Tuesday, 21 February 2017

Blueprints for success

Well it's been a while, in my echoey end of the internet. To business. Due to "stochastic externalities" I have some time on my hands. Start-ups. Meh.

So to make myself pretty for my next job, I'm reviewing all things cloud etc, and it strikes me, the IT world really hasn't moved on much. What I mean is, we are still crafting a lot of systems, carefully carving out individual solutions to solved problems. We are (re)inventing various abstractions, which is nice, but the libraries and tools are over-complicated, badly documented, etc etc. This is, no doubt a function of my own lack of familiarity, but then this is the very point I am making.

For example, security of applications/API's. This is an entirely solved problem, and indeed standard solutions are available, but they have the same problems they always did, specifically they deal in authentication and authorisation of functions, not data. Furthermore, the obvious approach, which is a a nested authentication gateway at every service boundary (as distinct from just the edge of the entire system), is not implemented in a simple or obvious way. Add in federation, and the vicious complexity and risks around security, I would expect a standard black-box, OWASP/PCI/blah compliant, certified good architecture to be available.

Maybe it is, and I've missed it.

So, I'm going to start by looking at AWS Cognito, and trying to extend it to the "micro-services" world, particularly the idea that applications need to be self-sufficient to some degree rather than relying purely on boundary security. Maybe later I'll broaden this to data handling in micro-services generally (TL;DR; it is not well described).

Then there is message oriented approaches and why they rule, and therefore, why http does not. Even Netflix is getting this now. Which brings us to SOAP versus JSON, and why, after 15 years or so, I'm looking for something better than either.

Blog entries should be short and often. Any tips from the wider internet world are welcome.

Oh, and anyone wanting to give me a job, get in touch, I'm available!