Saturday, March 13, 2010

Tricked by 'open source' ?

This is a re-post of my reply to "C Curl":

AdroitLogic already shares the code of the UltraESB with real users! .. and I do come from a history of over 4 years of contribution to the open source Apache Synapse ESB, where I contributed over 70% of its last released codebase.

I truly believe what my company offers is better - as we share the 'real code' with 'real users' who are interested, and not using the term 'open source' for marketing reasons to bait customers. The software we provide is offered free of charge for unlimited and perpetual use.

Many companies that have 'open source' products, swiftly switch over enterprise customers to the 'commercial version's that are .. of course 'much better' ;)! .. the reality is this code is not shared with the customers in almost all instances. The customers then run versions from vendors' internal 'support branches' they have never seen or heard of!

Although the 'open source' version of the code may be available, even that may not be build-able, or understandable for an average user that easily. In 2-5 years time the open source companies maybe gone too; and along with it, the open source code repository, bug tracking and maven repositories and wikis etc holding critical artifacts.. It would certainly be an interesting situation for a customer to be in, when they finally find that they have been living on a 'support branch' of an open source project, for which they have no access anymore!

The Apache Software Foundation tries to overcome this issue by creating an open and diverse community:

"The project is considered to have a diverse community when it is not highly dependent on any single contributor (there are at least 3 legally independent committers and there is no single company or entity that is vital to the success of the project)" [1]

I'll leave the rest upto you to decide...

[1] http://incubator.apache.org/guides/graduation.html#community

Tuesday, March 2, 2010

Use the UltraESB as a Security Gateway for HTTP/S, REST, SOAP, Hessian, Text etc

I've written an article that explains how the UltraESB could be used as a HTTP/S or SOAP Security gateway, to front internally deployed services of an organization in a SOA.

The UltraESB allows SSL termination, WS-Security validation/termination, HTTP Basic/Digest authentication enforcement, Client SSL certificate validation etc, from a security point of view. Additionally it provides validation and transformation capabilities - and supports secure XML processing which safeguards the infrastructure from XML based attacks.

Read about it here: http://soa.dzone.com/articles/use-ultraesb-security-gateway