JBoss baseline configuration and others
I'm procrastinating from preparing a powerpoint deck to present some SOA principles to a group of consultants that my sub-contracting client employs. So I noticed that I haven't updated my blog in quite a while.
The real reason behind this is that I don't really interact with Java that much from a day to day basis. But I did recently work with a group that is trying to get JBoss approved at a US federal government agency. This is more difficult than it sounds as it involves security audits and extra attention because of JBoss' open source status
Since the EA group advises new products accepted in the enterprise and we think OSS is beneficial to the enterprise we worked with the IT group to prepare JBoss for acceptance. This involved creating a baseline configuration document that could be used for the security evaluations. Interestingly, this isn't required for app servers from IBM and BEA, but that's life. JBoss went ahead and prepared the document that we could reuse internally. Again, interestingly, JBoss does not have such a document published on their web site. It would be very useful if they worked with a federal agency to certify JBoss much like RedHat has done with its Linux distro.
After the baseline configuration came some practical testing. Using encryption to prevent any clear text userids and passwords. This required some code changes as JBoss doesn't natively support this out of the box. But because of JBoss' open source, the changes were pretty easy to make. This time, I didn't make the changes, but a pretty knowledegable Java guy did all the heavy lifting. Each app server addresses encrypted passwords a little differently, I would like to see the JCP address this so a standard approach could be used to prevent the storage of cleartext. I've also seen this work in public corps who are bound by Sarbanes-Oxley. Again, it is possible for each app server, but I'd like to be able to do something JCP standard in my distribution ear.
Other sideline news: I've started making lists with docs.google.com. It's not perfect yet, but useful for the basic functionality list making that I started out using MS Works/Excel with. I've added some lists to my site template: magazines subscribed to, future blog posts. Email comments if necessary.
More sideline news: iPhone looks cool, I may hold off buying a Blackjack. I'm searching out for useful handhelds as I think the blackberry is an aesthetic nightmare and BBB does not seem like the lifestyle for me.