Sunday, April 08, 2007
Enterprise Usage of Cardspace and OpenID
Currently, if an enterprise wanted to embrace user-centric approaches they are faced with the following choices:
- Get their enterprise architects to sit on their butts and do nothing
- Purchase software to enable but go through the hassle of getting yet another vendor on their approved vendor list
- Attempt to write the integration into existing applications while struggling with lack of documentation on how to enable existing applications
For the first bullet, I should disclaim that sitting on one's butt happens until the Gartner and Forrester's start creating research telling us we should pay attention to it. The only accelerator would be if CIO magazine started talking about it.
The ability to remove us enterprisey types from practicing management by magazine is difficult at best.
The second one is even harder nowadays as the days of IT executives talking about relationships is back. One has to acknowledge that the vast majority of IT executives lack strong technical leadership capabilities and primarily are process oriented. This of course leads to the simple conclusion that they don't buy software based on best of breed functionality or even if it works at all, but those who make them feel comfortable in their purchasing decision. Until IBM, Sun, BEA, Oracle, CA, HP, Verisign and other big guys step up and start providing solutions, enterprise thinking will think of this technology as second-class.
The third thought is that I have observed a pulse in many IT shops that are starting to rely less on vendors to provide solutions and are starting to do more for themselves. In this space however there is very little guidance in terms of enabling an already existing site. For example, can anyone point to the following:
- Best practices for creating managed cards
- If you allow user cards to hit your site, what additional fields are required in terms of the user store
- If you want to inject cardspace support into client/server applications written in Java, PowerBuilder, Oracle Forms or similar technology, what is the best approach?
- What should a third-party audit firm look for in terms of an audit of this approach?
Anyway, I hope that this stuff will emerge shortly and that the conversation in the blogosphere will move away from vendor-oriented, consumerish discussions towards embracing enterprise participation...
Links to this post: