration of large portfolios of applications between application server vendors, between application server versions, and between hardware platforms. Real world examples of how this strategy has been applied in the industry will be provided.

One of the great benefits of a service-oriented architecture is the ability it gives you to extend programmatic integration capabilities to business partners. Going beyond simple sharing of data with partners, SOA enables true B2B application integration. At the same time, this capability creates a vexing security policy enforcement dilemma. How can you be sure that a user from a partner organization is actually authorized to integrate with your applications? How can you authenticate that user? Do you even want that headache in the first place? This session will discuss the issues that arise in B2B security policy enforcement and explore several proven approaches to solving the problem. In particular, it will focus on the emerging technology of XML Virtual Private Networks (XML-VPNs) and their potential to mitigate security policy enforcement issues in B2B SOA implementations.

Linux and Apache drove a dramatic change in the server operating system and Web server marketplaces. These areas, dominated by Microsoft and Sun in the late 1990s, now see leading open source alternatives challenging these leaders. But open source's impact doesn't stop there. JBoss, the open source J2EE platform, is becoming the high-volume leader in the J2EE application space. More recently, Mono, the open source implementation of Microsoft .NET, promises to be a main strategic item for Novell. Mono may extend Microsoft's hegemony into Linux and open-source by countering J2EE's cross-platform strategic advantage.

This talk defines a new class of threats, XML Content Attacks, and differentiates these threats from more general Web services attacks and XML security-based attacks. These three related but distinct threat areas are explained. The talk covers XML Content Attacks with regard to tree-based parsing exploits related to coercive parsing, node-depth attacks, and DOM. XML grammar validation exploits such as schema poisoning and lax-content models are discussed, and why traditional schema validation cannot ensure content-model consistency. Web services attacks like WSDL scanning and parameter tampering (SQL Injection, SOAP array attack) are discussed ? highlighting common mistakes made when applying message-level security (WS-Security).

NET and J2EE are two technical visions for the enterprise. While J2EE is a specification, .NET is a product. What are the approaches for integrating these two fundamentally different frameworks? This session will cover different options including Web Services, RMI and/or .NET remoting, and some third-party solutions. The session will also briefly cover some design and architecture patterns that may help us with integration.

Refresh Software is one of the industry's leading CMS vendors, offering a unique Core Content Management approach. The company's flagship product, SiteRefresh, promotes a decoupled component-based enterprise architecture, permitting it to be easily deployed in existing environments. This case study follows the recent transformation of SiteRefresh from an integrated application to a component in a services-oriented architecture. Focusing on the engineering aspects, the presentation will cover the architecture of the product, the design choices and decisions, and implementation techniques. Business drivers, risks, planning, staffing, and engineering effort will also be discussed. The initiative should be substantially complete by the date of the conference, allowing the session to conclude with a postmortem analysis of the Web services effort.

After years of hype and seemingly few deployments, this session highlights several real-world examples from today's leading enterprises implementing transaction-based Web services. The session answers critical questions for enterprises investigating Web services of their own, including: What are the major players really doing? What standards are considered practical for use? What architectural and infrastructure considerations are critical for success? Focusing on four detailed, real-world organizational examples from planning, development, testing, deployment, and finally from operational management, this session is a practical field guide to today's non-trivial Web service deployments and those steps taken to ensure their success.

Businesses have started to use service-oriented architecture (SOA) to develop high-value and flexible corporate software applications. These applications are typically developed as Web services. Securing these Web services is critical for them to be widely used by businesses and customers. Traditional security protocols are often inadequate for these applications, so the security community has developed the WS-Security specification. Microsoft has developed the WSE 2.0 technology to make using WS-Security much easier. This session will explain how to use Microsoft's WSE 2.0 technology to secure applications based on an SOA or a Web service.

Too often today the preferences, terms, and conditions describing how a Web service behaves when discovered and invoked is programmed right into the business logic. Hard-coding this behavior logic however introduces cost, complexity, and rigidity into a Web services architecture. A better approach is to abstract a Web services usage 'policy' out of code where this metadata can be managed as need be. This session introduces the concept of Web Services Policy and describes how the construct can be used to implement a more customized and versatile Web service infrastructure.

CPI is an integrated Correction, Prevention, and Improvement Tracking System for all job-related problems encountered by Halliburton personnel. The system provides a Web interface to let an employee report a problem from anywhere on the field, and tracks the problem during its various stages in the back-end workflow and ultimately captures and reports the resolution. It is built on the J2EE platform using a combination of multiple Web services for its infrastructure. Data is managed from multiple data sources including SAP, operational data stores, legacy systems, and LDAP services, all using independent Web services. The strengths of this system are derived from its unique integrated process model and data management architecture based on Web services. This session describes the vision, the core technologies, key features, and the challenges faced in building this system.

Companies are now facing complexities dealing with issues such as regulatory compliance and security while still providing for company-wide collaboration between employees, partners, and suppliers. Identity systems are becoming a crucial component of applications, enabling developers to take advantage of a new set of services that know who you are, where you are, what you are trying to do, and can adapt to your changing business needs. Identity-driven computing addresses these problems by applying best practices learned from Novell's leadership in identity management for the management of people to all aspects of an enterprise, including servers, PCs, devices, applications, and even Web services.This presentation will outline identity-driven computing, describe the attributes of an identity-driven application, and discuss steps enterprises can take to make the transition to an identity-driven computing environment.

Before digging too deeply into Web services security, it is critical to get a good handle on the key tools in security. Not only will you be able to better understand what you are working with in WSE, but when it comes time for problem solving, you will be in a much better position. Come to this session to learn about certificates, encryption, signing, and other security elements that are the basis of everything that is done in Web services security.

Even though WS-* security standards (WS-Security, WS-Trust, WS-SecureConversation, WS-Policy, etc.) are sufficiently prescriptive on specific security subjects like signing, SOAP message encryption, and request/receive security tokens, they do not provide end-to-end security protocol that Web services can depend on to meet their security requirements. The most significant gap is identity propagation from a Web service into a J2EE container. Current JAX-RPC specification or JSR 109 does not cover this issue. This presentation identifies the gaps and discusses the approaches to plug these gaps. It also discusses implementation of a solution for identity propagation from client to Web service and from Web service to J2EE container.

SOAs promise a dramatic improvement in IT responsiveness to business needs. Key within this value proposition is the idea that service consumption policies can be configured instead of coded. While the opportunities to positively impact both the top-line and bottom-line are enormous, so are the issues of SOA management, with security being a primary focus of concern. How are users and identities managed? How does existing security infrastructure play in the new world, and how do you bridge from an existing environment to an SOA? How can an enterprise provide auditable yet efficient governance of the publishing, consumption, provisioning, and monitoring of SOA activities? This session will present a real-world look at the SOA landscape, a deep look at the security implications that it embodies, and some emerging best practices in the areas of Web services security, SOA policy, and governance.

Web services are gaining industry-wide acceptance and usage and are moving from proof-of-concept deployments to actual usage in mission-critical enterprise applications. Web services range from major services such as storage management and customer relationship management to much more limited services such as furnishing stock quotes or providing weather information. As companies and consumers begin to rely more and more on Web services, the need for developing reliable, high-quality Web services is even stronger. This session will explain issues specific to Web services and will illustrate solid engineering and testing practices required to ensure complete Web service functionality, interoperability, and security. Whether creating Web services from scratch or integrating a legacy back-end server via Web services, the practices and principles outlined in this session will be of great benefit.

Creating solutions of any size based on Web services requires an understanding of the entire software life cycle. It is no longer acceptable to just hope the final system comes together. Instead, designing for deployment, performance, and security is necessary at the outset. In addition, the system must be closely aligned with business objectives to provide the necessary return on investment. This session looks at the new Microsoft Software Development process, MSF Agile, a context-based software development process for building Web service applications. We will concentrate on practical and concrete techniques that can help you build better-performing, secure, and deployable Web service solutions.

One aspect of the Department of Defense's vision for net-centric operations and warfare is composing and orchestrating mission capability packages from various disparate and geographically dispersed Web services into mission-oriented applications as required by the operational situation. This allows mission-oriented capabilities to be quickly composed in response to new challenges, requirements, or demands. In other words, operational agility. Until recently orchestrating these fine-grained services together into coherent course-grained solutions required non standard methods and procedures that were generally not interoperable with other organizations. Business Process Execution Language for Web Services (BPEL4WS) mitigates the issue of interoperability by providing a set of constructs, based on XML, that can be used to define the semantics of how processes communicate and exchange data, control the flow of data from one service to another, and the order in which to invoke services.

The next generation of Visual Studio contains the new version of the .NET Framework 2.0 that enables an easier and more robust programming model. In these sessions we will cover these new programming models and how they can be used to develop a variety of applications. We will cover in-depth the .NET Framework 2.0 and how it enables the easy creation of business objects and Web services. We will explore new features of the Framework that include generics, and Web Service Enhancements. In addition we will cover the Team System Foundation Services. This new enterprise class programming system enables application developers to unit test and manage their applications through a series of built-in designers. Finally, we will cover the new features of SQL Server 2005 and how it can be used to enhance your applications and provide a more scalable platform. If you are currently developing applications or are new to the .NET Framework and Web services, these tutorials are for you. We will start with the basics of these new development tools, gradually building into the more advanced features of the Team System and SQL Server.

Most businesses store and query data with relational databases but need to use Extensible Markup Language (XML) to exchange and display data on the Web and with vendors and partners. As a result, programmers need to deal with both relational and XML data, often at the same time. Emerging standards such as XQuery, XQJ, and SQL/XML, promise to revolutionize data exchange and the ways applications are developed, deployed, and utilized. Learn the key facts about these standards, including what they mean, when they will be available, and what you, the developer, can do to prepare.