March 2015

Lean Services is a buzz phrase I have been increasingly hearing in secure information exchange circles recently. But what is actually meant by Lean Services?

The Lean Services Architecture is an open schema-based request/response and event message protocol combined with a supporting architecture that provides a Services Orientated Architecture (SOA) in the operational and tactical military domain. Within Lean Services, a schema defines the data exchange messages for a service (Lean Services Definition). To provide access to each service an adaptor is used to transform native message formats into on-the-wire lean services. In a cross domain context, a set of rules that must be adhered to are defined, which are called the Barrier Validation Rules.

Lean Services architecture overview

Licensed under the Open Government Licence v2.0.

In 2013, Nexor implemented a Lean Services Guard for an award-winning project.  This demonstrated how Lean Services could be used within the context of an Information Exchange Gateway information protection service. Core to the concept are the Lean Services Definition and Barrier Validation Rules. Rather than trying to build an information protection service for many different message and protocol types, Lean Services map messages onto a common message format (Lean Services Definition), implemented in JSON (JavaScript Object Notation). There are then Barrier Validation Rules to enable validation of the JSON content (schema checking). Using this approach, building information protection services becomes simpler – the data capture proxies and data validation services become common. Are Lean Services applicable to your information sharing challenges? Come and discuss the concept with Nexor.


Author Bio - Tony Roadknight

Tony RoadknightTony Roadknight is a Certified Information Systems Security Professional (CISSP) and is Lead Technologist at Nexor delivering cyber security solutions to governments, defence and critical national infrastructure organisations.


Be the first to know about developments in secure information exchange