> On this page...
> Archive
| October, 2008 (2) |
| July, 2008 (3) |
| June, 2008 (4) |
| April, 2008 (1) |
| January, 2007 (3) |
| December, 2006 (2) |
| October, 2006 (1) |
| September, 2006 (1) |
| August, 2006 (4) |
| July, 2006 (2) |
> Categories
> Search
> Archives
| | Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|
| 26 | 27 | 28 | 29 | 30 | 31 | 1 | | 2 | 3 | 4 | 5 | 6 | 7 | 8 | | 9 | 10 | 11 | 12 | 13 | 14 | 15 | | 16 | 17 | 18 | 19 | 20 | 21 | 22 | | 23 | 24 | 25 | 26 | 27 | 28 | 29 | | 30 | 1 | 2 | 3 | 4 | 5 | 6 |
> Links
|
There are limitations in the role model of ASP.NET authorization for content management systems. The problem lies in defining the critical set of roles. Both ways that are available to developers have their own drawback that can be easily avoided when the security system administrator and the developer are the same person, or they work in the same office. However, if they are spread around the world, as in the case of software development outsourcing, the problem needs a different solution. Let’s take a deeper look at the problem. When a user registers on a Web site, he or she gets identification data – a login and password - that gives access to additional benefits provided by the Web site.From the standpoint of developer, the process of giving benefits to registered users is divided into two sequential steps: authentication and authorization. During the authentication process, the system verifies whether the user is who he claims he is. During the authorization process, the system gives the user permission to do something or have something. The effectiveness of the implementation of these steps is essential for the effectiveness of the entire security system of the Web site. Let’s examine authorization in more detail.During the authorization process, the system matches the user name with a subset of opportunities available to this user on the Web site. This is done with the help of a particular entity that allows you to match the subset of opportunities with several users at once, uniting users on the basis of equal rights. The entity is called a role or a group of users.There is a set of tools for defining the list of additional opportunities for registered users, made available to the ASP.NET developer:- Configuration file (web.config) allows you to limit access at the level of subdirectories and files by using the configuration sections <authorization> and <location>;
- PrincipalPermissionAttribute allows you to limit access at the level of the method call or properties of classes;
- PrincipalPermission class allows you to limit access at the level of code snippets within a method or a property;
- IPrincipal interface allows you to limit access to code snippets by using the IPrincipal.IsInRole method call.
Using a variety of tools, the developer places method and attribute calls within a configuration file and Web page code. Names of roles with a defined action are used as the input parameters. It is also necessary to have a list of all the roles supported by the system for running a security system. The type of repository does not matter in this case. Here is the problem. Which of the two sets of roles is critical? The one that is scattered in the code as the input parameters, or the one that is in the repository of roles? In the first case, the security system administrator has to scan the code before filling in the repository of roles to catch the names of all roles used as the input parameters. In the second case, developer must be sure that the names of roles are consistent throughout the lifetime of the system because, otherwise, it will be impossible to change or delete the names of roles.This is not a problem when the security system administrator and the developer are the same person, or they work in the same office. However, if they are spread around the world, as in the case of software development outsourcing, it is very difficult or even impossible to make changes in the initial module code. To solve the issue, a set of syntactic constructions that allows you to limit access to code snippets for different groups of users is necessary. This set should meet the following requirements:- Ensure the independence of the module developer from the security system administrator in defining the user groups with limited access to the code snippets module.
- Have a mechanism for the export of a set of user groups involved in the system of restrictions for a specific module. This allows the administrator of the security system of the Web site to match the existing set of roles with the system of restrictions for a specific module.
- Have a unique namespace for a specific module of the content management system of the Web site.
- Have backward compatibility with the existing role model for authorization.
- Ensure an opportunity for a declarative programming style.
In the next blog post, a solution where the permission-based model is used will be presented.
One of the studies conducted by Value Leadership Group has proved that Small
and Medium Enterprises (SME) in Europe benefit
from using offshore software development
Some
SMEs are surely afraid of losing jobs if they would outsource development
functions. Despite the fact that this fear exists, the study shows that none of
the companies that took part in the research lost work places. Another important
point is that brilliant IT engineers are in small in number in Europe but it’s possible to find them in the offshore (near shore)
countries, for example in Russia.
partners.
Originally offshore software development services were widely used for
low-level maintenance jobs. In recent years we have seen that globalization and
a great increase in communicational technologies has made the world flat and
connecting, putting new meaning into well-known things. The present-day trend of doing small and medium business effectively is using high profile
offshore partners to establish and run a dedicated team overseas. The development teams of suuch partners not
only should do coding, but they should also perform high-level tasks, such as
product design and architecture. Sometimes the entire engineering department
may be located overseas, while investors, top executives, sales and marketing
people would be located in the home country. This refers both to the US and European copmanis.
SME require extremely effective business strategies that create the best
balance between costs and quality.
Who says that SME get significant competitive advantage in the global arena and occupy
the leading position in the market by offshoring? We do say. We can also provide some
examples where companies save their capital and get competitive advantages
if they move part of their value chain offshore.
It has been estimated that the world market for software is rising rapidly. In 2006 this industry remained dynamic. The total volume of the IT sector, according to preliminary data, will be over 1trl 60 bln rubles ($60 bln). This is 20% higher than in 2005. Expected revenues for electronic services are 745 bln rubles ($28 bln), which is 21% higher than in the previous year, and prospective revenues on postal services are 54,4 bln rubles ($2 bln), which is 27,4% higher than in the previous year.
The lion's share of this market is either outsourced or offshore programming (offshore software development) when the on-demand of some large corporations is present. According to the research company Gartner, 72% of IT users opt to outsource.
Russia now is one of the leaders in exporting software and outsourcing services. Today in Russia, there is between 25 and 30 thousand people in the field of exporting software, while in 2004, exports amounted to 560 million dollars. It is expected that in 2007 this figure will exceed 1 billion. The growth of the industry is due to the increase in demand for programming in the Russian market. With the support of the IT sphere that could grow by 20% annually. The government concept of the IT industry development would be a further impetus for growth in Russian IT-businesses. The Russian resort developers and large companies have several advantages over their counterparts from other countries. These include high levels of training, the cost of services, geographical proximity to the countries of Western Europe, and the developed countries of South-East Asia and the Middle East.
Some respected Internet sources give very cognitive information and can influence thinking. One source displays a diagram that shows offshore software development destinations. You can find several countries there, but Russia is not represented. Where is it included? Is it located in the “Eastern Europe” or “Other Countries” category?
On the other hand, more and more large companies open development centers in Russia. This week Google opened its second development center outside the US in the same country. The country is Russia and the development center is located in Saint-Petersburg.
Google chose Russian specialists to develop innovative software solutions. Murano clients do the same. If you are looking to set up your own offshore development center in Russia, we would like you to consider working with our dedicated teams of talented and highly skilled technical professionals.
It’s obvious that lots of companies can minimize their development costs via offshore outsourcing. Thus usually one of the main criteria for choosing an offshore destination is price. Don’t you think this is a mistake?
If you seek a successful offshore outsourcing engagement, you must think of the results you want. You should pick a vendor that matches you in size or the size of your projects. It’s worth paying attention to developers’ abilities, skills and experience; put emphasis on people rather than on specific requirements of your project.
As for Murano Software, we are quite effective at cooperating with small and mid-size companies that are innovative. We provide our clients with dedicated teams of talented and creative problem solvers who are able to realize the client’s ideas successfully.
In our opinion, the best offshore effect occurs when the finished software product delivers the full functionality required to meet the needs of the client and it is delivered on time and on budget without any unexpected changes in the process of the development.
To get the desired offshore effect, you should enhance your in-house IT-team by engaging the top specialists in the world. Therefore ask for resumes, don’t be immediately concerned with how quickly a project can get done. Ask for company hiring policies and strategy. And finally, you’ll benefit from having access to a diverse talent pool that can quickly fulfill your requirements and deliver the quality software products and achieve better ROI.
Customers expect that software development outsourcing companies employ efficient methods of communication. As we say, outsourced software development doesn’t have to be a struggle, and clients should have the opportunity to take advantage of all outsourcing benefits.
Communicating via Instant Messaging is widespread; moreover it is an essential part of your relations with offshore software developers for discussing details, controlling the development process and exploiting the benefits of agile software development methodology.
To overcome the time differences, the offshore software developers that you contract with could shift their working hours. This makes online communications via IM possible and provides both parties with convenient timing arrangements. As a company focused on outsourcing, we hire technical professionals with a good knowledge of English. You, your IT director or your entire in-house IT team can collaborate or keep track of development achievements (depending on your needs), both verbally and in writing, via e-mail, MSN, Skype, NetMeeting conferences, the telephone and so on.
Of course, it could occasionally happen that you hear English spoken with an accent or that you may not be able to stay in contact with developers throughout your working day because of the time difference. Obviously we don’t dispute that these are points you have to be aware of when engaging in offshore outsourcing. We don’t hesitate to raise these issues, as we know that for our clients, location is not the essential factor in their decision to contract with us. Our clients contract with us primarily due to their interest in cooperating with experts in custom software application development.
One of the initial questions raised, when thinking of offshore outsourcing software development is how to maintain communication. Productivity in software development is measured by meeting customer needs, thus communication is all-important in providing time-to-market, cost-effectiveness and fulfilling other requirements. So when you select your offshore partner make sure that they have their headquarters or, at least, an office in your country.
We, at the Murano US office, not only discuss development needs before contracting, we also encourage feedback (both positive and negative) from our clients. This allows us to adopt our processes, react to issues quickly and replicate successes.
|