SOA 2.0 Ignorance: http://markclittle.blogspot.com/2006/05/soa-20-ignorance.html
What are they smoking and where can I buy some: http://www.mac-kenzie.net/blog/2006/05/24/soa-20-what-are-they-smoking/
SOA 2.0 - stop the madness: http://www.mwdadvisors.com/blog/2006/05/soa-20-stop-madness.html
OH NO - SOA 2.0: http://jroller.com/page/dancres?entry=oh_no_soa_2_0
http://sw.deri.org/~juan/weblog/?p=242
http://mult.ifario.us/articles/2006/05/24/soa-2-0-mud-in-the-mud-puddle h
http://www.thedatafarm.com/blog/PermaLink.aspx?guid=cfb38e60-5c9c-4670-8c36-ae36f114e075
IT folks out of control: http://voelterblog.blogspot.com/2006/05/it-folks-out-of-control.html
http://data-entry-business.blograzor.com/52352/
I can only summarize the term "SOA 2.0" like this - "The fan just got hit big time"!
I cannot believe this is happening. I met up with Mark Little at Java One and he told me some people are actually starting to talk about "SOA 2.0". The German language has the only words for this - "einfach unglaublich". Roughly translated it means "utterly unbelievable".
Now Mark is a very smart guy - I work with him on many Web Services standards bodies where he provides great value. I have never seen him get really upset about anything before I saw this blog entry. This should be a testament to how absurd the concept of SOA 2.0 is.
As Mark correctly points out, you cannot take some half baked marketing term and milk it for another few miles by sticking a version number at the end of it. This appears to be nothing more than a scam to keep people coming back for more information. People - they are making it up!!! You are being lead down the wrong path. I can see it in my head:
Analyst: "SOA is the answer to anything. Even if you don't know the question. Too bad I can't tell you what it is exactly but if you listen to me, maybe you can do it someday."
Customer: "Actually, I think I figured it out. It is a model for software architecture."
Analyst: (Thinks silently - "Dang - they're on to me. What should I do??")
Analyst: " Very well, I think now you are ready for SOA 2.0".
Please note I am not just picking on analysts - they are just the easiest target in this case
On Mark's blog, he notes that Steve says Web 2.0 it is a mix of EDA and SOA. Bullocks! All SOA is event driven. How can you have a service that does something if there is no notion of an event (trigger) in the architecture? I suppose if you just built it and it sat there doing absolutely nothing but even then it would be event driven since doing nothing is what it should do in the absence of any events. Can anyone provide an example of SOA that is NOT event driven?
A group of people (over 200 members and observers to be precise) got together out of disgust for lack of clarity around SOA and put together a Reference Model to clarify what is meant by the term. Being largely end users, they asked all the right questions. If SOA is architecture, as the name implies, how do we express it as architecture or some architectural artifact? How is it different from other interface based designs? Does it have a right to exist as a term (*read - does it have any substance or is it pure marketing hype)?
These people wrote a Reference Model which defines an architectural paradigm for organizing and using resources under different domains. The Reference Model is not architecture per se, it merely notes the main concepts, at a completely abstract level, for the entities which consistently appear within service oriented domains.
SOA Definitions - There's enough for one per person.
Given the current Wikipedia definition and the OASIS Reference Model for SOA, it appears that SOA is something we all have probably been doing for a long time. Even Starbucks implements the OASIS Model. Service provides for their Services (they provide caffienated beverages to customers) use visibility (signs, advertising) to let others know the services are available. There is an interaction model (money for coffee) that uses a behavior model (pay first, coffee later) to provide the service. There is a service description (like WSDL for customers) and a fabric they attach to to allow service consumers to interact with the service. WS-* is the same. This really makes me wonder when I see quotes stating things like "over 60% of all companies hope to be doing SOA by 2007". Even some smart IBM'ers have been skeptical of peoples claims to be "doing SOA". Given they also have at least established a metric for SOA, they are IMO entitled to talk about it. For someone who starts this sort of a conversation without using a *useful and measure-able" definition of SOA is, cannot be held in high esteem.
The OASIS Reference Model for SOA does not purport to be the one and only true definition of SOA. It is simply a model that is a stick in the mud (or FUD in this case). Even if you do not agree with it, it represents a non-proprietary definition which you can use as a point of reference to state where your definition differs. Someone can easily state "When I say SOA, I differ from the OASIS Reference Model in the following ways..... [insert your POV here]".
Summary
Mark is a smart guy, beware of people selling anything undefined with a 2.0 extension and if your "doing SOA", be careful and don't forget to use Starbucks products.
In general, if you do not want someone other than the intended recipient to view a PDF, you should encrypt it. By default, the encryption level for compatibility with Acrobat 5.0 and later is 128bit RC4. Encryptinng the contents of a PDF with a strong key results in a situation where there is no way gmail or any other application can crack it open by brute force. The PDF is turned into cipher text that is completely incomprehensible to anyone without the key to open it. I am so certain of this that I will provide $500 USD to the first person who can open this document within one year.
A person encrypting a PDF document has several options. First, you can determine the compatibility for earlier versions of Acrobat (5 , 6) or jump straight to Acrobat 7.0 and higher. If you select to encrypt it for Acrobat 7, the default level encryption method is AES, much harder (read = impossible) to crack using brute force.
You can also opt to encrypt all the document contents, or leave the metadata unencrypted. This is useful should you want to be able to have the document searchable in real time based on the metadata. Note the lower section of the screenshot above - by default, the box is checked to allow text access to the document. If you leave this selected, some PDF applications can access the text. If you don't want this, please de-select this option. After setting all of the options and pressing next, you will still be given a generic warning that certain non-Adobe products might not enforce this document's policies. Note that if you do not select "require a password to open the document", the usefulness of encrypting it is moot. Others will still not be able to copy the document by using the text copy tool or Control-C, but other means can be employed.
To summarize so far, Acrobat has DRM capabilities to limit the following interactions with documents
A person must comprehend the frame and scope of the intended use of each of these and their built in restrictions. PDF's are like music - if you can render it once, it is possible to capture it and render it again. Even if we figured out a way to prevent all third party screen scraping software from capturing what you see on a computer screen, someone who both has access to the document for a single view AND intent to distribute it further can simply take adigital photo of their computer screen to circumvent all of these. There is simply no way to stop someone who is intent on doing this using 1-6 above.
Another methodology is available to place a dynamic watermark on the page, perhaps stating the users name and address in bold gray text across the document. This too can be defeated if one took a screen shot of the document and used a great tool like
So how can you protect a PDF? If you really want to make it secure and also track the users interaction with it, you would be wise to use Adobe Policy Server. The policy server uses a model of persistent DRM that follows the document everywhere it goes. If you feel the document is out of control and you want to stop it, you can simply "destroy" the document which will cause it to fail to un-encrypt itself when someone opens it. Is there a way around that? Sure - sneak into the office of the person who made the policy, install a tiny pinhole camera near their desk and capture their authentication.
See what I am getting at, no matter what you do, there is a way around it if someone is really intent. The easier method is "social engineering" rather than brute force.
So here is a challenge. Take this document here (link to APS protected document) and try to render it with gmail (or any other method). I will pay $500 USD to the first person who can show me the un-encrypted content of this document within one year of this.
How I would do it? I would probably try to lure myself into providing a password to a site that offered me some form of membership and hope that I was rather lazy and used the same password for this document. D'oh!! Not gonna work - I typed a random phrase of about 13 characters to encrypt this using AES.
Good luck!
With your bare hands?!?