Sunday, July 29, 2007
ECM: Insights despite the inciting
- I’m becoming rather bored of the barbs. Yet, despite them, it’s worth providing answers to reasonable questions
- I’ve said as much already in my blog, which by the way is a personal weblog and not a vendor weblog.
- I don’t think savagely of James or anyone else, supposedly thinking: “the easier it is to get rid of your product, the more we like you.” Actually, I’m fully of the mind that you should be in full control of your content, metadata, identity, etc. In this sense, I think that the opposite generally holds: the more you respect what flows in your platform, the more your platform will be relied upon.
- Being candid, I am not a security nor an identity expert, and I’ve never advertised myself as one. Regardless, these are critical aspects of any ECM platform, and DFS does afford greater openness via its support of SOAP, WSDL, WS-Security, etc.
I am not sure that any of my comments require anyone to be a security or identity expert. I think if you understand that DFS is a client tier API and that all one has to do to bypass it is to simply not use it, then it is inherently insecure. In terms of support for WS-Security, all this means is that there is a place to put security stuff in the SOAP header. It doesn't mean that just because you support WS-Security that support for SAML, Kerberos, WS-Federation and so on are supported. Was simply looking for a deeper understanding of your past blog entries. Some folks will say they support WS-Security only to have still stuck with username/password constructs which at some level is dishonest.
Likewise, one should acknowledge that there is a difference between server APIs and client APIs. I hope that you are noodling as part of your day job making both aspects of the equation extensible...
- DFS is a forthcoming enhancement to the EMC Documentum platform in its 6.0 release–one focuses on participation within and enablement of SOA, where not all services come from Documentum or into Documentum (e.g. WSDL from DFS bound into a capable third party BPM system, MEP’s between an ERP service and a DFS service, etc.).
Your previous blog entry talked about integration between Documentum and other BPM products from a UI perspective where I asked about what your thoughts were in terms of creation of industry standards were. Here you have mentioned using DFS which I understand is a service interface which of course you know is distinct from a UI way of integration.
- For example, providing XACML support means having an entitlement on every usage of every piece of content from an external source and not from Documentum’s security model.
I apologize if my questions make folks feel uncomfortable, simply attempting to understand the ECM domain at large. If I observe inconsistencies then should I not ask deeper questions about them in order to gain insight or would the ECM community prefer me to exercise my right to remain silent and only talk about the wonderful progress of features in this world kinda like the industry analysts do without understanding how ECM fits into the enterprise ecosystem?
Links to this post: