Friday, October 12, 2007
Links for 2007-10-12
Brian Huff is called out regarding a post saying that there are too many identity standards. In order to understand this perspective, one has to first acknoledge that Brian works in the ECM domain which is the absolute last technology horizontal to do anything. Half of the folks in the world of ECM don't even understand the benefits of SOA while others that do, have created horrific WSDL over existing APIs. Folks in the ECM domain don't talk about patterns, have no reference architecture in common and don't even collaborate on standards, so anything that remotely requires stretching the brain like security will be attacked. XACML is especially fugly for them as the design of their products have spread authorization logic all over the place. Download the code for Alfresco and you will see exactly what I am talking about. The one thing though I would say that Brian does have a point on is that Liberty isn't as successful as they appear. They have been successful in getting security products to implement common security standards but haven't had a single success in getting non-security products such as BPM, CRM, ECM and so on to implement SAML, XACML, OpenID, CardSpace, WS-Federation and so on. Identity is not a product, it should be built into every piece of IT software within our ecosystem.
Good advice from the Agile Elephant on career management. This is a post that should be emailed to your peers.
Jeff Bohren is wrong. Bob Blakley is more right but they are all missing something. Bob stated clearly the notion of a business plan which folks skipped over to by thinking about how to productize it and make money by exploiting folks with larger wallets. If that is the lens you see things, then this will fail. Some things are wildly important but otherwise not profitable. Profit shouldn't filter out all ideas.
Is project management in large enterprises getting more horrific?
If you ever wanted to read a posting that offers bad advice on security, this is the one. This author is telling you to not pay attention to standards such as SAML and WS-Security as you may get trapped. Maybe the trap is the simple fact that his product's underlying architecture is so weakly designed that it can't be added. Anyone who believes that security shouldn't be done in layers is attempting to hide something.
A great posting on agility or lack of within enterprises. I would love to see Pankaj Arora, Vinay Pai, Alan Inglis, Robert McIlree comment on idiotic behavior they have witnessed in hopes that others may read and stop bad EA practices.
