> Archive > Issue XLIV: October - November 2010 > SOA Pioneer Interview Series: Toufic Boubez, Dimitri Sirota, and Linda Terlouw
Toufic Boubez

Toufic Boubez


Dr. Toufic Boubez is a well-respected SOA and Web services pioneer and co-author of the SOA Manifesto. He is a Certified SOA Architect and Security Specialist, as well as a consultant and Certified SOA Trainer for SOA Systems Inc. He is the founder of SOA Craftworks and the founder and CTO of Layer 7 Technologies, one of the most successful vendors in SOA Governance and Security. Prior to Layer 7, he was the Chief Architect for Web Services at IBM's Software Group, and the Chief Architect for the IBM Web Services tools. At IBM, he founded the first SOA team and drove IBM's early XML and Web Services strategies. As part of his early SOA activities, he co-authored the original UDDI specification, and co-authored a service description language that was a precursor to WSDL. His current activities span SOA Security, SOA Governance and the impact of Cloud Computing.

Toufic is a sought-after presenter and has chaired many XML and Web services conferences, including XML-One and WebServices-One. He has also been actively involved with various standards organizations such as OASIS, W3C and WS-I. He was the co-editor of the W3C WS-Policy specification, and the co-author of the OASIS WS-Trust, WS-SecureConversation, and WS-Federation specifications. He has also participated on the OASIS WS-Security, SAML and UDDI Technical Committees. He is the author of many publications and several books, including "Building Web Services with Java" and the upcoming titles "SOA Governance" and "SOA Security: Practices, Patterns, and Technologies for Securing Services". InfoWorld named him to its "Ones to Watch" list in 2002, and CRN named him a Technology Innovator for 2004. Dr. Boubez holds a Master of Electrical Engineering degree from McGill University and a Ph.D. in Biomedical Engineering from Rutgers University.


rss  subscribe to this author

Dimitri Sirota

Dimitri Sirota


Dimitri Sirota is an accomplished entrepreneur and a pioneer in the security field. Prior to co-founding Layer 7 Technologies, Dimitri co-created the award-winning Virtual Private Network provider eTunnels Inc. Dimitri spearheaded its early marketing and business development activities, establishing eTunnels as a leader in secure connectivity for the extended enterprise. He has also worked in senior product marketing and channel development roles at AT&T and Telus. Dimitri holds a Bachelor of Science degree in Physics from McGill University and a Master of Science in Engineering Physics from the University of British Columbia.


rss  subscribe to this author

Ir. Linda Terlouw

Ir. Linda Terlouw


Ir. Linda Terlouw works as a Solution Architect in the SOA Consulting Group of Ordina, a large IT services provider in The Netherlands. She advises large corporations about the gradual migration towards a service-oriented way of thinking and the use of ESB-technology for its technical implementation. Before joining Ordina, Linda worked for IBM as among others as a Business Intelligence Consultant and an IT Optimization Consultant.

Linda holds both an MSc in Computer Science and an Msc in Business Information Technology from the University of Twente. Currently she is pursuing a PhD in Computer Science at the Delft University of Technology. The focus of this research is the specification of services working from formal organizational models. The research is part of the CIAO! Program (

Linda maintains a popular blog at and she can be reached at or


rss  subscribe to this author


SOA Pioneers Interview Series: Toufic Boubez, Dimitri Sirota, and Linda Terlouw

Published: October 06, 2010 • SOA Magazine Issue XLIV

This article features interviews from the International SOA & Cloud Symposium podcast series. These dialogues focus on SOA related topics, each guest is a pioneer in their own special fields. Dimitri discusses his research in cloud computing and where he sees it headed, as well as his co-authorship with the upcoming book "SOA and Cloud Computing". Toufic discusses the relationship between SOA and the cloud, as well as issues like the possible return of the silo, in the form of choosing different cloud providers. Linda covers a range of topics, including her current research on SOA and BPM related subjects, new techniques and methodology, and some of her own exciting projects. Check out these very interesting discussions with the International SOA Symposium's very own contributors.

Exclusive Interview with Toufic Boubez

Toufic Boubez from SOA Systems joins today's podcast as we cover important topics like: SOA security, cloud security, his talk on "The New Silos...", and his post-conference SOA Security Specialist Workshop with SOA School. Toufic also talks about MetaFor, a new organization with a unique development philosophy. Tune in to find out more from a very enthusiastic Toufic Boubez.

SOA Magazine: Thank you for joining us today, Toufic. How are you?

Toufic Boubez: I'm very well. Thank you.

SOA Magazine: Could you tell us more about the workshop you will be teaching?

Toufic Boubez: Sure. So the workshop is about SOA Security specifically. It's a two day workshop and in these two days, we will cram a lot of information. There will be three sections, if you want to think about it that way. The first section is about the fundamental aspects of Security and specifically SOA Security. The second section will be about more advance topics such as, trust brokering, identity federation and how to deal with across domain identities and secure sessions. The third session is more of a lab session, where we will look at some particular problems and we will develop solutions to these problems in a lab format. The workshop is very vendor-independent. It's just about the actual concepts and the technologies involved as well as the industry standards and specification in these implementations.

SOA Magazine: What is the importance of security in the world of SOA in your opinion?

Toufic Boubez: Security is definitely very important in any kind of distributed set of technologies, but are extremely important in service-orientation; so putting aside all the typical security issues around confidentially of data, integrity of data, or things like regulatory issues. The concept of service-orientation is about distributing services and composing services and reusing services. Now in a world where we have all these services that need to be reuse and need to be recompose, security becomes even more important and proper security applications and mechanisms become a lot more important. So as you compose services, you are ensured of the security of the transaction that spans more than one services and probably more than one domain. In this case, security becomes a lot more important. Not just from the concept of that we need security, but from the concept of how to apply it properly and make sure things are secure as they span different domains.

SOA Magazine: What do you think of the relationship between security and cloud computing?

Toufic Boubez: I spoke a little bit about that at the last year's symposium - the different security issues around cloud computing. I definitely think that security in the cloud is what everybody is thinking about, especially people using the cloud or actually planning to migrate some applications to the cloud. Security is on everybody's mind. There are several reasons for that.

First, you are trusting sensitive data in a lot of cases to a domain or a data center in which you have no control (the cloud). Another interesting thing is the cloud's remoteness-like your data. What happens to your data? Who owns your data? What kind of jurisdictions is your data in? Things like access control become very interesting and challenging because again, of the remoteness and different control situations that you have on the cloud versus in your own data center. Security becomes a lot more challenging when you are in the cloud.

SOA Magazine: This leads to my next question which is, how do you view the relationship between SOA & Cloud?

Toufic Boubez: I think it's one of those killer app type of things, where the cloud environment is perfect for service-orientation because now as we move to a world where things are becoming a lot more service-oriented, in the sense that you have a lot more services that can live in different domains and can be composed, recomposed and reused, having this concept of flexible and elastic computing that you can ramp up and down and where you can redeploy things from one place to another, is a great environment for deploying service-oriented applications. The facility of being able to distribute things to different places, being able to talk with each other, and being able to ramp applications and services up and down, is a great and new environment for service orientation. The fit is really good.

SOA Magazine: Your presentation on cloud computing is posed as the question: "The New Silos: Build Once, Deploy Anywhere?" this looks very interesting. Could you tell us a bit more about that?

Toufic Boubez: One of the things that we learned over the last 10 to 15 years is silos in the software, software architecture and software development communities - is that building silos doesn't work very well. We have seen that realization from building large monolithic applications in silos. Silos started originally in departments or group within an organization. So you have your finance organization build silos, or CRM build silos and so on. The whole concept of service-orientation came up in partly in response to that. We started breaking down those silos and began building flexible, agile, reusable parts, which we call services that can be reused by a lot of the different parts of the organizations - which is great for architecture.

But now what started happening in the cloud world is that the silos are starting to happen all over again, but this time they are not software architecture silos because we have learned that lesson. They are platform silos. Now you have different cloud vendors and different cloud platforms that are springing up and different cloud and virtualization mechanisms with very little mobility between them. People or organizations that are moving to the cloud are finding themselves again in the same old bite of having to decide in which silos they want their applications, in essence, picking a basket in which to put their eggs. We are moving slowing back toward a new world, a new kind of silo, in which case silos are platform based. My presentation will be about this topic and how we can avoid the concept of new platform based silos.

SOA Magazine: I can see you will be attending on behalf of SOA Systems, but I heard that you are starting up your own company called MetaFor. Could you tell us more about this project?

Toufic Boubez: So the company is still in stealth-mode in a sense. We are building a generation of tools for data center operators if you want to think about it that way. The issue here is that over the last several years as data centers started to grow and the whole cost of having your applications in the data center became important, a large set of tools were built up and evolved to give data center operators visibility, control and manageability. However, these tools are all infrastructure-centered in that you can manage your servers, you can manage your network. You can have alerts, but it's all based on the boxes - in essence the server. In the new world of service-orientation, of cloud, of agile development and so on, the servers are almost unimportant at this point. They are a commodity layer. What's really important are the applications and there are absolutely no tools out there to give you application-centered views of your data center as opposed to infrastructure-based view. What MetaFor is building right now is a set of really innovative and automated tools that give you an application-centered view of your data center. That's pretty much all I can say right now unfortunately, but stay tuned.

SOA Magazine: Thanks Toufic for speaking with me today. We will be looking forward to all your involvement in this year's SOA & Cloud Symposium in Berlin.

Toufic Boubez: Thanks. It was a pleasure!

Exclusive Interview with Dimitri Sirota

This edition features Dimitri Sirota, speaker at this year's symposium and
co-founder of Layer 7 Technologies. The interview probes a number of topics, including: Layer 7 Technologies and current innovations they are working on, Dimitri's presentation "The Rise of APIs: A New Twist to SOA and Cloud", patterns being written for the SOA Design Patterns Catalog, and Dimitri's thoughts on the industry itself. The discussion also includes Layer 7 Technologies as an exhibitor, what demonstrations they will be doing, and hints of special announcements to look forward to. You can follow Layer 7 Technologies on twitter at, or Dimitri at Tune in to find out more from Dimitri himself.

SOA Magazine: Hi Dimitri, how are you?

Dimitri Sirota: I am good. Thank you.

SOA Magazine: Great! You've been with Layer 7 Technologies for a long time. Could you tell us more about Layer 7 Technologies and what you do there?

Dimitri Sirota: I actually co-founded the company about seven years ago. The company basically specializes in addressing integration issues for applications across the internet and between the internet and the cloud. Basically, we help other companies span divisions, departments, partners and the cloud.

SOA Magazine: So what is Layer 7 doing in the cloud today?

Dimitri Sirota: We offer a suite of products that essentially help organizations better utilize the cloud. The first product is something we called Cloud Connect. It helps address some of the single sign on and integration issues that companies face when they are looking to assimilate SaaS-based applications like SalesForce and Google Apps. So we have a product in that space, quite a few of customers leverage us specifically to integrate things like SalesForce.

We have a second product geared more towards service providers that are looking to expose APIs out to end users and customers. These APIs can deliver application functionality, cloud provisioning functionality, or data feeds. Thirdly, we have a product that's specifically geared towards securing application services inside the cloud.

SOA Magazine: What are you seeing as trends in the industry today?

Dimitri Sirota: For Major trends - We see that SOA is branching out. First off, I think more and more organizations are looking to take SOA outside of their traditional 4 walls beyond the DMZ - so to speak, and extend it out to customers and suppliers in a more B2B fashion. They do this for getting more real time types of integration. This idea of having SOA with a security model that lets them essentially integrate across security boundaries is becoming key.

Secondly, we see more and more companies that are looking to expose both SOAP and REST APIs out to the developer community. They are looking to leverage developers to build out new channels to market and new revenue streams. That's definitely a second trend and an accelerating trend. Layer 7 has solutions for that audience.

Thirdly of course, is that more and more companies are looking to leverage the cloud. They are either looking to connect to SaaS, so take outsourced applications and make them look and feel like they are internal applications, or they are looking to offload some of their own apps into a public cloud infrastructure. So we see both trends as well.

SOA Magazine: As a founding partner for the SOA Symposium, which should we be expecting from Layer 7 Technologies as an exhibitor? Are there any special announcements or are there other things going on?

Dimitri Sirota: There will be a special announcement which I don't want to go into right now, but we will be announcing something new at the SOA & Cloud Symposium. We will be providing demonstrations of work we do (for both HP and Software AG). We will have a number of regional partners that are also exhibiting at the SOA & Cloud Symposium. They will be running demonstrations using some of the Layer 7 solutions. Those partners include EnableU, Softcon, and IPT.

SOA Magazine: I heard that you are interested in contributing to the SOA Patterns catalogue. Can you tell us more about the patterns that you wanted to write about?

Dimitri Sirota: That's not my self personally; that's our CTO and our technical director for Europe. They intend to contribute patterns for the three scenarios that I outlined. First off, the idea of B2B oriented SOA - SOA that's crosses DMZ, where you are running into identity issues and security issues.

Secondly, SOA and SOA patterns more Web oriented so they leverage technologies like REST and JSON.

Thirdly are the cloud scenarios. So first off, it's the idea of assimilation or integration to SaaS application like Salesforce. And secondly it's the idea of service provider themselves looking to deliver APIs and functionalities out to a broader audience.

SOA Magazine: Are there any other projects we should be looking forward to from you?

Dimitri Sirota: No, I'm just very active with Layer 7. The company is doing tremendously! We had a record year in 2009 and we are going to more than double in 2010. We are expanding our footprint into some related areas; some of which will become evident at the Cloud Symposium. We are just growing and trying to take advantage of all of these new opportunities around SOA & cloud.

SOA Magazine: Your profile on shows that you will be presenting on "The Rise of APIs: A New Twist to SOA and Cloud". Could you give our listeners a teaser about what this talk will be covering?

Dimitri Sirota: Yes, in fact we are going to invite one of our customers, the Division of T Mobile AutoScout 24 based in Germany, to co-present with us. Essentially, what we are going to be introducing to the audience is the idea of APIs as a mechanism to bring additional value to an organization.

For a long time, organizations have locked away their data and their applications inside their four walls. With the advent of SOA, clearly, there's an opportunity to liberate that data and liberate that functionality and derive value from that. One of the trends we see in North American today is organizations exposing some of that data and functionality, selectively, to a developer community; for instance for mobile app developers, the iPhone is a prime example of this.

By opening up, you are essentially creating a new channel to market. A perfect case and point is Twitter. Twitter now has close to 6 billion API calls per month. The APIs have made twitter from an SMS-like application to a whole platform, having accelerated its growth to market.

Commercial companies are looking to replicate some of that success and we are providing a roadmap and blueprint on how to do that.

SOA Magazine: Looking at the current range of topics covered at the symposium this year, do you have any comments on what it means to the industry? What are the priorities?

Dimitri Sirota: I think more and more as companies look to expand their SOA beyond their four walls, being driven by examples like cloud, B2B, and API exposure to developers, the necessity of security management availability and governance is becoming critical more than ever. That's certainly going to be a theme in the Layer 7 talks as well as I imagine a number of other talks.

SOA Magazine: Where can we go to get the latest updates from Layer 7 Technologies and yourself?

Dimitri Sirota: Well, a good place to start is the Layer 7 website ( You could also follow us on twitter @layer7. My own personal twitter is @l7sirota. And that is also a good way to keep current with Layer 7 activities.

SOA Magazine: Awesome! Thank you, Dimitri for joining us today. It was a pleasure to speak with you. We'll certainly be looking forward to your participation in Berlin this year. Thanks again for joining us.

Dimitri Sirota: Thank you!

Exclusive Interview with Linda Terlouw

This podcast features Linda Terlouw, the founder of and IT architect at
Icris B.V. Linda discusses a variety of very interesting topics, including research she's currently conducting as she's completing her PhD in Computer Science, her company Icris B.V., and her experience becoming a Certified SOA Architect. Linda also talks about future articles she's planning, some contributions to the SOA community she's made, and her article in the SOA Magazine. Find out more from Linda herself and tune in!

SOA Magazine: Hi Linda, how are you?

Linda Terlouw: Hi, I'm doing just fine. I am looking forward to this year's symposium.

SOA Magazine: Great! My first question for you today is could you tell us a bit your role at ICRIS and what ICRIS does?

Linda Terlouw: ICRIS is a company that I founded one and a half years ago when I left Ordina. Ordina is a large Dutch IT service provider and a founding partner for the symposium two years ago. The mission of my new company, ICRIS, is to bring the latest academic developments to the industry. We offer consulting services in the area of enterprise architecture and SOA. Services include for example: advice on how to include organizations SOA Governance process or how to successfully introduce a service repository. We also give courses on these topics. And a little bit about myself. I am currently working on two big assignments for the Dutch government organization. One of the assignments involves business architect and the new methodology and the other assignment deals with design of services in a large scale SOA project. That's about it.

SOA Magazine: I read in a profile that you are currently pursuing a PhD in Computing Science at the Delft University of Technology. Could you tell us more about your research and how that is coming along?

Linda Terlouw: I started my PhD in 2005 at the Delft University of Technology. My promoter is Professor Jan Dietz who recently retired from the University of Delft, he is still very active in conducting research and also does some work for ICRIS. Professor Dietz has developed a method for business modeling called DIMO. The result of applying this DIMO method is a business model called the enterprise ontology. This method is based on ideas from general system theories and the philosophical field of language action perspective. An important principle behind this theory is that an organization consists of social actors, which are people who enter commitments with each other. Enterprise ontology is a high level model of an organization in which we see these commitments act as models for business transactions. In my research, I focus on creating a link between this notion of enterprise ontology and the notion of service-oriented architecture. So I look at how to find the right course grade modules of enterprise information systems and what services they offer. This service identification approach is based on enterprise ontology theory. Also, I focused on the topic service specifications; this means I have designed a framework that defines which aspects of service should be specified in order to make a potential service consumer understand what behavior the service is. This is in fact very closely related to the concept of service repository. I evaluated practices of the UDDI standard, it is not really sufficient for specifying a service behavior, and in my research I hope to contribute to this topic.

What is also interesting about this research is that it doesn't only focus on theories. I am also conducting several case study at large companies. I finished the case study at the Port of Rotterdam and La which is a financial company. And at the moment, I am working on a case study at Air France KLM, a French and Dutch airline company.

SOA Magazine: Wow, that all sounds very interesting. Will you be presenting on some of this research in your presentation at the SOA & Cloud Symposium?

Linda Terlouw: Yes, I will. The title of my presentation is "A Multi-Domain Modularization Approach for Achieving More Organizational Agility". In this presentation, I will be talking about method DIMO and the notion of enterprise ontology. I will also talk about modularization. When I say multi-domain approach, I mean that I not only look at the modularization of information systems, but also the alignment with modularity of the organization itself and the business processes. If I have the time, I hope to give a short demonstration of the Lumio Tool. This is a tool that I would use for clients to analyze alignment to organization modularity, business process modularity and information system modularity.

SOA Magazine: I also noticed that you were recently certified with SOASchool and SOA Architect. How was that experience and could you tell us more about that?

Linda Terlouw: I enjoyed the SOA Architect very much. This course really contributes to the maturity of the use of SOA in the industry. What was interesting to see in those five days was that all the participants in the course all learned to speak the same language. So the course created the common view of the topic of SOA. Also the SOA Principle and Design Patterns gave very clear directions in how to design services properly. In fact, I liked the course so much that I became a SOA Certified Professional Trainer myself. In the near future, I plan to give the course myself as a teacher.

SOA Magazine: That's great! I also noticed that you have contributed to the SOA Magazine at some point. Could you talk about the article that you wrote there?

Linda Terlouw: About three years ago when I was still working at Ordina, I wrote an article with two colleagues about service identification. One of my former colleagues who, by the way, is Art Ligthart - the program chair of the SOA & Cloud Symposium. In this article, we talked about 10 different ways of finding services. Some of the examples of these techniques are business process decomposition, basing your services on the business object model, or finding service based on business goals. In the paper, we looked at these different approaches and their benefits and drawbacks. Also, we described a number of pitfalls for service identification in general. Our intention was to write a position paper on these different methods. It was mainly a first step for looking deeper in these approaches. The article was not so much describing all these approaches with a large amount of detail; it was more of an easy to read paper for someone who is just looking into the overview of these approaches.

SOA Magazine: What other articles have you written?

Linda Terlouw: I've written quite a few articles. Most of these articles focus on the topic of business modeling, enterprise architecture, and SOA. My most recent article is a scientific article of me and my promoter, Dr. Jan Dietz. It's an enterprise modeling and information system architecture journal. This article focuses on the comparison of different methodologies for service orientation. Another recent paper I wrote was published in the scientific conference. This article describes the result of the case study conducted at the Port of Rotterdam.

SOA Magazine: I know that you were also involved with the Prentice Hall Service Oriented Computing Series. Which books were you involved with and how?

Linda Terlouw: I was involved with two books: SOA Design Patterns and Web Service Contract Design and Versioning book. For both books, I have been involved as a reviewer. Thomas Erl sent me an early manuscript and asked me to look at it to provide feedback on each of the books.

SOA Magazine: Are you currently writing any books or articles that we can look forward in reading in the future?

Linda Terlouw: I would like to finish my PhD next year. So, I am doing a lot of dissertations and writing at the moment. I am also focusing on scientific publications. Moreover, I'm focusing on article about services specification, which is a scientific article. After I finish my PhD, I'd like to spend more time on writing books intended for practitioners. So, I am looking on maybe co-authoring some books in the Prentice Hall Series or in the Enterprise Engineering Series.

SOA Magazine: Thank you Linda for joining us today. We'll be looking forward to your presentation and participation at this year's SOA & Cloud Symposium in Berlin.

Linda Terlouw: Thank you. I enjoyed this interview.