There is a common topic that many of you ask me about and it’s about how to implement security with the TIBCO BW processes. I explained in different post how to implement a basic security policy using the capabilities that the TIBCO BW tool gives us to do that kind of task. You can rembember these posts: Applying Security in Web Service with TIBCO BW and Invoking a Secured Web Service from TIBCO BW
But, that’s a not good practice to an overall architecture and that’s because if you are doing this kind of task you are linking the “life” of the security policy with the “life” of your developments, and that’s not correct. But, let to dig a little more about that philosophical debate.
Supose that you are in charge of the integration layer in your company, in charge of every TIBCO BW development your company has to do. Will you be in charge to define the security policy of your company as well? Probably not, it is not possible that you could have these two areas at once because the security policies has a more scope than the integration or EAI layer, and if is this is true, Why are linking these two concepts? Continue reading