Sunday, April 22, 2007
Lies told by BPM Vendors
There are a variety of bloggers discussing how their products are standards compliant with BPMN, BPEL and BPEL4People where others are discussing Do BPM before BAM yet there is not a single conversation around the need to think about security upfront.
Wouldn't it be intriguing if your BPM vendor told you how their product could participate in single signon (SSO) via industry standards such as SAML and/or WS-Federation? Wouldn't it be equally interesting to hear from your vendor regarding support for identity standards such as OpenID and/or CardSpace? I bet if you asked your favorite BPM vendor about adding in support for XACML they will avoid the question as the architecture of many of these BPM products would require rewriting from scratch, the ability to externalize entitlements.
I wonder if Ishmael Ghalimi, Phil Gilbert, Bruce Silver and others in this space would entertain a public conversation on the notion of the weaknesses of BPMN. For example, it is intriguing that we can have a decision shape that looks pretty on the diagram but no one ever really talks about the behavior of a decision and how each and every single product implements it differently. I bet a deeper look into this space would uncover that 95% of all the work in BPMN is not portable between one vendor and another.
I can take a J2EE application originally targeted to run on JBoss and easily move it to BEA Weblogic but I can't take an application written for Intalio and move it easily to Lombardi. Do BPM vendors care about this type of portability to the level where they will take actions to actually have conversations across companies?