Monday, December 25, 2006
Thoughts on OpenID and how enterprises can participate...
Johannes Ernst responded to one of my postings on Federated Identity and Authorization and provided Some things to noodle. One particular aspect he mentioned was that anyone could contribute to the OpenID specification and suggested that a contribution in the authorization space would be useful which I am more than interested in talking on...
I am a contributor to a variety of specifications, mostly within our particular industry-vertical and the variety of standards bodies that cover them and have had reasonable success. Part of the reason for success is that the demographic of the implementers are known and more importantly they are willing to state upfront their commitment to implement. I wonder if I publicly commit to defining the authorization portion for OpenID will Kim Cameron and his MS friends publicly commit to changing the UI for Cardspace to handle or will this result in another useless industry specification?
I know that other Fortune enterprises whose primary business model isn't technology will back this initiative and this is surely enough to get lots of things to happen. For example, I know that bringing a total of ten enterprises to discuss the problems of ECM and Security will result in the software vendor taking steps to make their customers happy, but I honestly can't say the same if I spent the same amount of effort in a space that Microsoft plays in.
Part of the problem is that for smaller vendors, identifying who their top sources of revenue from an enterprise perspective is relatively easy. The only way such an effort wouldn't be futile is if I could know whom are Microsoft's top ten Fortune customers in terms of spend and figure out how to get all ten on board. The problem space could be articulated in the fact that while my own employer is a Fortune 100 enterprise, they are by no means even in the top 100 Fortune enterprises in terms of spending monies with Microsoft. This says that for my contribution to not go to waste, I really do need the help of others...
The second question that I think begs an answer is why would I spend time on such an initiative? With a full slot of stuff to do at work, this would turn into my own homework at home. While I could easily connect it to business initiatives, I would still have trouble coming up with an ROI. Not that all of my efforts should be ROI driven (NOTE: I do work on compliance-oriented stuff which defies ROI because its law) but there should be some return even if it isn't monetary.
One aspect of return is of course all of the wonderful potential press that enterprises can gain by showing to the marketplace how innovative their folks are but this too is highly problematic. First, it requires certain forms of acknowledgement in that enterprises tend to think of industry analysts as the media and therefore require coverage in the form of case studies from time-to-time. Other than the wonderful folks over at Macehiter Ward-Dutton (A top-notch UK analyst firm), industry analysts in the blogosphere have been notoriously silent on OpenID.
The problem is further compounded in that many analyst firms love to talk about products developed by software vendors and I am neither which will further guarantee specification shelfware. If folks don't know about it, then they certainly can't use it. At some level, I could attempt to do this work by joining a standards body such as the Liberty Alliance but unless they are willing to change their model for membership to become more enterprise friendly then this too will fail.
Spending lots of money in enterprises is easy. The key though is that spending of money on external entities usually comes in the form of statements of work, deliverables, etc. Simply being allowed to participate in a conversation will not allow the masses of enterprises to spend money to become a member. Hence, this is the reason why the Liberty Alliance only has four of the Fortune 500 whose primary business isn't technology.
The discussion around OpenID and authorization is vital to being able to conduct meaningful commerce over the Internet in a modern way yet even the Liberty Alliance seems caught up in the hype known as two dot O ism...
Johannes, you have my full committment to contribute but I really need the help of other identity thought leaders to brainstorm or at least amplify the following problem spaces:
| | View blog reactionsI am a contributor to a variety of specifications, mostly within our particular industry-vertical and the variety of standards bodies that cover them and have had reasonable success. Part of the reason for success is that the demographic of the implementers are known and more importantly they are willing to state upfront their commitment to implement. I wonder if I publicly commit to defining the authorization portion for OpenID will Kim Cameron and his MS friends publicly commit to changing the UI for Cardspace to handle or will this result in another useless industry specification?
I know that other Fortune enterprises whose primary business model isn't technology will back this initiative and this is surely enough to get lots of things to happen. For example, I know that bringing a total of ten enterprises to discuss the problems of ECM and Security will result in the software vendor taking steps to make their customers happy, but I honestly can't say the same if I spent the same amount of effort in a space that Microsoft plays in.
Part of the problem is that for smaller vendors, identifying who their top sources of revenue from an enterprise perspective is relatively easy. The only way such an effort wouldn't be futile is if I could know whom are Microsoft's top ten Fortune customers in terms of spend and figure out how to get all ten on board. The problem space could be articulated in the fact that while my own employer is a Fortune 100 enterprise, they are by no means even in the top 100 Fortune enterprises in terms of spending monies with Microsoft. This says that for my contribution to not go to waste, I really do need the help of others...
The second question that I think begs an answer is why would I spend time on such an initiative? With a full slot of stuff to do at work, this would turn into my own homework at home. While I could easily connect it to business initiatives, I would still have trouble coming up with an ROI. Not that all of my efforts should be ROI driven (NOTE: I do work on compliance-oriented stuff which defies ROI because its law) but there should be some return even if it isn't monetary.
One aspect of return is of course all of the wonderful potential press that enterprises can gain by showing to the marketplace how innovative their folks are but this too is highly problematic. First, it requires certain forms of acknowledgement in that enterprises tend to think of industry analysts as the media and therefore require coverage in the form of case studies from time-to-time. Other than the wonderful folks over at Macehiter Ward-Dutton (A top-notch UK analyst firm), industry analysts in the blogosphere have been notoriously silent on OpenID.
The problem is further compounded in that many analyst firms love to talk about products developed by software vendors and I am neither which will further guarantee specification shelfware. If folks don't know about it, then they certainly can't use it. At some level, I could attempt to do this work by joining a standards body such as the Liberty Alliance but unless they are willing to change their model for membership to become more enterprise friendly then this too will fail.
Spending lots of money in enterprises is easy. The key though is that spending of money on external entities usually comes in the form of statements of work, deliverables, etc. Simply being allowed to participate in a conversation will not allow the masses of enterprises to spend money to become a member. Hence, this is the reason why the Liberty Alliance only has four of the Fortune 500 whose primary business isn't technology.
The discussion around OpenID and authorization is vital to being able to conduct meaningful commerce over the Internet in a modern way yet even the Liberty Alliance seems caught up in the hype known as two dot O ism...
Johannes, you have my full committment to contribute but I really need the help of other identity thought leaders to brainstorm or at least amplify the following problem spaces:
- How do we get Microsoft, BEA and IBM to participate and not champion their own competing specifications?
- How do we get industry analysts to not just tell the story through the eyes of vendors, but also of users?
- How do we get software vendors to implement whatever specifications emerge in this space quicker starting with folks in the BPM, ECM, SOA, CRM and ERP space?
- How to we embrace all of the languages that an enterprise may use and not just Java, .NET and limited support for Ruby on Rails? We need solutions for legacy mainframes, Smalltalk, and the scripting languages too
- What do bloggers such as Phil Gilbert, Ismael Ghalimi, Tom Baeyens, Dana Blankenhorn, David Berlind, Dion Hinchcliffe, Richard Stiennon, Joe McKendrick and Phil Wainewright and others need to discuss in terms of identity within their own subject areas as they aren't talking about it yet?