Awhile back I mentioned that I would periodically post a diary of what I do throughout the day. Today's blog will cover what I worked on last thursday...
- As many folks are aware, I am working on pushing an industry-wide solution to the increase the ability to protect personally identifiable information stored in relational databases and have had great success in getting enterprise architects in other Fortune enterprises to support the specification. I had deep conversations with two different database vendors on the value proposition of implementing stronger protection mechanisms. One vendor was ecstatic to see that us customer types could actually articulate such a deep specification for one of their problems. I guess that most vendors have a hard time of pulling requirements out of most of us. Anyway, they have agreed to slot the functionality for the R2 version of their product in the future.
I wonder if any industry analysts would be interested in doing not one but two different case studies on this problem space. The first case study would cover the needs of large enterprises and what they are doing to protect personally identifiable information. The second case study (this is more interesting) in how enterprises can not only consume industry specifications but could become active creators of them.
- Also participated on a conference call with several architects that are employed by other Fortune enterprises in hopes of creating an industry-wide message format to support DMV insurance checks. I have realized that I spend too much time doing Powerpoint and other enterprisey things and some of the finer details of WSDL and XML are slowly slipping away. The one thing that is appreciative is that when folks from other enterprises review your thought, they have no reason to be cordial and therefore will provide honest feedback. I have to figure out how to get the same level of honest feedback within my own enterprise. I think I get away with too much at certain times in terms of providing technical advice.
- Worked with several other folks on the start of the 2007 operating plan (aka budgets). I remember earlier in my career budgets weren't as painful as they are nowadays. In the old school, budgets were more driven based on monies exiting the door in terms of real dollars. Nowadays with chargebacks, budgeting has gotten more complicated due to notions of chargebacks. My contribution to the budget is all the wonderful security initiatives we should consider for next year. The hardest part is that especially in the security space which is usually not well known and that executives have less opportunity for management by magazine in this camp that the distinction between what you can "sell" vs what makes sense is even more profound. Putting into the budget things that have 100% integrity without analyst coverage, hype articles in publications such as CIO and Infoworld will result in me having to do even more Powerpoint next year than this year.
- Actually spent time reading the latest Forrester ESB report written by Mike Vollmer and Mike Gilpin and of course noticed that ServiceMix wasn't included. I immediately went on my rant that open source projects should be covered right next to closed source proprietary implementations such as CapeClear and Sonic. Part of the issue is that analysts tend to start with vendors which is logical for closed source but not open. I could use ServiceMix in a production environment not yet care a single bit about how LogicBlaze operates nor their financials. Open source provides folks with a choice in terms of support and makes it optional as to whom you get it from. Analysts really need to start thinking more about how their customers could use software and not stick to just the status quo. I guess they are too busy predicting the past...
- Many folks are aware that noted industry analyst Brenda Michelson will be doing a case study on our enterprise architecture practices. I learned on this day that the CIO, I had lined up will need to take a vacation day. I really thought it was important to do the face-to-face thing and now have to move it to a phone call a week later. Anyway, I will be finishing up the final agenda that includes all of the wonderful folks she will get to interview while visiting in person. The cast of characters I have lined up should provide an interesting perspective on what us enterprisey folks do well but also need to improve upon.
- Also started on writing a software architecture description document that outlines how identity federation would need to work in our industry vertical. I hope to put the final touches on the document tonight and get the document out to my industry peers early next week. One of the things that I think will be intriguing to see is that I am suggesting creation of a platform that is built upon open source. I am firm in my belief that for Fortune enterprises to actually trust the security of each other that source code should be available for inspection at any time. I wonder why companies such as Sun who embrace open source haven't talked much about open source implementations in the federated identity space? Maybe Pat Patterson could share his thoughts?
- At home, I spent some time reading the CardSpace (formerly InfoCard) specification and am noodling how this could be integrated with Liferay Enterprise Portal. Would be interesting to see Kim Cameron championing an open source implementation in Java of his specification.
- Also at home, I started to sketch out evaluation criteria for an upcoming proof of concept in the entitlements space. There are a variety of vendors that play here including Identity Engines, BEA, Securent, Jericho Systems and others. Sadly, this is one space that corporations need to understand and embrace as it addresses a lot of problems we face. Of course, the analyst firms are asleep at the helm with only Burton Group having deep coverage but with no research reports yet.
- It wasn't until 8:30 pm that I had the opportunity to play with my two sons. So much for the savage quest of work/life balance...