Saturday, May 26, 2007
Is Oracle ECM better than Alfreso, Filenet and Documentum?
Raoul Miller of Oracle posted an interesting blog entry that others in the ECM space should take notice of. I hope that Nick Patience and Alan Pelz-Sharpe read his blog with passion and will include his thinking in upcoming research reports.
I have always been somewhat critical of the ECM space as from a software architecture perspective, this domain is way behind the times with their client/server thinking. Unlike other domains such as J2EE, SOA, BPM, ERP, CRM there are absolutely zero documented design patterns, zero reference implementations and no evidence of any standards in the interoperability space. In addition, this domain has been late to the game when it comes to participating in an SOA and definetely is so far behind on acknowledging the need to converge ECM with enterprise security it is embarassing.
Luckily, Raoul mentions both SAML and XACML, how this will be part of their Fusion middleware foundation and how all products will align to it. Supporting SAML is not simply changing out the authentication process but may also include understanding the SAML attribute assertions at runtime and being able to use them throughout the product. Many of the competitors to Oracle at best can switch authenticators but really can't use dynamic information and relies on local copies which is sad.
More importantly by embracing XACML, it probably means that Raoul has figured out that ACL based security models are legacy and simply don't work if you plan on integrating say ECM with BPM or CRM. The funny thing is that many ECM vendors also realize limitations with ACL-based approaches yet concluded that DRM/IRM is the answer. While it could be in standalone situations, it really would require them to better understand how customers truly use their products. I guess if they do go down the DRM/IRM road, at least they could support external implementations such as the wonderful offering by Microsoft that is built into Active Directory. Oops, this would require them to integrate which they aren't capable of thinking about.
Raoul, I am glad to learn that you support SOAP/WSDL out of the box and have the ability to generate them via wizard for any server. I am surprised that you guys figured out that there is a thing called SOA that enterprises want to us and didn't require folks to create their own within each enterprise. In reading into your comment, I suspect that you also treated customers with dignity and didn't consider this a separate product offering and simply put it were it belonged.
I wonder if any industry analysts who cover the ECM space would even mention that Oracle has out of the box support for Web Services while others are lagging? If they mention this, they should also comment on Raoul's statement about directly supporting runtime binding to Active Directory. In order to get ECM up and running, an enterprise simply shouldn't be forced to create yet another credential store locally as this is just fugly.
| | View blog reactionsI have always been somewhat critical of the ECM space as from a software architecture perspective, this domain is way behind the times with their client/server thinking. Unlike other domains such as J2EE, SOA, BPM, ERP, CRM there are absolutely zero documented design patterns, zero reference implementations and no evidence of any standards in the interoperability space. In addition, this domain has been late to the game when it comes to participating in an SOA and definetely is so far behind on acknowledging the need to converge ECM with enterprise security it is embarassing.
Luckily, Raoul mentions both SAML and XACML, how this will be part of their Fusion middleware foundation and how all products will align to it. Supporting SAML is not simply changing out the authentication process but may also include understanding the SAML attribute assertions at runtime and being able to use them throughout the product. Many of the competitors to Oracle at best can switch authenticators but really can't use dynamic information and relies on local copies which is sad.
More importantly by embracing XACML, it probably means that Raoul has figured out that ACL based security models are legacy and simply don't work if you plan on integrating say ECM with BPM or CRM. The funny thing is that many ECM vendors also realize limitations with ACL-based approaches yet concluded that DRM/IRM is the answer. While it could be in standalone situations, it really would require them to better understand how customers truly use their products. I guess if they do go down the DRM/IRM road, at least they could support external implementations such as the wonderful offering by Microsoft that is built into Active Directory. Oops, this would require them to integrate which they aren't capable of thinking about.
Raoul, I am glad to learn that you support SOAP/WSDL out of the box and have the ability to generate them via wizard for any server. I am surprised that you guys figured out that there is a thing called SOA that enterprises want to us and didn't require folks to create their own within each enterprise. In reading into your comment, I suspect that you also treated customers with dignity and didn't consider this a separate product offering and simply put it were it belonged.
I wonder if any industry analysts who cover the ECM space would even mention that Oracle has out of the box support for Web Services while others are lagging? If they mention this, they should also comment on Raoul's statement about directly supporting runtime binding to Active Directory. In order to get ECM up and running, an enterprise simply shouldn't be forced to create yet another credential store locally as this is just fugly.