As mentionned in my previous entry I was in court in Luxembourg. During the proceedings, one of the thing that caught my (and a few other people’s) attention the most was John Shewchuk’s mention of a “Blue Bubble” as part of his explanations to the court.
The story goes something like this:
When information technologies evolved to support distributed architectures; it became possible to have different systems work together to perform more complex tasks by combining their resources over a network. Services based architecture are an evolution of this basic idea, making it possible to have software services that perform specific functions available on the network.
Now, for redundancy reasons or to distribute the load (or numerous other reasons) one can imagine that a single service performing a function may not be sufficient and you may need several services performing the function together. One can also imagine that you could draw an imaginary line around these services performing the same function and consider them part of this virtual bubble filled with services that perform the same function. Let’s call this the “Blue Bubble”.
In order for the blue bubble to behave consistently in the same manner, and for all services within sed bubble to behave the same they need to: all have the exact same behaviors and they may need to exchange information if the functionality they perform requires it.
Because of complexities associated with developing two pieces of software from different code base that behave the same; the reality is that the only way to achieve this ith certainty is to use the same code base for all of the services within the bubble.
Here is the punch line now….
If this particular collection of services performs authentication and authorization services this becomes even more of a concerns because any minute difference in behavior will put the entire structure at risk.