Enterprise Architecture: From Incite comes Insight...

I figured I would critique the response of Marco of HP to an earlier posting...

As you rightly said, to achieve this it is however necessary an "ecosystem" i.e. various enterprise solution providers need to enable their solutions. I guess it is important to understand what the differentiator and added/value would be, against existing enterprise "SSO" solutions (such as kerberos, NTLM, portal-based SSO, etc.).

I suspect that I am probably asking too much for software vendors researching user-centric approaches to have conversations with other vendors. In reality, I think I need to acknowledge that research really means preparing the internal story for one HP product to integrate with another HP product and ignore the fact that us customers may want to integrate products across our vendors.

Anyway, my perspective still stands that regardless of whether it is user-centric, Kerberos or any other approaches, HP and Microsoft need to become more active in getting folks in the BPM, ECM, ESB, ERP, CRM and other spaces to implement standards. Right now, I can't compare two standards in terms of value because neither is implemented within products I care about.

At the moment, in B2B contexts (such as supply-chains, etc.), most of the interactions are predefined and rigid (based on contractual and legal agreements), with just a few specific roles (and limited set of employees) involved. More “flexible” (and spread in terms of usage) are outsourced enterprise services for employees – such as corporate travel booking services, healthcare services, benefit services, information services, etc. However, also in these contexts there are already mechanisms to achieve SSO – for example by using web-based services, employee portals, employees’ NT logon credentials (or X.509 credentials) and ad-hoc “plumbing” between the enterprise and the involved external service providers.

While I understand the interesting taxonomy you have suggested, I am not sure that I agree with your perspective. What would a benefit service be except a B2B context? Do you think of the services that United Healthcare, Aetna, Cigna, etc provide to large companies like Boeing, HP, etc and their employees a supply-chain play or something more flexible?

In terms of the perspective of roles, I too disagree with rigidity. Many of our systems we implement reflect the financials of our partners not only against roles we define but also allow the partners to define their own views into how they define roles and organizational hierarchies and our systems adapt. The ability for the internal system to understand the organization chart of another enterprise is important and definetely not rigid.

I agree on the importance of eventually being able to better manage entitlements and different policies that apply in different contexts: I believe this is currently done with ad-hoc approaches and/or by "hard-coding" these policies.

This is not a belief but a fact. If you look at the discussion started by Brian Huff, Billy Cripe and Craig Randall in terms of the ECM domain, they are all admitting the lack of flexibility in terms of their product architecture to even manage entitlements. I guess the thing that should be researched is how to help software vendors develop better architectural models for their software products.

In the enterprise users are the "employees". To use the same paradigm, what would an "employee-centric" model be? Would this make any sense, considering the different context and requirements that an enterprise might have (in terms of business, security, privacy, etc.). Anything else beyond SSO use-cases?

Users and employees are not analogous. Too many current security models assume that folks within the firewall are all of one demographic. Have you ever heard of outsourcing? I suspect that you can probably find many shops where HP for example runs the desktop support operation and has a higher headcount in terms of users than the employees themselves. Ask yourself, how should HP employees interact with systems on the Internet if they happen to be at a client installation.

FYI. Trackback is a better way of continuing a dialog over commenting...