- Precise, high quality requirements based on strong user involvement
- A motivated and skilled team with the ability to learn constantly
- Flexible and realistic project management
- An open and innovative environment which understands the fact that software development is a heuristic process and which accepts failure
Tuesday, November 24, 2009
Success criterions for development projects
Saturday, October 31, 2009
Security Architecture – an approach to outline a framework
- Security Infrastructure [ Communication and Network Security, Perimeter Security, …]
- System Security Services [ Access Control, Identity Management, Credential Management, Audit, Backup and Recovery, …]
- Application Security [ Operation Systems, Databases, Web and Application Server, SaaS, Enterprise Applications, Collaboration, and Messaging, … ]
- Service Security [ System Maintenance, System Operation, Change Management, Incident Management, Event Management and Forensics, …]
- Security Management [ Policies and Roles, Risk Management, Training and Awareness, … ]
Saturday, October 24, 2009
Quality of Non-Functional Requirements
As already outlined, non-functional requirements are a crucial success criterion in distributed systems (and in software development in general). These requirements need to be prioritized in order to focus on the main use-cases of the system. Beside prioritization, using a clear syntax is important as well because non-functional requirements tend to be fuzzy. This limits the acceptance during development. Like their functional siblings, non-functional requirements should adhere to the following criterions as well:
- Clear and non-ambiguous
- Described by using simple and consistent terminology which is well-known by all stakeholders
- Testable at the end of the day in order to achieve a measurable outcome
- Traceable from the beginning until the end (architecture, design, implementation, test, roll-out)
- Technical feasible considering the tools and systems that are part of development and deployment scenario
- Realistic in realization which depends on the planning horizon, the skill-set and location(s) of the team, the infrastructure and the development environment
Ideally, a designated requirement manager and a software architect are the perfect team members to make this happen. All stakeholders should agree on this proceeding in the beginning and are asked to monitor the adherence over the whole lifetime. “Lessons learned” are a good approach to refine this process. Good and bad examples should be used to tune a successful requirement management to perfection.
Friday, October 23, 2009
Defeating OCSP – is it that ez?
Friday, August 21, 2009
More on Software Architecture – Architectural Styles
Tuesday, August 04, 2009
Software based Transactional Memory
Friday, July 24, 2009
Security in the scope of Software Architecture
- Secure Components
- Secure Infrastructure and Services
- Secure Execution Environment
- Secure Network Environment (zones, compartments, sandboxes)
- End-to-End Security (supported by services like identity, authentication, authorization, auditing)
- Secure Operation (Logging, Import/Export, Backup/Restore) and Security Appliances
The approach addresses common security paradigms like “Layered Defense”, “Security in Depth” as well as general design objectives (modularity, consistency, extensibility, robustness). These building blocks are the foundation for a security architecture where security controls can be applied. Just to drill a little bit down. Secure components can be characterized as in the following:
Design and composition of components are essential steps to meet the requirement for a sustainable architecture. Components must be secured in accordance with recommended practices. Design and implementation must adhere to security principles, design patterns and coding rules. They must be configured according to the security policies of the organization. Remember the weakest link paradigm; one weak component could compromise the security of the whole architecture. Components that expose interfaces to the “outside world”, like user or communication interfaces are especially under attack or even the entry point for an intruder. This must be considered when specifying, designing and developing these entities. And, interfaces must be well-defined to support an integrative approach in order to achieve end-to-end security. The overall security requirements for the component design should be derived from general security objectives such confidentiality, integrity, availability, and accountability.
Wednesday, July 22, 2009
Software Architecture and Requirement Management…
- Customers (FR)
- Existing Platforms, Mainline (FR), (NFR)
- General Market Requirements (NFR)
- Standards and Regulations (FR)
- Best Practice and Patterns (NFR)
- Quality Attributes, preferably prioritized, utility trees are recommended (NFR)
As a result, the “Architecture Specification” should reflect all requirements as well as their importance and emphasis in the project. Any mismatch (or even missing requirement) can be detected in the scope of a review or even a architecture test. This is good news because it avoids very expensive changes in later steps of the software development process.
Tuesday, July 21, 2009
Software Architecture (is alive and kicking)
Software Architecture is the highest level in the area of software development (but it is not superficial or shallow, not at all). Software Architecture is the foundation for all the other more detailed development steps that will follow in the life cycle of a system. Because of its early position in this process, Software Architecture is an important success criterion. And because of this fact, it should be tested, at least by a very detailed review. In order to be testable, Software Architecture must be documented, preferable in a single document called the “Architecture Specification” based on well-defined views. Diagrams and figures are mandatory. The quality of the Software Architecture affects the quality of the whole system in creation predominantly. A well documented and widely teached Software Architecture is a perfect guidance for the development team. Project management needs it to make parallel development on components happen. It is highly recommended to communicate the Software Architecture to all other relevant stakeholders: Customers, 3rd Parties, Marketing, Operations & Services, and Test Teams. More is about to come …
Tuesday, June 30, 2009
Firefox 3.5 is just around the corner
- HTML 5.0 support - which includes offline data storages & access (I got still my security concerns.), video and audio support which makes plug-ins obsolete (sure, it needs the supported format/codecs) and other features
- A new JavaScript Engine – which is one reason for the significant increase in performance
- Privacy Support – it helps to limit the data you leave behind when browsing around; the private browsing mode allows this (no cookies, no history, no caching, no auto-filled stuff)
- Enhanced Search Capabilities – added to the existing URL bar capabilities that are manifold and fast
- Geo-awareness – web apps that need this information can fetch the data from Firefox 3.5 (sure, this needs your okay to do so)
- Many other changes and enhancements that make browsing the web more fu
If you like Firefox, go ahead and upgrade to version 3.5. The new version should be available by the end of the day.
Wednesday, May 20, 2009
Rock meets Search Engine
Tuesday, April 28, 2009
Identity is king
Sunday, April 19, 2009
Folks, it's the spring!
Friday, April 17, 2009
Software Architecture and balancing stakeholder needs
Wednesday, April 01, 2009
Computer Security in the scope Web 2.0
Thursday, March 19, 2009
Waiting for my Netbook
Silverlight 3 at Mix09 / Las Vegas
Thursday, March 12, 2009
More testing tools for parallelization
Wednesday, March 11, 2009
What's on my reading list?
- the Long Tail by Chris Anderson
... recommende for all people interested in the new economy and e-commerce - Outliers by Malcolm Gladwell
... its about genius - Das Scheekind by Nicholas Vanier
... a musher travels BC and Alaska with his wife and a baby - Mechanics of User Identification and Authentication, by Dobromir Todorov
.. it's for geeks
Friday, March 06, 2009
Offline-Web Applications & Security
Thursday, February 19, 2009
(These Days) Development Skills
Monday, February 16, 2009
Security in Cloud Computing (Distributed Systems)
Computer security got a couple of basic pillars; Identity Management is one of them. In the new realm of cloud computing, this comes along with authentication and authorization in distributed systems. SAML (the SAML 2.0 protocol) and OpenID are more or less standards to support the implementation, also in terms of interoperability. Big vendor’s cloud architectures (just see the Geneva project as an example) do support these standards. This is not just a good approach in terms of interoperability; it also leads to a better understanding and visibility regarding the underlying implementation and infrastructure which probably leads to more trust and better acceptance.
Sunday, February 15, 2009
New Pics on Panoramio
Saturday, January 10, 2009
Thursday, January 08, 2009
My technical wish-list for 2009
- A better support for effective parallel programming, also with a more implicit approach
- New solutions to interact with smart devices (cell phones) to overcome tiny keyboards and cumbersome handling
- A synthesis of a Handheld-GPS and a simple mobile phone to reduce the number of devices in the outdoors (let’s call it a rugged GPS-Phone)
- Cool applications (and gadgets) making use of the so-called “cloud computing”
- GPS and RFID in much more tools and gadgets (cameras, mobile phones, bikes…) with the option to switch it off anytime
- Location Based Services (ez to use, respecting privacy, useful) with real benefits for the user
- NetBooks for all known OS platforms
- Home automation for mainstream households; many use cases are conceivable and could help saving energy, this would give the buzzword “Green IT” a very new meaning
- More awareness of security and privacy issues in a connected world which leads to new options to protect digital information, assets, and people’s privacy
- E-books based on gadgets and applications that create a new reading experience; don’t get me wrong, I will always stick to real books made of paper but I see E-books as a interesting alternative beyond the advantage to carry a lot of books wedged in a handy device when travelling
- A new album from my favorite band TOOL
- Anything to add? Feel free to comment.