Tuesday, December 19, 2006
More Thoughts on Enterprise Content Management and Security
I was thinking that the folks over at Alfresco may have a significant advantage over their ECM competitors when it comes to security, simply because they are written in Java.
Nowadays, many of the J2EE containers including BEA, JBoss and IBM all have support for binding directly to Active Directory and therefore don't require creation of your own unique identity store. Likewise, these same containers support the XACML specification so that you can externalize out authorization which is crucial especially when you embed ECM into an enterprise application.
I am of the belief that Alfresco was the first embeddable ECM platforms and hope that industry analysts could bring some honesty to this aspect. If you think about embedding one product into another, the importance of the need to delegate security to its parent is vital. Having disconnected security models in this reqard can be fugly.
Likewise, Alfresco being written in Java allows it to automatically participate in SSO as most containers nowadays minimally support the SAML 1.1 specification. I would love to know from the analysts if they believe that if the vast majority of enterprise applications are being written in Java, isn't a characteristic of embeddability also tied to the language that the ECM platform is written in? Yes, you could do JNI or other equivalents to bring in C++ based ECMs but which is cleaner?
If the trend towards scripting languages takes off and the enterprise embraces Ruby on Rails, how should ECM work with Ruby in the cleanest way? What about those who refuse to let Smalltalk die and how should they think about ECM?
Anyway, I hope to ping Alan Peltz-Sharpe and Nick Patience shortly in hopes that they could initiate coverage on an emerging space of Enterprise Content Integration (ECI) and not only tell us what it is, but more importantly how it should work from an architecture perspective...