srinip

SATURN 2012 Conference

noreply@blogger.com (srinip) — Mon, 19 Mar 2012 03:04:00 +0000

I will be speaking at the upcoming SATURN 2012 Conference on the security and risk management topic. My session titled Establishing Enterprise Security and Risk Management Program in an Agile Software Development Organization, is about a security-management program that can be used to build security and risk management aspects into agile software product-development life cycle.

I will discuss various process touchpoints at all levels of agile projects (feature, sprint, release, project, and product levels). I will also talk about security-architecture assessments that can assist the software architects, to perform risk assessment of new software products and services.

We will also look at some security-architecture framework components like security architecture, design, governance, standards, identity and access management (IAM), system and information integrity, and security-information event management (SIEM).

If you are interested in attending the conference, you can register at the following link:

http://www.sei.cmu.edu/saturn/2012/registration.cfm

I have spoken at SATURN conference in the past and looking forward to attending it this year. It's one of my favorite conferences that I look forward to attending every year.

My Session at Upcoming ProjectWorld 2011 Conference

noreply@blogger.com (srinip) — Tue, 11 Oct 2011 02:15:00 +0000

I will be speaking at ProjectWorld 2011 Conference next month in Orlando in November. The title of my session is:

Establishing Enterprise Security and Risk Management Program in an Agile Software Development Organization

Session Summary Details:

In this session, I will discuss the details of a security program we established to build security risk aspects into all phases of Agile Development process. As part of this new program, we defined an agile, iterative, and repeatable security architecture process that includes touch-points with development process at all levels of the agile projects (Feature, Sprint, Release, Project and Product levels).

Key Takeaways:

How the Enterprise Security and Risk Management Program works and its touch-points with other processes in the organization such as Product Lifecycle, Software Development Lifecycle (SDLC).
Several Process Flow Diagrams to help learn and use the product risk management program elements and process activity details.
Templates for assessing Product Risk Profile, Security Risk Assessment, Security Review and Sign-off.
Agile Security Architecture Assessment Excel spreadsheet template that the attendees can use in their own projects right away.

The conference event also includes other sessions like Agile Summit, Advanced PMO Summit, and back by popular demand is the YOUR SPACE 2011.

Twitter Hashtag: #PWWCBA

If you are interested attending this excellent project leadership conference event, you can do so at the registration page.

Contact me for the speaker discount to save on the registration.

JavaOne 2011 Conference Last Week

noreply@blogger.com (srinip) — Tue, 11 Oct 2011 02:09:00 +0000

I attended and spoke at JavaOne 2011 Conference last week. This is my second time attending JavaOne as a speaker. My session was on "Securing Enterprise Java Applications on GlassFish and OpenMQ Servers".

This year's JavaOne theme was to "Move Java Forward". There were lot of interesting announcements made in Java ME, SE, and EE Platforms with JEE future road map with more focus on the support for Cloud Computing and Multi-tenant Applications.

I wrote about the strategy keynote given at the conference on Tuesday.

I am looking forward to next year's conference.

AppSec USA 2011 Conference - My talk on Messaging Security

noreply@blogger.com (srinip) — Wed, 31 Aug 2011 02:49:00 +0000

I will be speaking at AppSec USA 2011 Conference next month in Minneapolis. The title of my session is:

Messaging Security using GlassFish 3.1 and Open Message Queue

GlassFish application server version 3.1 and Open Message Queue container offer excellent messaging security features. My talk will include discussion on how to enable and configure security for various components in the messaging architecture. This includes Authentication and Authorization for controlling access to the message broker components as well as how to implement message level security using encryption techniques.

I will also discuss the monitoring aspect and how we can use JMX API to monitor and manage various messaging resources such as the Broker, Services, Connections, Destinations, Producers, Consumers and Messages. I will demonstrate all the security features using a sample Java EE application running on GlassFish 3.1 and Open MQ.

They also have a Charity 5K/10K Run being organized as part of the conference events which I will most probably participate.

If you are interested in attending, here is the link to register for the conference:
http://www.appsecusa.org/attend.html

NoSQL Now 2011 Conference in San Jose Last Week

noreply@blogger.com (srinip) — Sun, 28 Aug 2011 20:19:00 +0000

I attended the NoSQL Now 2011 Conference in San Jose last week. It was a great experience to meet others who are currently working on or exploring the option of using a NoSQL database in their organizations.

Conference site (San Jose Convention Center) was a great location. The conference session snapshot on computer monitors to show what all sessions are scheduled at a specific time was very helpful. I could look at all the session summaries at the same time and decide which one to attend. The conference mobile app (Guidebook) was also very helpful in checking the conference session schedule, details and slide deck from anywhere at the conference. Attendees getting access to the presentations before hand is a great idea.

I gave a talk on NoSQL Security topic and it was a good discussion and well received by the attendees. NoSQL databases like MongoDB, Cassandra, and Neo4J (which are the NoSQL databases I covered in my session) have decent application security support (authentication, authorization, encryption) but there is still room for improvement in this area. For example, record/entry level data encryption, role based access control (RBAC) can be better than what's there right now.

Overall, NoSQL Now was a great learning event and an excellent forum to meet and network others who are working in the same space. Thanks to Tony, Nerrisa and his team from Wilshire Conferences group and Dan McCreary for organizing the conference. Can't wait for the next year's conference.

NoSQL Now 2011 Conference - My Session: Security Considerations in NoSQL Data Access

noreply@blogger.com (srinip) — Tue, 16 Aug 2011 23:08:00 +0000

I will be speaking at NoSQL Now 2011 Conference next week. My title of my session is:

Security Considerations in NoSQL Data Access

The NoSQL DB's have been getting lot of attention lately and there hasn't been much discussion on the security of the applications accessing these non relational databases.

The main focus of my talk will be to give an overview of the current state of security support by the leading NoSQL DB vendors like MongoDB, Neo4J, Cassandra, and CouchDB. I will also discuss the emerging trends, tools and techniques, and best practices in the NoSQL Data Security space.

It's great to see an entire conference focusing on one of the emerging trends in software application development area such as the NoSQL Databases.

If you are interested in attending the conference, you can register for it at the following link:

http://nosql2011.wilshireconferences.com/reg.cfm

Training Class on Enterprise Java Application Development using Spring and Hibernate

noreply@blogger.com (srinip) — Tue, 01 Mar 2011 06:17:00 +0000

I am organizing a free training class in the Austin area on "Enterprise Java Development Using Spring and Hibernate Frameworks". If you live in the area and are interested in attending this class, here is the registration link:

http://enterprise-java-spring.eventbrite.com/

Training Class Details:

Title:
Training: Enterprise Java Application Development using Spring and Hibernate

Session Format: Tutorial
Date: March 12, 2011 (Saturday)
Time: 9 AM to 1 PM
Duration: 4 hours
Target Audience: Java/Java EE Developers and Solution Architects
Session Type: Introductory (Note: If you are already familiar with Spring and Hibernate frameworks, feel free to skip this class and sign-up for the next session where I will cover the advanced topics in Spring.)

Location: IASA Global Headquarters

Address:
11044 Research Blvd.
Suite B-400
Austin, TX 78759

Abstract:
Since its first release back in 2004, Spring Framework has become a popular choice for developing enterprise applications. At the core, Spring supports Dependency Injection (DI), Aspect-oriented Programming (AOP), and enterprise service abstraction. After a brief overview of design concepts like DI and AOP, this tutorial focuses on the last part - enterprise service abstraction that helps the Java developers to integrate their applications with many widely used technologies.

In this tutorial, we will build a web application based on the widely used application architecture layers (Database, Data Access, Domain, Service, Controller, and Presentation), add persistence (using JPA and Hibernate 3) in the DA layer and transaction management (using Spring Transaction Management) in the Service layer. We will add the application security (authentication & role based authorization) to the application using Spring Security.

Tutorial Outline (with estimated coverage time in minutes):
- Introduction (15)
- Example Web Application Setup Details (15)
- Spring Lightweight Container Architecture, including Inversion of Control (IoC) (15)
- Pragmatic AOP (15)
- Agile, domain-driven design techniques with Spring (15)
- Unit testing in isolation (15)
- System integration testing support (15)
- Persistence (using JDBC and JPA/Hibernate options) (30)
- Declarative transaction management (30)
- Validation (15)
- Spring Security (Authentication & Authorization) (15)

Key Takeaways:
You will leave with the practical knowledge of using Spring and Hibernate in developing enterprise Java web applications.

Pre-Requisites:
- Working knowledge of Java/JavaEE technologies
- Familiarity with development tools like Eclipse IDE, Maven, and JUnit.
- Bring your laptops to this tutorial as it will be a hands-on workshop and come ready to code.

JavaOne 2010 Presentation: Application Security Enhancements in Java EE 6

noreply@blogger.com (srinip) — Tue, 21 Sep 2010 17:21:00 +0000

I spoke at JavaOne 2010 conference yesterday on the topic of Application Security Enhancements in Java EE 6.

Java EE 6, released earlier this year, includes several significant enhancements especially in the areas of annotation based authentication and authorization in the web tier. So, if you are developing lightweight web applications where you don't want to use EJB components for the application security requirements, you now have a choice of implementing the authentication (declaratively or programmatically) and authorization aspects in the Controller classes (Servlets).

Session abstract:
Java EE 6 includes some interesting security enhancements in the areas of Web container security as well as authentication and authorization aspects in Web application development. This session will give an overview of these new security features and discuss the details of how to use them, with help of a sample Java application, in real-world enterprise Java applications. The discussion will include how developers can take advantage of programmatic and declarative (@ServletSecurity, @DeclareRoles) security features. It will also include a discussion on Java EE security technologies such as Java Authentication Service Provider Interface for Containers (JSR 196) and Java Authorization Contract for Containers (JSR 115).

I did couple of demo's on how to use the new security features. This is my first time attending JavaOne conference as a speaker and it's been a great experience so far.

I also wrote on InfoQ website about the new security features provided by Java EE 6 release.

If you have been using other security frameworks like Spring Security, Java EE 6 is definitely you should look at. While there are some differences in what Spring Security 3 framework offers in terms of role based access, EL based authorization etc, the new web-tier security features in Java EE 6 make it easier to implement the security aspects without coupling the security logic with application or business logic.

SATURN 2010 Conference

noreply@blogger.com (srinip) — Mon, 19 Apr 2010 02:56:00 +0000

I will be speaking at the upcoming SATURN 2010 conference next month. My presentation title is "Agile Architect - Integrating Enterprise Architecture into Agile and Lean Software Development". I will discuss an agile architecture framework on how to integrate the architecture concerns into the Agile Software Development environments.

The discussion includes various organizational, team structure, and process changes we implemented to make Enterprise Architecture (EA) efforts an integral part of the software development and management processes. Some of these changes include "Architecture and Security Assessment" and "SOA Assessment" in those projects that have the architecture significance and potential for creating reusable Components and Services.

The other techniques we implemented to make architecture and design aspects blend with the Development, Unit Testing and Continuous Integration (CI) steps in the Agile Software Development Lifecycle (SDLC) are Domain-Driven Design (DDD), Model Driven Software Development (MDSD), and Automated Policy Enforcement. I will talk about these techniques in detail in the presentation.

SATURN is a great conference to attend. I attended the last year's conference which had speakers like John Zachman and Rebecca Wirfs-Brock give keynote presentations. There were several real-world project based presentations which is one of the things I look for in any conference. There were also very interesting BOF sessions on topics like Architecture Validation.

If you are currently working or looking to learn architecture skills to get into the Architecture area, checkout the SATURN 2010 conference and if you are interested register for the conference.

ITARC Denver 2010 Conference

noreply@blogger.com (srinip) — Tue, 13 Apr 2010 02:10:00 +0000

I will be speaking at the upcoming ITARC conference in Denver. The title of my presentation is "Agile Architect: Integrating Enterprise Architecture into Agile and Lean Software Development".

In the presentation, I will discuss the details of an Agile Architecture framework we introduced in our projects to make Enterprise Architecture efforts an integral part of the software development and management processes. The discussion includes the changes we had to make in terms of Teams, Process, and Tools & Technologies. I will talk about the process changes we made to include new steps like Architecture and SOA Assessments in those projects that have the architecture significance and potential for creating reusable Components and Services.

I will also discuss other techniques to make architecture and design aspects blend with the Development, Unit Testing and Continuous Integration (CI) steps in the Agile Software Development Lifecycle (SDLC). These techniques include Domain-Driven Design (DDD), Model Driven Software Development (MDSD), and Automated Policy Enforcement.

If you are currently working on or looking to learn the architecture skills to get into Architecture space, check it out the speaker line-up and if you are interested in attending, register for the conference.

OSGI In Action Book

noreply@blogger.com (srinip) — Mon, 12 Apr 2010 03:10:00 +0000

Java language provides the modularity when designing and coding applications using the Object Oriented Design and Programming concepts. But it doesn't provide a mechanism to take the Java code designed and developed using modular concepts (OOP) to deploy in a modular fashion. This is where OSGi technology comes into picture. You can organize the Java classes using the packaging structure and the scope of the classes to control the visibility of a class to other classes, but when it comes to deploying the applications, you have to package them in a monolithic WAR file or an EAR file which don't provide too much flexibility in controlling what classes and libraries (JAR files) that you want to bundle in the application archive files. This limitation has led to the JEE container vendors come up with proprietary implementations of addressing the modularity aspect (e.g. You can deploy an EAR file as a common library, instead of an application, in WebLogic server).

This is the main focus of the book OSGi in Action by authors Richard S. Hall, Karl Pauls, Stuart McCulloch, and David Savage. It's a good addition to OSGi resources and for the Java developers who are currently using or considering using OSGi technology in their applications.

The book starts with the discussion on what is modularity, Java's modularity limitations related to classpath and limited modular deployment support in Java model and explains how OSGi technology addresses these limitations.

The authors talk about the two parts of OSGi Platform:

OSGi framework (this is the run-time environment that provides OSGi functionality) and
OSGi standard services framework (which defines the reusable APIs for tasks such as Logging and Preferences).

They also discuss the three layers of OSGi specification:

Module Layer: This layer covers the packaging and sharing the code. It defines the OSGi module concept, called a Bundle, which is a JAR file with extra meta-data.
Lifecycle Layer: This layer provides the run-time module management and access to the underlying OSGi framework. It defines the bundle lifecycle operations like install, update, start, stop, and uninstall.
Service Layer: This layer covers the interaction and communication among modules, specifically the components contained in them.

The authors discuss the Bundles concept in OSGi, how to define them with metadata and the benefits of modularizing the program. These benefits include:

Logical boundary enforcement
Reuse improvement
Configuration verification
Version verification
Configuration flexibility

The event model support in OSGi is also covered.

OSGi Event Model
The OSGi framework supports two types of events:

BundleEvents (these events report any changes in the lifecycle of bundles) and
FrameworkEvents (these events report the changes in the framework).

The authors also talk about the OSGi design patterns such as Listener and Whiteboard and some OSGi anti-patterns in the areas of updating a bundle. Best practices in managing the versioning of packages and bundles, how to run multiple versions in the same JVM with the example of a Preferences service.

The discussion in the book includes a sample Java application (paint program). The application build and package examples use Ant as the build tool. It would have been nice if they used Maven tool which is what I use at work for building and packaging the Java applications.

There is also discussion on how to test the OSGi applications using mock objects approach when calling the OSGi APIs and container testing to discover any potential class loading or visibility issues. The OSGi test tools listed are OPS4J's Pax-Exam, Spring DM's test support, and Dynamic Java's DA-Testing.

Topics like debugging Java applications and embedding the OSGi framework in applications are also covered. Security, another important aspect in enterprise application deployment, is also covered in detail.

To put OSGi in perspective, the authors also talk about how OSGI relates to other technologies like Java Enterprise Edition, Jini, NetBeans Platform, Java Management Extensions, Lightweight containers (PicoContainer, Spring, and Apache Avalon), Java Business Integration (JBI), JSR's 277 (module system for Java) and 294 (Improved Modularity Support in the Java Programming Language), Service Component Architecture (SCA) and .NET technology.

Overall, this book is an excellent resource for Java developers of all levels of expertise in OSGi technology.

ITARC Austin 2010 Conference

noreply@blogger.com (srinip) — Tue, 02 Feb 2010 05:41:00 +0000

I will be speaking at the upcoming IT Architect Conference (ITARC) in Austin this week. My presentation sessions details are as follows:

Fundamentals Track:

Integrating Enterprise Architecture into Agile and Lean Software Development Environments
Security Architecture Policy Enforcement and EA Governance Using AspectJ and SpringAOP Techniques

It's a conference worth attending with a great line-up of speakers and sessions and the registration price is very affordable.

There are two keynote presentations.

Keynote: Gaining Operational Excellence and Agility Through Enterprise Architecture, Presented by Roy Hunter, Senior Director, Enterprise Architecture at Oracle
Afternoon Keynote: IT Complexity Crisis; Danger and Opportunity, Roger Sessions CTO, Object Watch

Check out the conference agenda for more details on other sessions. I am looking forward to the conference.

Austin Marathon 2010

noreply@blogger.com (srinip) — Sat, 30 Jan 2010 03:41:00 +0000

I will be participating in the half-marathon event at the upcoming Austin Marathon.

I have also signed-up for volunteering at the Expo Packet Pick-Up on the day before the race. I did the same for the Decker Challenge Marathon relay last month and it was lot of fun.

I am participating in the marathon as part of a group called Run For India (RFI) Austin Chapter which is part of A.I.D (Association for India Development), a charity organization. If you like to donate to this group, please use this link.

I am looking forward to the marathon.

Java EE 6 Features: Dependency Injection, Bean Validation and EJB Enhancements

noreply@blogger.com (srinip) — Sat, 12 Dec 2009 23:34:00 +0000

Java EE 6 was released on Thursday this week. I wrote about it on InfoQ website. The latest release is major in terms of breadth and depth of the new features included in the release.

Some of the main features in JEE6 include:

Dependency Injection
Bean Validation
EJB Enhancements
Servlet, JSF, and JSP Enhancements
JAX-RS API

Check out more details on the new release here.

Menlo Tour - How Agile Software Development is Done at Menlo

noreply@blogger.com (srinip) — Sun, 06 Sep 2009 20:35:00 +0000

Last month, I visited a software consulting company called Menlo Innovations located in Ann Arbor, Michigan. Menlo has been using Agile methodologies in their Software Development processes for last eight years. Menlo hosts the tours every month at their company office to show the visitors how they do agile software development.

James Goebel was our host at the meeting. It was a very good experience to see a team of teams doing the agile software development and how they have perfected an unique development process that works for them to be successful in their software development projects.

They use several eXtreme Programming (XP) development and testing techniques.

Here are some high-level details of their agile process:

Iteration Length = 1 week
High-Tech Anthropologists (HTA's) write the user stories working with the client and the project team. They write the stories through the eyes of the customers. User designs are also done by HTA's.
They use big white papers, charts, and tasks with color coded statuses to make the project progress visible to every one in the team w/o having to dig into several different project management software tools.
Their projects range from 1-day to 4-years in length and all different business domains in nature.
The Daily stand-up meeting is at 10 am every morning and every one in the building (all project teams, HTA's, QA team, clients, vendors if they happen to be in the office at that time) attend the meeting.
They review the story cards every day to monitor the progress and identify any roadblocks to complete their tasks. They follow the strict rule of, if there is no card on the board for a specific task, the project team must not work on that task. So, "No Card, No Work, No Money".
Their revenue model is based on the royalty and partnership based (on some projects) so they take the quality, customer satisfaction, and long-term health of their software products very seriously.
If a pair has to stop a particular task because of some dependencies or roadblocks, they put a red dot on that task indicating that the work has been stopped on that task, and start the work on a new task (with yellow dot on it showing that it's in progress).

Fail Fast:
They believe in the concept of make small mistakes faster and often. James gave us an example of how they managed a previous project in an iterative manner to successfully deliver what the customer needed out of the project. It was a small project with 1-day deadline. The first time they worked on the project, they worked on for the whole day and didn't finish it on time. Then they worked on the same project again in 1-day with great success, the only difference is this time they followed a eight 1-hour iterations rather than one 8-hr iteration. And on the second day, after 2 hours into the project, they found where they got stuck the previous time, and made the necessary adjustment (following the "Inspect and Adapt" philosophy we hear in the context of the Agile project management)

Color coded status tracking:
They use a color coding system to track the status of project tasks.

Red = Task Stopped
Yellow = In Progress
Green = Completed

Projects don't move, people do:
They have dedicated areas (basically a corner of one big office room) for each project where the project tasks, information reports and charts are displayed on the wall. Since the project status reports and other artifacts in a specific area, it's the team members who move to the project area when they need to work on a project, rather than the other way around.

Pair Programming:
Change the partners every week so the pairs don't get used to each other's poor development practices (for example, not writing unit tests).

Test Driven Development:
They religiously follow Test Driven Design/Development (TDD) philosophy.

Build is Broken - Uncommit Your Code:
If someone's code caused a unit test or the whole application build to fail after code check-in, the team has to either fix the build errors in a reasonable time or "Uncommit" the new code so the build will succeed and the other developers can move forward with testing their features on the Integration server.

Time Estimates:
Every one in the project team estimate all the tasks and the project lead uses the most common estimates (by taking away the lowest and highest time estimates). The time estimates range from 2 hours to 1 week (i.e. 2, 4, 8, 16, and 32 hours). If a task is estimated to be higher than 32 hours (e.g. 64 hours), those features have to be split into smaller tasks so they can fit in a single iteration.

They also use different sizes of the paper for tasks with different estimates, so they know how many tasks can fit in an iteration. For example, they use 8.5 x 11 paper size as the 32 hours. And the team can only have use one 8.5 x 11 sheet to fit the tasks for one iteration, meaning they can put one 32-hour tasks, or two 16-hour tasks, or one 16-hour and two 8-hour tasks, you get the point. This approach sounds very interesting and it works great if you think about it.

Every thing (estimations, development, unit testing, show & tell, and the delivery of CD) happens every week.

Show and Tell: For Customer, By Customer:
At the end of each iteration the project team creates two CD's of the working software and gives one CD to the QA team and another to the client. The QA team's job is to verify the health of the overall software package, not just test each feature in isolation.

And when it's the time to demonstrate the software created in an iteration, the team works with the client to install the software on the client's PC and let the customer show (demonstrate) the software product to the team.

They don't really use any software tools for the project management purposes. Other than Microsoft Excel to keep track of the time spent on tasks and the project, every thing else is done on a piece of paper. It was amazing to see how they are able to be agile without really using a tool for writing user stories and other tasks. This is the proof that the agile development teams should focus on the results and not the tools.

Other Observations:
Their software development process is created around the social constructs of the team. For the new prospective team members, they look for the ability to learn and team player skills.

James said that we should ask the following question to ensure that what we are working is going to add value to our company goals:

"How does your job impact the bottom line of your company?"

Conclusions:
They have been following the mantra: "Continue doing what works & Stop doing what doesn't work".

If I have to pick two things that Menlo teams seem to be following, they would be: "Team Collaboration" and "Collective Discipline".

James was an excellent host of the tour and he is also a great speaker. I learned a lot about how Agile Development Process works @ Menlo and apply some of the ideas in my projects.

Like said, it was a very good learning experience for me to be part of the tour and I encourage every one who lives in the southeast Michigan area to sign-up for the next tour which is actually the coming Wednesday.

Role of Code Generation in Java Application Development

noreply@blogger.com (srinip) — Sun, 06 Sep 2009 04:24:00 +0000

I recently wrote an article on InfoQ about the role of code generation in Java application development. There have been different tool vendors (Spring Roo, Skyway Builder Community Edition, and Blu Age's M2Spring) announcing Code Generation tools in the recent months, so I thought I would write a tool round-up type of article summarizing these tools.

Check out this Q&A article on InfoQ:

http://www.infoq.com/news/2009/09/codegen-java-development

JEE Web Development Framework Requirements Revisited

noreply@blogger.com (srinip) — Sun, 02 Aug 2009 22:02:00 +0000

There is an excellent blog post on choosing a web development framework/toolkit by Ilya Sterin. It captures very well most of the web app framework requirements and limitations we all face on a daily basis in our projects.

As mentioned in the write-up, most of the J2EE developers think, at one time or the other, about what features they really need from a web application framework and why there is no single framework that supports all those features.

If I have to pick top 5 features I look for in an ideal web application framework, they would be:

Isolation from the domain layer so presentation and domain layers can evolve independently w/o (adversely) impacting each other.
Simple and Easy Data binding between the Domain, Controller, and Presentation layers, so the developers don't have to write unnecessary and useless boiler plate code to convert the same data from a DO -> DTO -> Struts Action Form -> JSP/HMTL field to just select some data from a back-end data store anddisplay it on a web page.
Support for data validation that works in all the layers w/o any additional coding.
Support for AJAX functionality.
Controller class methods can be exposed as RESTful Web Services w/o lot of extra coding or configuration.

The presentation layer classes should also be unit testable w/o having to deploy the web application into a container.

Ilya talks about the persistence concern as well. Unless the web application in question is a simple data driven application that can use a solution like RoR or Grails, I am not sure if persistence is really a concern from the web application side. In an ideal architecture, presentation layer should never access the persistence layer directly. It should always go thru the domain layer for the retrieval and modification of the data stored in the back-end data store. So, if the domain model and its boundaries are well defined and implemented, I don't worry too much about the persistence concern when I look for a web application framework.

I have been using Spring MVC in the recent projects. It supports all the items listed above except for the AJAX support. But I read that Spring WebFlow framework (which includes Spring JavaScript and integration with Dojo) has AJAX support, so that's good news for the developers who are using Spring.

I am also eagerly waiting to start using Spring 3 framework which makes it even easier to expose controller class methods as REST web services and also has Expression Language (EL) support which is another nice feature to have when working in the MVC part of an enterprise application.

Architecture Enforcement and Governance Using Aspect-Oriented Programming

noreply@blogger.com (srinip) — Sun, 05 Jul 2009 22:26:00 +0000

I wrote an article in this month's NFJS magazine (June 2009 issue) on Architecture Enforcement and Governance Using Aspect-Oriented Programming.

The objective of this article is to give an overview of Reference Architecture (RA) and its significance in Enterprise Architecture space and how Aspects and Aspect-oriented Programming (AOP) can help enforce RA and manage Architecture Governance model.

I also discussed in the article, a sample Java application that uses several architecture rules to enforce good architectural and design practices such as Layered Architecture, Separation of Concerns, Domain-Driven Design etc.

The other articles published in the new issue are:

Introducing Drools 5 by Brian Sam-Bodden
Implementing "Web-2.0 Style" Popularity Filters by David Bock and Karen Gillison
Scala as Concise Java by Venkat Subramaniam

If you haven't attended NFJS software symposium or read the magazine before, check them out. The conference sessions are very practical oriented and just like the title says the focus is on the architecture, design, and development techniques that you can take back to your company and start using them right away in your projects.

SpringSource Tool Suite (STS) is a free tool now

noreply@blogger.com (srinip) — Sun, 05 Jul 2009 02:35:00 +0000

SpringSource has recently released their SpringSource Tool Suite (STS) IDE tool as a free version. If you are currently working on or planning on introducing Spring Framework in your projects, this is a very good development tool to use.

STS Project Main Page:
http://www.springsource.com/products/sts

I wrote a mini-article on InfoQ about the recent RC1 release of STS. Here is the link:
http://www.infoq.com/news/2009/07/springsource-tool-suite

Let me know if you have any feedback when you use this tool.

I will be speaking at ProjectWorld 2009 Conference

noreply@blogger.com (srinip) — Mon, 01 Jun 2009 05:00:00 +0000

I will be speaking at upcoming ProjectWorld 2009 conference in June (06/24-06/26) in Baltimore. My presentation topic is Agile Application Architecture Trends. The presentation is part of the "IT Innovation and Trends" track which is new for this conference.

Here is the session abstract of my presentation:

Architecture Trends - Where We Have Been, Where We Are Going

The presentation will include the discussion on emerging design techniques like Domain Driven Design (DDD), Custom Annotations, Dependency Injection (DI), Aspect-Oriented Programming (AOP), OSGi and Dynamic Languages. I will discuss some use cases where these techniques add value to the architecture and where they will be just an overkill. With upcoming releases of Spring 3.0, EJB 3.1, JPA 2.0 and Java EE 6, Java developer, not the product vendor, has once again become the core part of Software Development Process.

I want to focus on the emerging software architecture trends and how agile philosophy can drive architectural and design decisions in software development projects.

Some of the architecture trends I will be focusing in my presentation are:

Cloud Computing
Architecture Models (J2EE v. POJO)
Domain-Driven Design
Spring Portfolio
Model-Driven Development
OSGi
Innovations in the Database Layer
Software Product Lines

This will be my first trip to Washington DC/Baltimore area. I am looking forward to attending the conference which has excellent sessions and speaker line-up.

There is a 20% speaker discount off the conference standard rate for any one who registers on my behalf. Contact me if any one is interested in taking the advantage of the discount.

Adaptive Object Modeling - QCon Interview with Joseph Yoder

noreply@blogger.com (srinip) — Wed, 20 May 2009 03:00:00 +0000

I did a video interview with Joseph Yoder on an innovative architecture concept called "Adaptive Object Modeling" at QCon San Francisco conference last November. This interview is now live on InfoQ website.

The highlights from Joe's interview include:

What is Adaptive Object Modeling (AOM)
How it differs from a traditional object model.
Application domains where AOM can be used.
Role of UML in adaptive object modeling efforts.
Architecture and design validation of the adaptive object models.

Check out the video interview on InfoQ site.

InfoQ is offering online training classes on Cloud Computing, SOA and Agile Design topics

noreply@blogger.com (srinip) — Mon, 18 May 2009 01:01:00 +0000

InfoQ web site is offering virtual training classes on topics like Cloud Computing, SOA and Agile Design hosted by reputed speakers like John Davies, Jim Webber, and Rebecca Wirfs-Brock.

These classes are not free (each class is currently priced @ $65 for one-hour "Briefing Session" and $135 for a half-day "Training Session"). The first training session is next Wednesday (May 27).

This is a good opportunity for software developers and architects who want to learn new technologies by attending a live training class and at the same time not spend a fortune that they would otherwise spend in attending technology conferences in person.

For more details on the new virtual training program, check out this link:

http://www.infoq.com/news/2009/05/virtual-training

If any of you attend these classes, let me know what you think about the quality and if the price is worth the class. Also, if any one has other topics they would like to see online training classes, e-mail me with the topic names. I will pass along the feedback and suggestions to the training program organizers.

Architecture Enforcement Presentation at SEI Architecture (SATURN) 2009 Conference

noreply@blogger.com (srinip) — Sun, 17 May 2009 23:51:00 +0000

I attended the SEI Architecture Technology User Network (SATURN) 2009 Conference in Pittsburgh last week.

I gave a presentation at the conference on the topic Architecture Enforcement and Governance Using Aspects. I discussed an architecture enforcement framework I created to "inject" architecture rules and design policies into the application code as part of the Continuous Integration (CI) process using Aspects to enforce quality of the code.

This framework uses tools like Eclipse, AJDT and Maven to integrate policy enforcement into the agile development process to detect architecture deviations early and often and validates that the design and code are in compliance with the Reference Architecture (RA).

The response from the attendees was pretty good. There were questions on how to take the architecture enforcement back to the design documents like Class and Sequence Diagrams (UML) as well.

Overall, SATURN conference experience was excellent. This was my first time attending it. It was a good opportunity to learn more about the techniques and best practices in the areas of architecture evaluation, validation, and assessment.

Some of the highlights from the conference are:

Keynote presentation by John Zachman on "Architecture Is Architecture"
Rebecca Wirfs-Brock's keynote presentation on "Lessons Learned from Architecture Reviews"
Tutorial on "Pattern-Oriented Software Architecture: A Pattern Language for Distributed Computing" by Doug Schmidt
Tutorial: Integrating Architecture-Centric Methods into Object-Oriented Analysis and Design by Raghvinder Sangwan
Birds-Of-A-Feather (BoF) session on Architecture Competence facilitated by John Klein

For more details on the events from the conference, check out this conference blog site.

NFJS, The Magazine

noreply@blogger.com (srinip) — Mon, 13 Apr 2009 04:00:00 +0000

I recently attended New England Software Symposium in Boston. I spoke on Architecture Enforcement and Domain-Driven Development topics at the conference.

On the flight back to Detroit, I read the inaugural issue of NFJS magazine which is very interesting. It was full of technical information just like the NFJS conference, no fluff and a lot of technical stuff.

This issue has the following technical articles:

A Case For Continuous Integration by Jared Richardson (author of Career 2.0 book)
So you want to be Agile? by Venkat Subramaniam
Introduction to Functional Languages by Ken Sipe
Message Driven POJOs - Messaging Made Easy by Mark Richards

All are excellent articles and very informative with sample code explaining the concepts.

With the new magazine, Jay Zimmerman, Andrew Glover (Editor of the magazine) and NFJS team have done an excellent contribution to Java and Agile development communities.

SATURN 2009 Conference Presentation

noreply@blogger.com (srinip) — Sun, 05 Apr 2009 23:43:00 +0000

I will be speaking at the upcoming SATURN 2009 conference organized by Sofware Engineering Institute (SEI) of Carnegie Mellon University (CMU). The conference starts on 4th and ends on 7th of May.

Here is a statement from their website that describes the main theme behind this year's conference:

SATURN 2009 is expanding to cover architecture ranging from enterprise to system and software architectures. To reflect this expansion, the theme of the SATURN 2009 Conference is “architecture at all scales.”'

My presentation will be on Architecture Governance and Enforcement using Aspects which is based on my recent work on using Aspect-Oriented Programming (AOP) techniques to enforce the architecture and design policies in J2EE applications.

I have done the same presentation at ITARC Conference in Atlanta back in February and again at New England Software Symposium in Boston last month. The response and feedback from the attendees was excellent. Architecture Policy Enforcement is definitely a very promising application of Aspects and AOP in enterprise software applications.

I am looking forward to speaking at SATURN conference and meeting other architects from different backgrounds and experiences.