Sunday, August 12, 2007
Why is there a very slow adoption of SAML within Packaged applications
One thought that I have is that industry analysts such as James Governor, Nick Gall, Alex Fletcher, Brenda Michelson, Nick Selby, Raven Zachary, Michael Cote, Stephen O'Grady, Dan Blum, Gerry Gebel, Bob Blakely and others from their respective firms do a decent job of covering security products but are absolutely horrible in terms of looking at security within products. I suspect they don't even ask the questions.
Folks such as Conor Cahill is focused on interoperability of protocols within his role for Project Liberty but they too haven't encouraged non-security vendors to implement security protocols. One can interpret the importance of SAML as another form of vendor-oriented architecture where the conversation is solely on the focus of creating new products while not talking about what it takes to put SAML into existing products.
You might have noticed that you will not find the likes of Jeff Bohren, Billy Cripe, Pat Patterson, Kim Cameron, James Robertson, Craig Randall, Mark Dixon, Mike Jones, Dick Hardt or any other employee of a software vendor talking about how they will work outside the security community to get it implemented. Their conversations for the most part are insular in nature.
This is not to say that us enterprisey types aren't guilty either. We do a horrific job in requiring our key strategic partners to implement security within their products especially in the BPM and ECM world.
Links to this post: