Thursday, May 31, 2007
Links for 2007-05-31
It is refreshing to hear that others acknowledge that security done correctly utterly destroys the premises of most checklists. I wonder if Alex Hutton has acknowledged that this will drive most process weenies crazy?
Tood Biske is one of the most thoughtful person on SOA and Enterprise Architecture that any enterprise would be blessed to hire. Perspectives of software developers (a dying commodity) and his analysis of their not getting with the program is spot on. I wonder if his wisdom also applies to folks in quality assurance and business analyst communities?
Michael Cote of Redmonk discovers MindManager which allows one to develop Mindmaps. I have had a license for several years now and love this product. While it is pricey, many of my peers have bought copies on their own nickel, something you won't see with too many other products.
Identity is the next killer application yet it hasn't been appropriately marketed. The funny thing is that most software vendors understand the value proposition it can offer to large enterprises but haven't yet figured out how to make money off it.
Interesting to see that IBM is also embracing XACML. I suspect that if their competitors were to talk to enterprise customers they might just learn that authorization is a bigger problem than authentication. After all, how long has single signon technology been available? Now ask yourself why aren't folks pervasively deploying it...
Ford employees are better at rationalizing mistakes than fixing them. Sadly, this is pervasive in most scenarios where engineers have to interact with process weenies
Wednesday, May 30, 2007
Thoughts on Unskilled Enterprise Architects
People tend to hold overly favorable views of their abilities in many social and intellectual domains. Overestimation of one's abilities or lack of occurs, in part, because people who are unskilled in these domains suffer a dual burden: Not only do these people reach erroneous conclusions and make unfortunate choices, but their incompetence robs them of the meta-cognitive ability to realize it. Participants in a recent study scoring in the bottom quartile on tests of humor, grammar and logic grossly overestimated their test performance and ability.
Charisma can take one a long way in many IT shops but it isn't sufficient to ensure long-term sustainable architecture. Of course, enterprise architects need the ability to influence, sell, align or whatever the management-by-magazine term of the day is, but process should never be a substitute for competence.
In terms of the study, folks whose test scores put them in the 12th percentile, they estimated themselves to be in the 62nd. Several analyses linked this miscalibration to deficits in metacognitive skill, or the capacity to distinguish accuracy from error. Paradoxically, improving the skills of participants, and thus increasing their meta-cognitive competence helped them recognize the limitations of their abilities.
This begs the question of when IT executives babble about leadership, have they thought past the basic need to influence and have reached the conclusion that self-reflection and tuning oneself is just as important?
Improving my Blog - Part Two
Have you ever did the group exercise where you are supposed to provide punctuation to the following seven word sentence:
- Woman without her man is a savage
I guess the point I am trying to make is that folks can read things very differently and walk away with a meaning that is totally different and even diametrically opposed to the original intent. For this I need to address going forward. Part of this though does require me to not wake up so early in the morning to crank out a daily blog. Being that I work fulltime, am attempting to finish my last and final book, have two kids, volunteer for several charities it does cause me to be sleep deprived but I do ask for forgiveness in advance if this happens in the future.
February of last year, noted industry analyst James Governor commented that he wasn't necessarily interested in seeing my stock portfolio. Taking this suggestion, I have moved all stock market commentary to a new blog entitled: Investorati. Others still commented on my frequent attack on George Bush and I have established yet another blog entitled: Stop the Bushitler so as to save readers from reading about non-IT topics. Of course all disclaimers apply.
I made a commitment back in 2006 and stated Multiple Goals some of which I have been successful while others have been a failure. I hope to get back to my original commitment and need your trust and support.
Perception is reality is a phrase that I hear alot. At some level I believe there is a lot of wisdom in the words while at another level believe it doesn't apply to me. Anyway, there are always unintended consequences. I have talked about how external conversations can have an effect on internal conversations but never really thought about how my conversations affect the vendors who also participate in the blogosphere.
Employees of software vendors are in many ways more constrained in terms of having an open, honest dialog than customers. There are times where I suspect many of the people I reference in my blog have wanted to strangle me. Of course, I could rationalize this away by merely thinking that they are somehow getting it twisted in terms of what I have said but I would then go against my own advice and have to admit that Rationalization is a trap.
I recently came to realize that I have been exploiting something for which I was unaware. A employee of a vendor ultimately would want to turn me into a customer and therefore will have to temper their responses. No matter how much I say that my blog is not about work, they have no trust cues that provide evidence and therefore must retreat to a safe position. I do encourage them to do two things. First, I ask that you Assume Ignorance and not malice but more importantly, anyone that has had a one-on-one conversation would testify that my true persona is very different than if you solely attempted to read my blog. If you want to understand more, trackback from your blog and I will do my utmost to respond with an answer that is in both letter and spirit the best I can provide.
For the record, I don't blog at work nor about work. In fact, if I have a conversation about something at work, I immediately firewall my thoughts in terms of talking about it within a blog. If you have ever watched CNBC Mad Money, you may be familiar with Jim Cramer where he outlines rules for investing. On many occasions, folks have questioned his motives for talking but have never really asked themselves, what if he has no motive and is simply Thinking Out Loud.
Sometimes folks think out loud and afford the opportunity to peak into their head. Its not that one wants to emphatically prove that they are part of the lunatic fringe or that the inmates are running the asylum but to merely allow others to take an unformed idea and do something with it. By sharing what I am thinking, I hope that others may benefit in ways that I can only imagine. Meme's are powerful but what is more powerful is in the seeding of ideas before they are even appreciated.
Within the open source community one has to think about vendor product offerings as the golden egg where an industry analyst will classify its form, color, shape and esthetics while ignoring what is truly important which is the goose that laid the egg. Ideas are eggs and if you are a smart individual, you can always generate more and therefore demonstrate that the value that one should focus on is the goose. There are way too many one hit wonders and I have no interest in being one.
The funny thing that my coworkers as well as those outside my enterprise have always assumed is that since I am a writer that I can do a better job of making my message more salient. Reality states that there are some truths to this but that folks need to understand the following:
Anyway, the one constant suggestion that I have chosen to ignore has been related to all the images within my blog. I have mentioned this story to others in that Doc Searls was my inspiration for blogging. Prior to meeting him face-to-face in 2003 out in Palm Springs at an EA conference, I was very familiar with the Cluetrain Manifesto and also started following his fellow coauthor Rageboy and loved how he included images in his blog and therefore borrowed the concept.
The one way that I can be convinced going forward to never include an image in future blog entries is by my readers showing an ounce of charitable giving. You may have noticed on the side of my blog the opportunity to contribute to a worthy charity? You may have also noticed that the dollar amount is still zero? I promise to all my readers that if this counter goes to $1,000 before I hit my 1,000th blog entry I will never include a single image in my postings going forward.
Even if I haven't convinced you, contributing to charity should be done for other reasons and this one is worthy of your hard earned monies...
Tuesday, May 29, 2007
Enterprise Architecture and the Socratic Method for obtaining buy-in...
One technique I frequently use (and forget to use) is the Socratic method. Instead of directly attacking people with your brilliant criticisms, ask leading questions so that people might come to understand the problem and any holes in their analysis. You may learn something. This strategy takes mature ego and patience.
Something interesting about this method: because you are asking questions, the other members of the conversation will have the opportunity to fill in gaps that you might be missing.
Monday, May 28, 2007
Are Business Applications Boring?
Business applications include billing, tracking equipment, people and projects under the guise of governance, custom interactive reports, sales forecasting, claims administration, etc. In business applications, one is generally modeling "rules of thumb" rather than intellectually challenging "puzzles" of the type seen in university courses in computer science.
Most folks in charge of business applications have difficulty expressing the rules of thumb. The software developer's job is to help them define and clarify such rules. Business knowledge is often implicitly understood, and it can be difficult for the domain experts to express that knowledge explicitly. This is one of the big challenges of business applications. Unlike university puzzles, the givens to the problems are generally not clear. There is often no easy way to tell if the machine is producing the intended results without having the end user try it for a while.
Sometimes software developers have sufficient expertise and influence to suggest changes in business processes to make them more logical or efficient. Presenting ideas to a business domain expert requires skilful sales technique. Otherwise, you risk coming across as arrogant or pushy. In the business world being liked is often more important than being right, but techies often see the reverse, creating a culture clash of sorts.
- NOTE: I would love for James Tarbell to comment is it more important to be liked or right in an upcoming blog entry without taking the hybrid answer
Usually a business has many nitty-gritty rules and exceptions to rules that require spending significant time and effort to adapt the framework. Copy-and-paste programming often seems easier than trying to make the ultimate generic Thing. Smaller scale abstractions, or micro-frameworks, can be more easily replaced without widespread impact. Todd Biske, Nick Malik and others have commented on SOA and why reuse doesn't ever seem to materialize in any meaningful way but haven't necessarily talked about how people need to change to make SOA successful. People, then process, then tools - in that order.
Good solutions to tough change management problems are difficult to discover. It is hard to find stable abstractions when the people who dictate requirements come and go in the organization or act seemingly capriciously. Applying abstractions from math and geometry is much easier because God does not change the rules. However, the Gods of Business flip all over the deck. Business culture is shaped by sales, and selling is generally an "intuitive" discipline. Thus, explicitness is often not expected and not honed by management. I am of the belief that this is the number one impediment to Business/IT alignment and therefore those who pursue alignment will always be banging their head into a brick wall.
Business applications build up "cruft" over time. Business rules tend to keep collecting and collecting until the behavior of the system becomes unpredictable. Nobody wants to risk cleaning it because they are afraid something might break. Or, there may be a business rule in there that solves a problem that the current staff did not know existed. The knowledge of why specific code exists might be lost. Users expect the behavior to be there, and are surprised if it disappears. A programmer might remove something that looked like a bug, to later find out that it actually served an important but undocumented purpose.
Failure to keep the system clean is typical of poor programming practices. The benefits of keeping things clean are numerous, among them are easier programming, less code, more flexible system, and cheaper faster development. However, often there is no financial incentive for a given developer to keep things clean. They are judged from quarter-to-quarter rather than year-to-year and spend more time managing perception than in managing either architectures or code. It may help the company, but the company will often not recognize the effort.
- NOTE: I give James Tarbell the permission to exercise his right to remain silent on the above comment without guilt. I do wonder if he sees poor programming practices as something that should be of higher priority within large enterprises?
So, you should ask yourself, what should folks do when they become bored with business applications? Unless they work for an Indian outsourcing firm where rotation is built into the culture and actually having real-world experience isn't required nor expected of the client then rotation becomes problematic. Rest and rotation would be nice. The problem is that HR wants gajillion years experience in the target occupation or specialty. That makes it difficult to rotate domains for Americans...
links for 2007-05-28
I love the blog of Eric Newcomer of Iona. Have you ever noticed that he is one of the few CTOs that when presenting on a topic to teach you the salient issues while having enough integrity to not sneak in a thinly veiled sales presentation in disguise? On the topic of WS-*, while I agree with the need for the specification, I also believe that the velocity by which standards are emerging is simply too fast for vendors to implement. Mark Little of JBoss is the brains behind this standard and a fellow co-author of several books yet I feel compelled to mention that I would rather see a vendor in the ECM and BPM communities not implement WS-Transactions in exchange for rapid implementation of WS-Federation within their products. Sadly, most ECM vendors (With the exception of Oracle) haven't even put in basic standard web services support.
John Newton of Alfresco mentions that the content management community must have an interoperable standard for building applications. The AIIM iECM standard effort has disbanded, but that doesn’t remove the need for a language-neutral, remotely accessible standard for content interoperability. Once vendors cooperate on such a standard, the ECM industry is likely to take off the same way that database did. I wonder if John and his team should run in the opposite direction from Documentum and Interwoven while preferring to engage Raoul Miller of Oracle in a conversation around standards in the ECM space. While I know that neither will publicly comment on whether AIIM is relevant, I suspect I already know the answer.
Stowe Boyd commented on a plaxo sponsored survey that uncovered that bloggers are more connected than journalists. The funny thing is that depending on definition of the word connection, I am either extremely connected or alone wandering around in the wilderness. I am surprised that Stowe Boyd didn't ask them to figure out the relationship between being connected and influence?
I wonder if this also applies to all those folks in Fortune 100 enterprises who use industry analyst research to devise their strategies (aka management by magazine)?
Burton Group has some of the best security analysts in existence. Yet, the notion of distinct services seems to get in the way of them adding even more value. For example, Wouldn't it be interesting if Gerry Gebel could not only talk about XACML interoperability but could also work with Chris Haddad and Anne Thomas Manes and figure out which J2EE application servers, ECM, BPM and ESB also implement XACML PEP or which vendors while writing the software actually used secure coding practices?
James Tarbell provides a contrarian view on why enterprises don't need software engineers and how they only add value in geeky silicon valley situations. Feels to me, he is throwing daggers at lots of folks on the left coast and in India
Some people sit and pontificate about whether leaders are made or born. The true leader ignores such arguments and instead concentrates on how to become a better. The funny thing is that I would have prioritized the list a little differently or at least added worthy of followership and that real leaders are keepers of the flame and have unwavering vision. Glad to see that perception management isn't a top five trait though.
Most of the conversation regarding outsourcing is either some low quality American developer who loses their job to a low quality Indian developer due to rate arbitrage or some unpatriotic IT executive whose lineage isn't from a software development background and how outsourcing is inevitable. Daniel Bernier is probably one of the best developers I have ever met in my travels and you should check out his blog for a perspective that is rarely seen. Maybe Indian outsourcing firms should consider hiring him to clean up all their failed projects. While they number into the hundreds, I suspect he can right many of the wrongs.
Apoorv Durga comments that most CMS products boast of multichannel delivery capabilities. I wonder if he considers SOA a channel? If so, then that would invalidate his statement, so therefore choose the answer that doesn't.
Jeff Potts talks about how to integrate Alfresco with LDAP. It is intriguing to see that ECM folks think that one should change how LDAP works in order to make ECM work. What if you already have LDAP via Active Directory and use it for other purposes? Should you break all your other enterprise applications that dont require changes to schema in order to support ECM or should the ECM marketplace get with the program and change their product architectures to better support LDAP as used within the enterprise?
Data deduplication is interesting but wouldn't adding compression be more interesting? If NAS appliances use Windows NTFS, ZFS, etc for file systems then couldn't they expose the compression to the user without the vendor even having to write additional code to support this functionality?
Sunday, May 27, 2007
Enterprise Architects who underachieve...
At that point, they can keep on pushing at the expense of their health and relationships or they can dedicate themselves to becoming underachievers. Have you ever heard the phrase, slow and steady wins the race? Now consider the lifespan of a rabbit is maybe three years while tortoises live to over a hundred.
Have you ever noticed how industry analysts aren't stepping up in terms of depth of research? Maybe it is because they have figured out that underachievement is the key to success. How come BPM and ECM vendors aren't incorporating enterprise security features into their products? Is it because they aren't aware of this need? Is it because they aren't capable of coming up with thoughtful architectures for their products or is it because they see it through the lens of diminishing returns?
Why do folks continue to outsource work to countries such as India when they have observed others within their industry bringing work back in-house. Maybe outsourcing is the manifestation of underachievement?
More Links for 2007-05-27
Good to see Kim Cameron debating with Jeff Bohren in that his characterization of Information Cards as authenticating the computer not the user has some merit. I believe that within certain verticals a relying party truly needs to know whether there is a human on the other end and not just a bot. Consider all the businesses that require licensing and the fines associated with having an unlicensed individual do financial planning, sell insurance, etc. I would love to see Cardspace 2.0 have a way that a relying party could require a claim that was implemented using CAPTCHA.
Here is a blog entry that should be mailed to all CIOs who abuse the meaning of architecture.
Microsoft has made publicly available for developer shops their internal methodology. While I know there will be a lot of downloads from large enterprises, it would be interesting to know if any folks that are employed by ECM and BPM vendors have downloaded?
Paul Toal comments on the behavior of folks within enterprises to require adherence to specifications they don't really understand. The reason enterprises desire standards is not only for interoperability but to normalize their vocabulary. Out of curiousity, it would be interesting to know how many RFPs Sun gets where they are asked if they support Java?
Before thinking about whether this is a good idea or not, I would love to understand how Directory Servers should be licensed? If by entry, then using as a blog platform would be a bad idea. I hope that Pat Patterson would agree?
Michele Leroux Bustamante shares a thoughtful way to understand all standards. I consider this a must read for those pondering SOA
Conor Cahill is pretty smart when it comes to use of user-centrics approaches within the enterprise. The one point I would probably pick on is: Users should be able to control the use and dissemination of their data. At some level, this makes sense but folks need to have a conversation of the legal liability of the enterprise itself if a user exposes their own medical information, social security number, etc using company resources. Different enterprises have varying opinions on this issue. I would have been happy if Conor shared where folks disagreed as this provides insight as well.
Johannes Ernst shares an interesting perspective of the identity landscape. I would have loved to add a third dimension that isn't about IT or business which would be the inclusion of a large industry analyst firm either endorsing or throwing daggers.
I do not like to listen to the same song over and over again, especially not when I know there is a whole album, a variety of tunes I could be listening to. Recent developments in the agile community suggest that people realise more so than ever that is it time of us to start listening to those other ‘tunes’. The agile community would be best served by figuring out ways to apply agile methods to ITIL and Enterprise Architecture than to repeat the same message regarding software development.
I bet you wouldn't expect me to say no. Fixing security vulnerabilities within products does have a negative effect on cashflow as enterprises yet are still in the mindset of asking for features they truly don't need instead of focusing on the increase of litigation targeted at IT oriented problems and the risk that sloppy vendor coding exposes their shops to. Vendors shouldn't step up until enterprise architects start to step up and demand secure coding practices of outsourcing firms, software vendors and the open source community.
It seems as if all the large vendors and their enterprise customers are abandoning Smalltalk. I sure would hate to have to sell Smalltalk as part of my job. According to Forrester, Smalltalk started its decline during the dot com era.
Links for 2007-05-27
Cote of Redmonk asked if there was a theme to the conference. Let me share what it wasn't. The funny thing is that open source runs many businesses including Fortune enterprises yet there wasn't as strong attendance as in previous years. James Governor and others talk about the participation age which should be a strongly discussed component of any open source business model yet that wasn't talked about much. Likewise, as open source climbs the stack away from boring topics such as operating systems and heads towards industry vertical specific software, many vendors are struggling with how to participate in a space that is more expensive to enter. I really hate when industry analysts attempted to suggest that mixed source companies are open source when in all reality they are more closed than those who acknowledge their business models will never be open...
Good to see that Scoble is a patriot and acknowledges that Memorial day shouldn't just be about burgers but about our troops, past and present, who have put themselves in harm's way to protect our freedom and liberate others. I wonder if other bloggers will do the same.
Interesting to read an article written in 2006 where Bud Porter-Roth acknowledges that ECM systems aren't standalone and need to integrate with CRM systems. Where he gets it twisted is in mentioning that SOA will bring new products to the ECM market when he should be demanding that AIIM discuss how SOA (like security) should simply be built in.
Ken Oestreich of Forrester if making
When Nicholas Carr asked this question, what came to mind was he should ask himself how much of a disservice does he believe he is doing to all IT employees who are losing their jobs to outsourcing along with the resulting salaries that could create other American jobs are going instead to places who will never understand the meaning of Memorial Day. Maybe the blogosphere would be better if he exercised his right to remain silent and make life a lot easier for all of us.
Folks spend a lot of money on security technology yet security is still a problem. Hopefully security professionals are familiar with the Agile Manifesto and understand people, then process, then tools - in that order. So in order to answer the question one seriously needs to observe the fact that the problem may be with not only the people in general but also the fact that security tends to attract process weenies more than other parts of IT (with the exception of outsourcing and project management) and therefore haven't spent enough time to understand that process could never be a substitute for competence.
Is risk analysis really business oriented? I think not. Maybe security practitioners need to figure out how to use security in a way that enables business capability instead of becoming an impediment to it.
Saturday, May 26, 2007
Links for 2007-05-26
An attendee of EMC World commented on Documentum features. Apparently he is excited about Java APIs in the ECM space and has previously written about them. This begs the question of whether industry analysts who cover ECM should research the quality of APIs exposed by ECM vendors since many customers actually use them. Likewise, this person also comments on SOA which I find interesting. SOA has been talked about for years and I would have at least expected some commentary on why did it take so long and whether it would be proprietary WSDL or something that feels more standards based? Imagine the possibility of all ECM vendors leveraging common WSDL.
If your enterprise architecture team hasn't taken the opportunity to evaluate Liferay Enterprise Portal, you need to get familiar. It is not only 100% open source using the purest of definition, it is also one of two portals certified to scale to 384 CPUs and has been independently certified as the most secure portal software regardless of open or commercial. Anyway, I find it interesting when new versions of products emerge and the documentation of open source projects fall behind. Harri Kaukovuo jumps in and provides solutions to problems others may face. I wonder what it would take for open source industry analyst types like Raven Zachary and Alex Fletcher to comment that the biggest problem with open source is not source code but the lack of high quality documentation which is something that large enterprises should be able to contribute to without getting their legal folks twisted.
Folks know that my frustrations with industry analyst firms runs high but in terms of attacking Gartner is simply unproductive. Could folks not focus on the magic quadrant so much as the conversation seems to be all about the perspectives of software vendors. I wonder if folks think there is merit in understanding the perspective of an enterprise in that they want to see all potential solutions which could even include non-commercial open source offerings. Was it sad, is that I run across so many software vendors who are frustrated with high fees they pay to analyst firms and they acknowledge they would rather have direct access to customers yet when I ask them does their CTO blog, I get a deer in the headlights look. Haven't they figured out that hyperlinks subvert hierarchy?
I was excited to see that Microsoft was going to help enable identity in languages such as Ruby, Java and PHP until I read this phrase: The open-source projects will create code to specify Web sites' security policies and to accept cards in Java for Sun Java System Web Servers . Kim Cameron, please say it aint so. While you are on the campus at Redmonk and are somewhat isolated from us customer types and based on the folks you interact with on a daily basis, the thinking can become somewhat insular, I hope that you understand that while providing support for Cardspace in Java is good, doing so by embedding into Sun products is less good. You are probably aware that folks in large enterprises use J2EE servers such as BEA Weblogic, JBoss and IBM Websphere and that support for Cardspace should either be strongly encouraged by Microsoft by putting it directly into these products and/or making it a component so that it can be easily integrated. By putting it into the Sun product, you will make it difficult for enterprises to use Cardspace without having to drag along things they don't need. I wonder if Pat Patterson could amplify, refine, throw daggers at this thought?
OK, analyst firms influence is being displaced by bloggers and the ability of customers to hyperlink to each other. While I agree that analyst firms should come clean in terms of their sources of revenue, I would like for the blogger community to stop bitching and start proposing actionable solutions. What exactly is it you want from these analyst firms. Are you looking for disclosure in the way the folks over at Redmonk do? Are you looking for the Magic Quadrant to have an indicator next to each vendor as to whether they are a client? The one thing I can say is that Vinnie Mirchandani and Brian Sommer are spot on in terms of analysts covering very mature technology segments while ignoring emerging ones. Wouldn't it be interesting if they talked about how otherwise distinct segments could integrate with each other? Would it be valuable if an analyst firm for example talked about how ECM and BPM could work together vs treating them as standalone topics?
Is Oracle ECM better than Alfreso, Filenet and Documentum?
I have always been somewhat critical of the ECM space as from a software architecture perspective, this domain is way behind the times with their client/server thinking. Unlike other domains such as J2EE, SOA, BPM, ERP, CRM there are absolutely zero documented design patterns, zero reference implementations and no evidence of any standards in the interoperability space. In addition, this domain has been late to the game when it comes to participating in an SOA and definetely is so far behind on acknowledging the need to converge ECM with enterprise security it is embarassing.
Luckily, Raoul mentions both SAML and XACML, how this will be part of their Fusion middleware foundation and how all products will align to it. Supporting SAML is not simply changing out the authentication process but may also include understanding the SAML attribute assertions at runtime and being able to use them throughout the product. Many of the competitors to Oracle at best can switch authenticators but really can't use dynamic information and relies on local copies which is sad.
More importantly by embracing XACML, it probably means that Raoul has figured out that ACL based security models are legacy and simply don't work if you plan on integrating say ECM with BPM or CRM. The funny thing is that many ECM vendors also realize limitations with ACL-based approaches yet concluded that DRM/IRM is the answer. While it could be in standalone situations, it really would require them to better understand how customers truly use their products. I guess if they do go down the DRM/IRM road, at least they could support external implementations such as the wonderful offering by Microsoft that is built into Active Directory. Oops, this would require them to integrate which they aren't capable of thinking about.
Raoul, I am glad to learn that you support SOAP/WSDL out of the box and have the ability to generate them via wizard for any server. I am surprised that you guys figured out that there is a thing called SOA that enterprises want to us and didn't require folks to create their own within each enterprise. In reading into your comment, I suspect that you also treated customers with dignity and didn't consider this a separate product offering and simply put it were it belonged.
I wonder if any industry analysts who cover the ECM space would even mention that Oracle has out of the box support for Web Services while others are lagging? If they mention this, they should also comment on Raoul's statement about directly supporting runtime binding to Active Directory. In order to get ECM up and running, an enterprise simply shouldn't be forced to create yet another credential store locally as this is just fugly.
Friday, May 25, 2007
Enterprise Architecture and Encouraging Underachievement
We'eve established the envy and disdain that coworkers have for anyone who appears to be very successful. That's human nature. One of the fundamental laws of physics holds that systems tend toward equilibrium. Apply this law to the modern enterprise and you will discover that corporate systems exist for a variety of reasons and one of them is to keep overachievers from making everyone else look bad while assuring a stable norm. How else can one rationalize Bell Curve Compensation?
One of the more toxic effects of great accomplishment is the unseemly eagerness with which folks scramble to take credit for at least part of it, especially when they feel compelled to in the pressurized atmosphere of overachievement. Unachievers aren't threatening to others. They're unlikely to screw up as often as someone pushing for perfection. If they fail at a project, oh well; no one expected much anyway. If they succeed, it will seem, paradoxically, like a fantastic acheivement. This falls in line with the job of an enterprise architect and Perception Management.
I wonder how many folks appreciate the fact that underachievement at work is not, however, simply about staying employed. It is also about keeping the other relationships in your life healthy. For example, if you are going to spend weekends at work all the time, you'd better be making wheelbarrows full of money to compensate for all the time you're not spending with friends and family.
Face the fact: you're probably not going to be a millionaire, so why kill yourself? Go home and think about grilling hamburgers (unless you are a communist vegetarian) and the real meaning of Memorial day which is all about remembering our troops who are in harms way so as to protect the right for Americans to be idiots by outsourcing jobs to folks who would never put our country first...
Links for 2007-05-25
Agile methods are important but outsourcing to countries who have zero ability to be agile is more important.
Todd Biske is right on the money by echoing the fact that companies who have mastery of SOA also have forward thinking management. I wonder if him and Joe McKendrick would define a litmus test so that others can characterize their own enterprise in terms of the management team?
Dion Hincliffe carefully avoided predicting the characteristics of management and focused on the safer answer related to technology. The funny thing is that he believes folks will be still using usernames and passwords. I would hope that Cardspace 5.0 is in the future of his fictitious enterprise unless they won't look at it until industry analysts such as Gartner provide coverage. I suspect Management by Magazine will survive web 2.0...
I normally wouldn't link to a blog that has a politically incorrect word in it but this one is worth the read. A thoughtful analysis of behavior models in large enterprises is something to be noodled
Folks in the Smalltalk community and those who advocate CMMI already have a head start
I wonder if Ronan Bradley will publicly acknowledge that SOA may be held back because of too much information being disseminated by both vendors and the industry analysts they pay that is simply too shallow to be useful. While vendors need to sell product, SOA adoption might accelerate if they changed their conversation to talk about the need for business architecture.
I wonder if anyone could comment on recent funding provided to the open source community by BEA, EMC or Oracle?
Microsoft provides answers to this question without acknowledging that the fastest path would be to work in a large enterprise where architect is more about a job grade than any adherence to a discipline
Kim Cameron shares how open source communities are rallying around Cardspace. I wonder if he has had a conversation with the folks from Netegrity (now CA) or Oblix (now Oracle)?
Thursday, May 24, 2007
Writing my Memoirs
So, I guess there is only one option and that is to hire a ghostwriter. As I understand, it is possible to hire a writer from countries such as India for only $3 an hour. I suspect I could get this written for a budget of $2K or so. Getting this book published will be a cakewalk whereas the most difficult part would be to not only find a competent writer but one that is familiar with US English along with slang terminology which I have yet to run across in my travels.
Part of being successful in this undertaking is that the ghostwriter will need to assist in creating the book proposal used to pitch to an agent or publishing house. Ideally, the first interaction would be for prospects to send a table of contents and a few pages of text so that I can be sure that they have a good grasp of the project.
This reminds me that I will probably have to create some form of contract. I guess I have to learn about international laws in terms of writing. I wonder if anyone else in the blogosphere has travelled this path?
Links for 2007-05-24
A practice that all enterprise architects should be familiar with...
Jeff Bohren from BMC is having a conversation that makes sense and understands how enterprises will use user-centric technologies. His statement is spot on: For enterprises there is an important potential value for InfoCards, and it has nothing to do with internal authentication. The value is by using InfoCards, an employee of a company can easily choose different identities depending on whether he is representing the company in a specific transaction or not. It has to do with separating personal from professional personas.
It is rare to see software development positions where you can work from home. It is funny that large enterprises can move jobs thousands of miles away though. Of course this company is on the left coast as folks in the Northeast are too braindead to incorporate working from home into their thought process.
It seems as if this blogger doesn't have faith in IBM and their ability to not tightly integrate with their own products at the expense of open standards. If there was a single company I believe would stay honest, it would be IBM
Wednesday, May 23, 2007
Anyway, Raoul mentions SAML and XACML didn't seize the opportunity to share with us when Oracle will be including support for them in their ECM suite. Hopefully, Raoul wasn't avoiding this answer in that it wasn't on their roadmap until I mentioned it or even worse regardless of customer need it still won't be on their roadmap, at least in the short term as this would prove out my analogy of client/server thinking.
Likewise, in terms of commenting on support for SOA, it would be very interesting if he could point me to the WSDL for their ECM services and ideally take the next step by proposing a WSDL standard interface to AIIM. In thinking about this issue, I also didn't see any commentary as to whether Oracle's ECM product offering could directly bind at runtime to existing credential stores such as Active Directory not just for authentication but to retrieve profile information, utilize Microsoft Certificate Services and other use cases that enterprises would want to accomplish.
When Oracle acquired Thor in the identity management space and Oblix in the SSO space, I suspect that the opportunity for convergence should be stronger than in other product offerings. Maybe Oracle's ECM suite will be the first to support SPML, CARML and other industry specifications that Oracle excels at.
I tend to read a lot of Oracle blogs and get annoyed because they haven't enabled trackback and therefore are a distant second in terms of community orientation when compared to both Microsoft and Sun. I wonder if the blog software is controlled by the ECM team at Oracle. If not, it should be...
Links for 2007-05-23
I have always wondered why folks confuse SOA with business architecture?
I wonder if all the original signatories who are consultants may appreciate the fact that customer could mean their clients should also participate in refactoring?
Larry Reid should ask himself whether he believes that enterprises nowadays prefer to buy software rather than build it and therefore agility is less relevant.
Hear is a company that indicates on its website that it provides open source yet no one can seem to find the source code
I think this author is onto something with JBoss where they suggest creating a custom JAAS login module for web services. I am curious why this can't be built into the SOAP stack itself?
Anyone care to guess at how many non-commercial open source implementations are mentioned in this report?
Software Design vs Software Engineering...
Design consists of the specification of requirements (functional, etc.) needed to satisfy the customer and other relevant external parties (the law, etc.) The job of a designer is to gather such requirements from various sources; asking customers directly, market research, academic research into relevant fields, domain knowledge, study of the law and of relevant standards and practices, and a bit of intuition and produce a specification of some sort. The designer is concerned with many human factors; aesthetics, functionality, ease-of-use, fitness for purpose and quality; the designer is less concerned with implementation details.
Engineering consists of the translation of these requirements into a technical specification describing a system which conforms to these requirements. In many traditional engineering disciplines, the role of engineer is generally not concerned with things such as aesthetics or fitness-for-purpose; instead the engineer is concerned with coming up with a system (or specification) which is correct, safe, and cost-effective.
The chief distinction between an engineer and a designer is that the engineer is personally (legally speaking) responsible for knowing said correctness and safety of the system. The processes of technical specification and other standard procedures exist so that the engineer can convince himself and others of this knowledge. In many fields it is possible for the engineer to be completely unrelated to the design process and only be responsible for the validation of the design...
Tuesday, May 22, 2007
Enterprise Architecture and the Three Pendulums
We are all familiar with the first IT pendulum where we go through cycles of being centralized to decentralized. Centralization is all about bringing consistency at the expense of overhead while decentralization is all about efficiencies and autonomy at the expense of unified approaches.
The second IT pendulum you may be less familiar with but occurs within the management ranks and begs the question of whether managers need to be technical or not. Sometimes, IT
The third IT pendulum that you may find is one of survival instinct. Have you ever met an IT employee in your travels who has survived outsourcing, layoffs, etc not because they are competent but more because they are nice? Sometimes being nice has more value than being competent and sometimes delivery matters regardless of atitude.
It would be interesting to understand where the three pendulums are in your enterprise. Please leave a comment or trackback...
Links for 2007-05-22
Jackson Shaw says enough already with authentication and that we should move to the harder stuff. I suspect that he hasn't ran across Anthony Nadalin, Archie Reed, Chris Ceppi, Dick Hardt, Paul Madsen, Pat Patterson or Andre Durand whom have done a great job of exercising their right to remain silent on issues such as authorization while focusing on consumerish use-cases related to identity. Anyway, he is located directly across the street from Microsoft in Redmond but I challenge him to find a single MS employee willing to discuss the merits of incorporating XACML into their products.
The Enterprise Sign On Engine (ESOE) is an advanced system which allows an enterprise to meet it's individual goals for integrated identity management, single sign on, authorization, federation and accountability for resource access in a very extensible manner. This has a better underlying architecture than Sun and their OpenSSO project. Stay tuned.
Thoughtful posting by Anant Jhingran on the importance of SQL within the marketplace
Good to see that the ACM is taking on the problem space of usability for identity management. Reconciling usability, privacy and security is harder than it appears. Most identity management vendors talk about provisioning and may touch on authentication but never talk about provisioning and its relationship to authorization.
Good to see the folks at Liberty are paying attention to things like Cardspace which I predict will be big in the next several years. I would love for these folks to noodle the scenarios listed here...
I wonder if someone made one area of activity simpler at the cost of the inherent complexity popping up unexpectedly elsewhere. They probably hired a former Smalltalk developer to run the program.
Monday, May 21, 2007
Links for 2007-05-21
A report released from Amnesty International found "the bulk" of arms transferred to Sudan is from Chinese and Russian sources, despite a UN arms embargo on Sudan. Later this week, Amnesty International will also be publishing a report on civil rights abuses in India.
Ever notice how Guy Kawasaki, Arrianna Huffington, Michelle Malkin, Kathy Sierra or Beppe Grillo never talk about politicians who are attempting to make a difference. At best they are only capable of either throwing daggers or practicing their right to remain silent.
Jason Corsello asks his clients why they spend so much with Gartner. At the time we were talking $100K minimum per annum but realistically north of $250K when everything is included. That’s a lot of money by anyone’s standards. Many vendors spend a LOT more. I wonder why vendors don't consider an investment in getting their CTO's to blog as a better usage of cash?
Is Mozilla Firefox bloated? I can attest that memory usage has been less efficient in later releases.
I wonder when folks will start noodling that the model of open source doesn't have to be commercial? What would happen if everyone within a particular industry vertical got together and figured out how to support themselves for non competitive advantage software?
A pointer to Scott Ambler's site on modeling
Compassion over killing.
Are Enterprise Architects Chickens or Pigs?
If you look into the modern enterprise, you will see lots of inefficiencies with the vast majority of it occuring during meetings. Lots of enterprisey folks talk about agility yet haven't acknowledged that most meetings have at least 50 to 80% overhead.
Most of excess overhead will claim they need to know what is going on because it impacts their work in some way. They don't need to know what is going on. What if enterprise architects stopped others from going to any excess overhead corporate meetings because they were one of the biggest suckers of productivity for the enterprise. People that like to go to these meetings are often seen in other meetings whining about not completing their deliverables because they were at such meetings.
Folks who like to attend meetings should be referred to as barnacles, because like barnacles on a ship, they will sink the ship if they accumulate. It is good to have some negative connotation in the terminology, no matter what we call it. People will not change their behavior if they do not feel an emotional impact.
Sunday, May 20, 2007
Links for 2007-05-20
Why is the software industry nearly incapable of producing virtually anything that even resembles excellence? I mean, there are a handful of exceptions, but I think they really just prove the rule. Is it human nature, systemic problems with business or are we collectively just too stupid or uncaring to produce first-rate software?
In order to develop an understanding of where and how open source software fits into the picture, it's important to grasp the opportunities for disruption technologies within the context of SOA. Alex Fletcher provides commentary on how we should frame this problem space.
One of the problems faced by IT groups is that their job function is basically to write code. This is a problem because sometimes, you shouldn't write code. Sometimes, the problem is best solved by NOT writing code.
Another blogger gets it twisted in terms of measuring EA. There is no ROI in governance, defining roadmaps, setting standards, etc. There is an ROI in terms of innovation and enabling revenue growth by focusing on the strategic intent of the business. Cost cutting should always be a secondary focus of EA.
Good to see Brenda Michelson keeping others honest especially those folks at MIT.
Both Mark Wahl and Charlton Barreto need to consider that identity alone is sometimes insufficient in terms of establishing a federation. Sometimes including authorization/entitlement information in the message exchange is required. One way to do this is via XACML which WS-Federation doesn't seem to address as well as SAML.
Tyler Cowen, a writer for The New York Post, inspires an alternative vision as to why income inequality is so pronounced in America. I believe it goes well beyond education where we need to focus on holding all parties especially outsourcing firms to EEOC standards.
I wonder what my boss would think if I wanted to be a beta tester? Anyway, the mainframe is not a second-class citizen (COBOL on the mainframe is) and should receive better industry analyst coverage.
Moral obligations of Enterprise Architects
First and foremost, enterprise architects should know, understand and appreciate the consequences of their actions. Too many times, enterprise architects do what is popular or are way too consumed by managing perception while not paying attention to other aspects.
In my humble opinion, the second obligation that all enterprise architects have is in not only knowing but using state of the art. Many of us stick with whatever happens to be familiar without ever considering the benefits of newer approaches. Of course, there are times when state of the art could be inferior in our opinion, but at least this decision should be made based on educated facts not level of comfort.
I have been told that ethics is the policy structure for your choices, your rules, and moral is the implementation, how you actually behave. I wonder how most would classify their own behavior model?
Chicken and Pigs
The pig says, "What should we call it?"
The chicken says, "How about 'Ham & Eggs'?"
The pig says, "No thanks. I'd be committed, but you'd just be involved."
Saturday, May 19, 2007
The Education System and Charitable Giving...
In the past, I have contributed money to support activities in our school system knowing that some kids are underpriveleged and cannot afford certain things but never really thought about the charitable aspects of the teachers themselves who spend much of their own money to make things happen.
I have been asking myself, that if I went to the blogosphere and asked for other corporations to contribute to a very simple experiment I wanted to conduct, would they participate? My idea is simple. I want to hold a simple raffle at the next school outing whereby the teachers could randomly win prizes, with zero strings attached.
I was thinking about pinging Steve Jobs of Apple to see if he wanted to contribute an iPod, Mark Hurd of HP to see if he would contribute a laptop, Michael Dell to see if he would contribute a 23" LCD TV, Jim Donald, CEO of Starbucks to see if he wanted to contribute a dozen $50 gift cards, Nick Grayston, CEO of Footlocker to contribute a $100 gift certificate, Joseph Draps of Godiva to contribute lots of chocolate and Howard Lester of Williams Sonoma various cooking supplies.
I wonder if I would be successful or is this futile?
XACML and Provisional Authorization
Let me first start of by saying that existing authentication mechanisms are adequate and don't need to be overhyped like they currently are being done in the blogosphere. Once a client has been authenticated and the current role assigned, the client may make authorization requests. Where the conversation needs to shift away from identity and authentication towards authorization as this is a bigger unmanaged problem within large enterprises that folks such as Pat Patterson and others in the identity crowd aren't talking about. They will argue that they are being incremental and nailing authentication before moving on, which I think at some level is true but at other levels dishonest.
Almost all implementations of access control and authorization systems have assumed the following model: A user makes an access request of a system in some context, and the system either authorizes the access request or denies it. Have folks ever considered the notion of provisional authorization?
Here are some examples of provisional authorization that I would love to see folks from BEA, Sun, Securent, Netegrity and Oracle noodle:
- You are allowed to access confidential information, but the access must be logged
- You are allowed to read sensitive information, but you must sign a terms and conditions statement first
- If unauthorized access is detected, a warning message must be sent to an administrator
So, how does one model such things in terms of XACML policy? Maybe Gerry Gebel of the Burton Group could consider these scenarios as part of his interoperability lab at the Catalyst conference...
Friday, May 18, 2007
Links for 2007-05-18
If those of the hispanic population in North America don't become outraged, as the next generation and the largest young demographic in the Americas, the entire world will be outsourced to the hellhole called Asia
Good to see that others appreciate an alternative opinion on the Kathy Sierra drama.
Gartner recently published the Security Information and Event Management Magic Quadrant of which loglogic is in the leaders spot. The funny thing is that I probably wouldn't classify their value proposition in this category. So, what should folks do when analyst firms get it twisted?
Guy Hoffman will be presenting at the Enterprise Architect Summit. I wonder if his company paid for the right to present thinly veiled marketing Powerpoint? This event seems to have less folks who are actually real-world enterprise architects than in past years.
Information and communication are the greatest lubricants to change, providing cushions against the stress of dislocation. Information technology, as IT will do well to remember, is its realm. No one is better placed within the company to open dialog enterprise-wide, to engage all of its customers in discussions and expressions of opinion that gradually illuminate the consensual view. IT can take a proactive stance in deploying the modern collaborative tools of discussion, not just among the workers and managers, but also in the C-level atmosphere.