Friday, November 30, 2007

 

Links for 2007-11-30



  • The Evolution of the CIO
    InformationWeek notes that the role of CIO is devolving while the role of the Chief Architect is gaining importance. One trend is that the process-oriented CIO's are being displaced by business leaders on one side while the enterprise is starting to appreciate that communication skills are the table stakes and that a strong technology savvy chief architect is what sustains competitive advantage.

  • Race and Intelligence isn't black and white. Its invisible!
    Taran Rampersad discusses myths regarding race and intelligence. I wonder why he didn't define race as the mental handcuff that individuals place on themselves.

  • Nodding about nodding dog alignmentThe sad reality is that many IT organizations which believe they are aligned with the business aren't actually delivering value.

  • How to consider orchestration
    David Linthicum does a good job at describing orchestration but twists one small thing in that he mixed orchestration with choreography in terms of acknowledging organization boundaries.

  • SOA Security
    Here are some great links to noodle.

  • Ten Tips for a (slightly) less awful resume
    Why are resumes of IT employees so uniformly horrific? It gets even worse when you read the resumes from Indian Outsourcing firms.

  • Enterprise Architecture Roles
    Dave Oliver acknowledges Enterprise Architecture roles can't really be seen as process driven and will depend on a high degree of specialised skills so we are talking about a high degree of practice.

  • Views from Left FieldRamblings from a software architect and wannabe triathete

  • Gartner Report: Agent vs Agentless Monitoring
    I wonder if there is any industry models to calculate ROI on paying industry analyst firms to write reports?

  • An Open Letter to the OpenDS Community and to Sun Microsystems
    I wonder if Sun realizes that in order to become an open source company, you have to do a lot better at retaining top talent. This does explain why Don Bowen moved his blog here. I would hope that the folks at Microsoft would sieze this opportunity by hiring them to work on ADAM.

  • In Praise of Open Source Analysis
    Enterprise Architects should be encouraged to move beyond traditional analyst firms and have conversations with those who have an open source business model, especially if you are seeking advice on open source.



    • # posted by James McGovern @ 7:00 AM links to this post
    | | View blog reactions


    Thursday, November 29, 2007

     

    Job Opportunity: Senior Java Engineer

    How would you like a starting salary of $125K plus bonus plus package along with the opportunity to work with other really smart individuals in the role of Senior Java Engineer?



    The position is with the New York Stock Exchange so you know that their bonuses won't be tiny. They provide four weeks vacation and don't do bell curve compensation. If interested, contact Ashwin Bhandari of the Tardis Group (www.tardis-group.com) and he will hook you up...


    # posted by James McGovern @ 11:45 PM links to this post
    | | View blog reactions


     

    Links for 2007-11-29



  • The Importance of Continual Learning
    Todd Biske has a great post on the notion of continual learning. I surely would hate to interview with him.

  • User Interface Design Patterns
    Good to see that UI folks also are embracing the pattern metaphor. Still awaiting the ECM crowd to step up though.

  • Authorization with OpenSSO's Identity Services
    Great to see that OpenSSO is starting to acknowledge the importance of coarse-grained authorization. The one thing that I would love to see show up in all of the Web Access Management products is CAPTCHA support in that sometimes you need to understand more than just if a user is a directory entry (aka fake authentication) but whether the user is a human.

  • Open Source software: is it really a free lunch?
    Andrew Savory will be discussing this important topic tonight with Microsoft Research and their legal folks. Let's arm him to be successful

  • Think about the bathroom much? You should!
    But have you ever thought about how much a bathroom influences our perception of a place? Instead of focusing on size of cubicle, maybe we need to understand the orientation of stalls?

  • Fear and Enterprise Initiatives
    Mike Kavis has been busy researching enterprise initiatives and has some interesting conclusions to share.



    • # posted by James McGovern @ 7:15 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture: Ten Reasons why Outsourcing tends to fail...

    Figured I would outline ten reasons why I believe outsourcing fails in hopes that others won't repeat the mistakes of others...













    # posted by James McGovern @ 6:30 AM links to this post
    | | View blog reactions


    Wednesday, November 28, 2007

     

    Thinking about my New Years Resolutions...

    The end of year is fast approaching which makes it a good time to reflect not only on accomplishments but on areas in which one can improve...



    So, how do I become a better blogger? Do I succumb to the pressure of the few by removing otherwise annoying photos from my blog at the expense of removing my own creativity? Do I become more sensitive to others and attempt to mediate disputes between other bloggers and encourage consensus driven thinking or instead throw out ideas no matter how untested or time proven in hopes that others will make them better?

    Do I stop attacking industry analysts and admit defeat in that the odds are better for me becoming President than in industry analysts at the large firms truly presenting open source on the same playing field across the board as commercial proprietary closed source offerings?

    Should I stop throwing daggers at the ECM community for being the only community without any notion of a reference implementation, the inability to interoperate, for not participating in modern user-centric identity, not understanding the importance of externalizing authorization or even having any published patterns?

    The challenge of moving from good to great within the blogosphere is in having a keen sense of what others what to hear. To date, I have used this time to share my own thoughts and things that were of interest to me. Maybe in 2008, I should remix my blog and instead focus on providing insight into areas that others want to understand where software vendors, industry analysts and even other enterprise architects can ask open questions where I will attempt to provide transparent answers.

    The problem with this approach is that it would require others to start asking questions? I see no reason to wait till next year, so let's get started...


    # posted by James McGovern @ 7:15 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-28



  • Open Source participation as an IT Investment
    Alex Fletcher of Entiva yet again posts brilliant insights into how enterprises need to focus on the creation of transparent ecosystems and how our enterprise architect needs to intersect with the open source model as part of a long range strategy. IT shouldn't solely focus on costs, but should always focus on supporting core business objectives better. Absolutely brilliant.

  • Another Reason Why Oracle is "Open"
    Bex Huff shares info on an Oracle skunk works project to help Oracle customers submit ideas, make requests and vote on which changes they prefer. For the record, I think this is brilliant and the transparency it brings to otherwise insular decision making is huge. Consider for a moment whether Craig Randall would ever actually allow customers to provide feedback on enhancements where he doesn't mediate and filter but instead actually allows customers to even engage each other. One of the things that I tend to be inciteful about is the lack of security within many enterprise products. The problem space of XACML is well known within many vendors but they have a vested interest in not allowing their customers to mount any form of campaign. By bringing democracy to the process, Oracle is doing the right thing in temrs of vendor relationship management. I wonder when EMC, BMC, CA and others will start following Oracle's lead?

  • Business Culture: Google vs Microsoft
    In an interview, a former Google employee, who also happened to work for Microsoft, shares his views of Google and Microsoft's work environments. He discusses areas that Microsoft should improve to be more competitive in recruiting talent, including providing free cafe food, increasing the salary, offering more continuing ed and providing private offices. My take says that large enterprises may do well to observe the lessons learned here especially when you have the need to hire thousands of IT employees as you attempt to recover from failed outsourcing efforts while bringing it back inhouse.

  • Being too busy to think is actually an excuse
    Society is getting way to inclusive...

  • Dismantling enterprises - Why big enterprise software thrives
    The customer can have any colour he wants, as long as it's black. Customers can also ask for better security models as long as they don't require the software to actually change.

  • Google announces open source contest for high school students
    Google has announced a contest open to high school students during the Open Source Developers' Conference in Brisbane, Australia. The Google Highly Open Participation Contest was created to help introduce high school students to open source software development. What a great way to introduce our future to technology.

  • Software Licensing Problems with an Outsourcing Twist
    Japanese automaker Nissan is suing Software AG because it objects to the hefty fees charged by the German vendor to make its applications available to Nissan’s outsourcing partners. It sounds as if closed source software vendors are starting an interesting trend of penalizing large enterprises for outsourcing by charging them additional licensing fees. To date, this phenomena hasn't been well discussed but otherwise occurs very frequently. I wonder which industry analyst firm has the best advice for their clients in this regard?

  • Cubicle Insanity: Is It Getting Better or Worse?
    Many of the advancements that were leading to better employee placement, better working conditions, and the balance that was building between employee care and economics were virtually destroyed. And it felt, at least to me, that we’d almost dropped back into the Middle Ages.



    • # posted by James McGovern @ 6:00 AM links to this post
    | | View blog reactions


    Tuesday, November 27, 2007

     

    Links for 2007-11-27



  • Technical Excellence
    In many professional businesses, high technical excellence is taken for granted - we assume that having it is "table stakes" for competing. However, it's not a trivial issue to ask whether and how an enterprise goes about ensuring that its employees in fact meet high standards of technical expertise.

  • How software vendors weaken enterprise security
    We shouldn't throw daggers at software vendors but instead should focus on enterprise architects who exercise their right to remain silent.

  • BPM and the Confused Deputy
    So, what are your thoughts on Business Process Management and Security?

  • Complicated failures: Simple Causes
    Many IT projects fail because participants don’t take steps to fix seemingly-obvious problems. This statistic, if true, means a significant number of companies will experience serious IT failure because they didn’t follow simple, common sense policies.

  • Interesting Statistics on Microsoft Internal IT
    I sure would love to get my hands on the same statistics for GE, Oracle and Intel

  • Ways to distiguish yourself
    When you were just learning to write the alphabets, all you had to do to get an applause from people around you was to write the alphabets correctly. Those were the rules of the game. When you moved to school, the rules changed almost without notice. You could not get an applause just by reciting or writing the alphabets. The same phenomema is also occuring in corporate America.

  • Making yourself recruitable
    Something that practitioners of enterprise architecture need to noodle.

  • Identifying Training Objectives
    Given a list of performance objectives for a task, the training objectives for the task can be developed. The training objective states the expected performance of the individual at the end of training.

  • Will the real IT security professional please stand up?
    I wonder how Security Monkey, Shawn Rohrbach, Tom Olzak, Dave Keays, Abhishek Singh, Mark Tordoff, Brock Frary, Vic Bhatia, Lou Bolanis and Lee Whitfield would classify themselves using this definition?



    • # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Certified Architect

    Todd Biske shares his thoughts on becoming a Certified Architect which I figured I should add my two cents...



    Todd states that personally, I've never been a huge fan of certifications which if it were pretty much anyone else saying this, I would suspect that something else is at play. Todd, could with little effort pass any certification exam who chose to pursue while others would struggle.

    Have you ever observed the pattern where those who talk about the value of a Masters Degree are the ones who have them? Likewise, the one's that don't feel they are important are the ones who don't. The same thing occurs with certification and the only perspectives where insight truly emerges are the ones who have certifications and still think they are not valuable.

    The first two certifications I achieved in my own career happened in 1994, when on the same day I took the final exams for both PowerBuilder making me a Certified PowerBuilder Developer as well as the last exam for Microsoft making me an MCSE. Note: my number is 9079. The reason for taking the exams at the time was the fact that I was employed not only by a consulting firm but they provided monetary incentive for me to pass. One can focus on the marketability aspects of certification, but a good Enterprise Architect would also acknowledge that any incentive that causes the staff to learn on their own time and make extra effort in studying can't be all bad.

    Both of these certifications led to something good. For the PowerBuilder certification, I had the opportunity to participate in writing a sample application that actually shipped with version 4.0 of PowerBuilder and wrote the coolest about box you have even seen. For PowerBuilder developers, I would love to know if the Skills Sample Application still exists. As far as Microsoft is concerned, at the time one of the components was Microsoft Mail. Around that same time, Microsoft flew individuals out to Redmond to help them shape Microsoft Exchange. Knowing that I was an early participant helped my career immensely. In 1996, I actually one the Microsoft Solutions in Action Award for an enterprise rollout of Exchange.

    So, now that I have talked about the positive aspects of certification, I figured I should also talk about the more BS aspects. To date, I have over twenty different certifications. I have my Cisco CCNP which I not only know but still use my knowledge. The issue here is that I periodically do outside of work projects to keep my knowledge up to snuff as the folks in the data center won't let me tamper with BGP routes on the border routers with good reason. So this aspect exists in terms of a bullet on my resume but won't necessarily be reflected in the work bio aspects of my resume. I am certified by two different firewall vendors, one of which I used successfully for an Internet startup but haven't used since where the other I have the certification but have never even used the product. The funny thing about the second vendor is that I am not sure I even deserve the certification in that when I was taking the four hour exam, the testing engine crashed in the last fifteen minutes and was awarded it out of good customer service. Of course, one could hire me in a consulting context where I can make a mess out of your security, but self-discipline here is fully practiced.

    In terms of Microsoft, I also achieved my MCT which helped me become comfortable interacting with others in a training context. I achieved my MCSD which I haven't done much to stay current in terms of all of the wonderful .NET things but can still do COM with the best of them. I even have a sales certification from good ole Sun which was more about indoctrination that anything else.

    I guess the point that I am attempting to make is that certifications are neither good nor bad, and it is important to look at each within the context of the role you expect this individual to play. It is my belief that certifications don't prove hands on skills at all, but having multiple at least says that there is evidence as an Enterprise Architect that you have the ability to learn as well as the desire...


    # posted by James McGovern @ 6:30 AM links to this post
    | | View blog reactions


    Monday, November 26, 2007

     

    Even More Links for 2007-11-26



  • Virtualization Detection
    Security within a virtualized environment hasn't been deeply discussed in the blogosphere. It is not possible to implement effective kernel protection on any general purpose OS based on monolithic kernel design and requires fundamental changes in approach.

  • The Holy Grail and Botnets
    UWM's Paul Barford has developed technology (called "Nemean") to automatically identify botnet traffic. This could be immensely useful and I encourage security folks to pay attention to this.

  • Reverse Net Neutrality
    ESPN ttempts to block subscribers arriving from an ISP who is not a subscriber. Essentially, they are trying to replicate the cable subscription model (get your ISP to pony up money so that you can see this stuff) only on the web. ontent providers (Google, Yahoo, BBC, and evidently ESPN) believe that users want their content more than their content wants the users. And so, a new battle is begun. Who has more leverage: the pretty pictures or the glassy eyeballs?

  • A Vision for Unified Rules and Processes
    The all wise James Taylor believes that this is a bad idea. BPM tools traditionally focus on state management, allowing long-running processes to be safely persisted and “rehydrated” based on some system event. Most rule-based products offer relatively little in the way of long-lived state and transaction management, concentrating instead on the automation of “point in time” decisions.Some vendors combine them while others tend to stay pure play. I bet your favorite neighborhood industry analyst won't be able to provide consistent guidance on which is more important.

  • Service Provisioning via SPML in SOA
    Industry guru Gunnar Peterson talks about why everyone is so amped on identity. I would appreciate his insights on whether CRM, ECM and BPM vendors equally also don't care about SPML since it is closer in nature to the current identity hype cycle.

  • PhishTank Annual Report
    The PhishTank annual report presents some interesting statistics including the most spoofed brands, phishes by Country and top domains.

  • Is Corporate Giving Dead or Just Sleeping?
    Many will lament on the decline of corporate giving but few will actually speak up about it.

  • Illogical Arguments in the name of Alan Turing
    t is possible to arrive at true conclusions based on flawed premises and inferences. However, such arguments are inherently flawed because, for an argument to be logical and rational, the premises and inferences must deduce to the conclusion.

  • OpenPTK Configuration
    Derrick Harcey discusses the OpenPTK provisioning tag library as a way to add user provisioning services to a java application. I wonder if this would make a good addition to Liferay Enterprise Portal? I will ping Brian Chan and get his thoughts.

  • Encouraging Philanthropy at a Young Age: Teaching Your Kids To Give To Causes
    Another blogger that is doing her part to make poverty history...



    • # posted by James McGovern @ 9:00 PM links to this post
    | | View blog reactions


     

    More Links for 2007-11-26



  • PCI Scope? You gotta be kidding!
    Logs and overall security of PoS devices are often "in-scope for PCI, but out of scope for a typical PCI audit. I guess us consumers can expect even more T.J.Max type data loss events

  • Passing PCI Subversively
    At least folks are starting to acknowledge that doing the bare minimum is part of their strategy

  • Globalization differentiates people rich or poor...
    Dibyendu Choudhury provides insight into economic factors of outsourcing and the global economy. Because everything and anything we get in US or abroad are now available in India within reach, except the quality of life and broad disparity in between rich and poor is something that needs to be deeply noodled.

  • Collaboration is Innovation
    When it comes to innovation, the myth of the lone genius dies hard. Most companies continue to assume that innovation comes from that individual genius, or, at best, small, sequestered teams that vanish from sight and then return with big ideas. But the truth is most innovations are created through networks — groups of people working in concert. What would happen if Enterprise Architects figured out that innovation requires a strategy around blogging and participation in the open source community as an introductory step?

  • Manifesto for the Abolition of International Apartheid
    The ethical and political principle of equality of all individuals of the human species is now acknowledged by nearly all. It is almost universally accepted that any discrimination between human individuals based on an arbitrary criterion is unjust and must be abolished.

  • The Long Tail of Applications
    Todd Biske wants to eliminate the term "application" as it implies a monolith. I would like to point out to Todd that there is another usage of the word that still remains important which primarily indicates a funding model. It is possible and viable to build a great SOA while still letting the finance folks think in terms of applications. Removing the term from architects is a great thing but very disruptive for other parts of the enterprise.



    • # posted by James McGovern @ 7:00 PM links to this post
    | | View blog reactions


     

    A Wikipedian Protester...


    # posted by James McGovern @ 12:45 PM links to this post
    | | View blog reactions


     

    Have you hugged an Enterprise Architect lately?

    What does it take for an Enterprise Architect to get a little respect?



    I am known for attacking software vendors whom prefer to shove software out the door while not thinking about security, throwing daggers at industry analysts who continue to treat open source as a second class citizen by not putting it in the same Quadrants and Waves as expensive, proprietary closed source offerings which results in no love for this Enterprise Architect. If you are from this demographic, you may find my postings annoying, but if you happen to be from a large enterprise, you may find them insightful. Beauty is in the eye of the beholder.

    Today, I have hit a new low in that James Robertson put me in the same category as Robert McIlree whom I have decided to exersise my right to remain silent based on his inability to engage in a meaningful conversation. Robert only talks about processes and ways to make it heavier where at least I tend to talk about practices and ways to make processes lighter. Of course, I am willing to engage in a dialog with anyone who not only wants to make enterprise architecture better but also improve the human condition.

    James and I of course disagree on the value on Smalltalk within today's enterprise, but does this disagreement automatically make me enterprisey? Other than Smalltalk, I find many of James Robertson's posts on the money where as I can't say the same about Robert. Can I get a little bit of love?


    # posted by James McGovern @ 8:15 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-26



  • Visa Payment Aplication Mandates and Deadlines
    Visa will implement a series of mandates, beginning January 1, 2008, to eliminate the use of vulnerable payment applications from the Visa payment system. … These mandates are intended to prevent cardholder data compromises and thereby help mitigate the risk of associated financial losses such as liability from the Account Data Compromise Recovery (“ADCR”) program. Now imagine if they also included a blurb stating that these protections are their to protect the brand and not the consumer...

  • Grooming the 2010 CIO
    Business forces may be driving up demand for CIOs, but few concomitant forces are driving up the current supply. In fact, a mounting shortage of qualified candidates for top IT positions has caused companies to increase their focus on pipelining contenders for leadership roles ahead. Today's Enterprise Architects are tomorrow's CIOs

  • Dealing with Logs: what Vendors don't tell you about Log Management
    I first started following Log Management when James Governor of RedMonk started to talk about Splunk and LogLogic as part of a compliance oriented architecture. He is way ahead of his time.

  • Fewer Moms are working: Policies, Attitudes are Implicated
    While 70.9 percent of all U.S. mothers, married and unmarried, now work, the participation rate is down from its peak of 72.3 percent in 2000. American workers realize the abilities working moms possess, but our survey findings show that employers have some work to do to manage the perceptions and attitudes many employees have toward the special arrangements provided to working moms.

  • Security is not just a technical issue
    Security's days as just a technical issue are done. It is becoming a central concern for leaders at the highest level of many organizations and governments, transcending national borders. Customers are demanding it as worries about privacy and identity theft grow. Business partners, suppliers, and vendors are requiring it from one another, particularly when providing mutual network and information access. Networked efforts to steal competitive intelligence and engage in extortion are becoming more prevalent. Security breaches are increasingly motivated by financial gain. Now only if we could get software vendors to see security through the same lens as their customers.



    • # posted by James McGovern @ 7:00 AM links to this post
    | | View blog reactions


    Sunday, November 25, 2007

     

    Have you heard of the free rice program?

    I learned about this program via LinkedIn. I encourage you to check it out. When you pull up the website you will find a word in which you have to pick the answer that best defines it. If you get it right you get a harder word. If you get it wrong you get an easier word.

    For each word you get right, 10 grains of rice is donated to the United Nations World Food Program. This is for those of you who want to make a difference in the world as well as increase your vocabulary :)!

    Click here to participate...


    # posted by James McGovern @ 6:30 PM links to this post
    | | View blog reactions


     

    Thoughts on Chennai, Cognizant and Thanksgiving...

    Many get it twisted and think that Thanksgiving is about being glutenous by overeating, watching football and a four day weekend...



    The last conversation I had on Wednesday before starting the long holiday was with an individual who provided insight that I didn't previously know (Hi Kesavan) and guidance on better ways of being charitable.

    He indicated that charities in India appreciate seeing donors in person and that I should make the effort to appear in person instead of simply sending money. I guess I have been too indoctrinated into the notion of privacy policies and at some level they help dehumanize the giver's responsibility for being human to others.

    His tactic of modesty normally would be irritating but in this particular situation, it worked like a charm. He mentioned abstractly that my money would go far, but didn't provide any concrete examples. Of course, curiosity caused me to do lots of research and oh how I realized that is wisdom was an understatement!

    I learned that I could feed 100 school children for only $25! The notion that if every person that reads my blog were to donate $25 to a charity such as Udavum Karangal we could actually make poverty history disappear in India. Sadly, though many will read my blog and become annoyed with me because I want to not only make the discipline of enterprise architecture better, but I am equally passionate about changing the human condition. For those who get are disturbed by the pictures in my blog, I suspect that they are even more disturbed every time they look in the mirror.

    My two children were curious why their dad was so emotional while on the computer. When they saw the children and wondered about them and me having to explain how fortunate we are, they both decided to forgo their trip to Chuck E. Cheese and asked to have their monies sent there instead.

    I guess, Kesavan and other employees of Cognizant are responsible for teaching my kids the real meaning of Thanksgiving...


    # posted by James McGovern @ 5:45 PM links to this post
    | | View blog reactions


     

    Implementing External Authorization in BPM and ECM Products (Part One)

    Phil Gilbert, CTO of Lombardi Software, John Newton, CTO of Alfresco, Craig Randall, Bex Huff and others have let me get away with ranting about XACML without stepping up to prove how easy it is...



    This will be first in a three part post on techniques that enterprise software vendors can use to externalize authorization from their products. If you aren't familiar with XACML, please visit the XACML specification.

    For this example, I will use Liferay Enterprise Portal since the source code is 100% freely available. I am willing to do the same within a BPM context against Intalio, but I couldn't locate the source code for the BPM engine.

    It is important to acknowledge that Brian Chan and others from Liferay acknowledged the importance of the ability to externalize security as part of the 4.0 version. Versions prior to this didn't have this capability and I will leave it to Brian and others to talk about design considerations. Anyway, there is a good document on what needs to occur in order to externalize security from liferay here. You will notice that there is a single Java interface named PermissionChecker that you need to extend with your own custom implementation. Here is where XACML can be nicely integrated. In the next posting, I will show you exactly what code needs to go here.

    The thing that we should focus on first is in how to get the metadata describing what an application and roles are externalized. If your particular product stores it within a relational database, then the task is relatively straightforward in that you can create a routine that creates a file that can be exported to an XACML PAP. It should look something like this:

    <organization>
    <applicationgroups>
    <applicationgroup>
    <applicationgroup_name>Liferay</applicationgroup_name>
    <applicationgroup_desc>Liferay</applicationgroup_desc>
    <applications>
    <application>
    <application_name>portlets</application_name>
    <application_desc>portlets</application_desc>
    <application_contact_info>James McGovern</application_contact_info>
    <application_server>Weblogic</application_server>
    <ispepconfigured>YES</ispepconfigured>
    <policycmbalg>1</policycmbalg>
    <obligationid>3</obligationid>
    <resources>
    <resource>
    <resource_name>search</resource_name>
    <resource_desc>search</resource_desc>
    <application_id>portlets</application_id>
    <resourcetype>
    <name>UNTYPE</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    <actions></actions>
    </resourcetype>
    <policycmbalg>1</policycmbalg>
    <obligationid>3</obligationid>
    <parent_resource>
    Liferay:portlets
    </parent_resource>
    </resource>
    <resource>
    <resource_name>VIEW</resource_name>
    <resource_desc>VIEW</resource_desc>
    <application_id>portlets</application_id>
    <resourcetype>
    <name>ACTION</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    <actions></actions>
    </resourcetype>
    <policycmbalg>1</policycmbalg>
    <obligationid>3</obligationid>
    <parent_resource>
    Liferay:portlets:search
    </parent_resource>
    </resource>
    </resources>
    </application>
    </applications>
    </applicationgroup>
    </applicationgroups>
    <roles>
    <role>
    <rolename>All Users</rolename>
    <roledes>All Users</roledes>
    <rolestatus>STATIC</rolestatus>
    <parentrole_name>All Users</parentrole_name>
    <roleagaptype>AG</roleagaptype>
    <roletype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </roletype>
    <rules></rules>
    <rules-conjunction>
    <rule-conjunction></rule-conjunction>
    </rules-conjunction>
    </role>
    <role>
    <rolename>UnKnown Users</rolename>
    <roledes>
    UnKnown Users for users,who are not mapped
    </roledes>
    <rolestatus>STATIC</rolestatus>
    <parentrole_name>Liferay</parentrole_name>
    <roleagaptype>AG</roleagaptype>
    <roletype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </roletype>
    <rules></rules>
    <rules-conjunction>
    <rule-conjunction></rule-conjunction>
    </rules-conjunction>
    </role>
    <role>
    <rolename>User</rolename>
    <roledes>User</roledes>
    <rolestatus>STATIC</rolestatus>
    <parentrole_name>Liferay:portlets</parentrole_name>
    <roleagaptype>AP</roleagaptype>
    <roletype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </roletype>
    <rules></rules>
    <rules-conjunction>
    <rule-conjunction></rule-conjunction>
    </rules-conjunction>
    </role>
    </roles>
    <users>
    <user>
    <username>Test HKG 1</username>
    <useremail>null</useremail>
    <userbelongsto>Liferay:portlets</userbelongsto>
    <usertype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </usertype>
    </user>
    </users>
    <userrolemaps>
    <userrolemap>
    <rolename>User</rolename>
    <username>Liferay:portlets:Test HKG 1</username>
    <parentrolename>Liferay:portlets</parentrolename>
    <usertype>AP</usertype>
    <contextfqn>Global Context:Global Context</contextfqn>
    <bundlefqn>Global:Default</bundlefqn>
    </userrolemap>
    </userrolemaps>
    <contexts></contexts>
    <rolebundles>
    <rolebundle>
    <rolebundletname>Default</rolebundletname>
    <rolebundletdesc>DEFAULT ROLE BUNDLE</rolebundletdesc>
    <rolebundleparent>Global</rolebundleparent>
    </rolebundle>
    <rolebundle>
    <rolebundletname>Default</rolebundletname>
    <rolebundletdesc>DEFAULT ROLE BUNDLE</rolebundletdesc>
    <rolebundleparent>Global</rolebundleparent>
    </rolebundle>
    </rolebundles>
    <usertypes>
    <usertype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </usertype>
    </usertypes>
    <roletypes>
    <roletype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </roletype>
    </roletypes>
    <grouptypes>
    <grouptype>
    <name>Default</name>
    <belongsto>Global</belongsto>
    <attributes></attributes>
    </grouptype>
    </grouptypes>
    </organization>

    If you want to generate it directly from the database, Liferay provides the data model here. If you have questions on what I posted to date, please either leave a comment and/or trackback as I want to make sure that my examples are clear enough for others to leverage...


    # posted by James McGovern @ 3:30 PM links to this post
    | | View blog reactions


     

    Even More Links for 2007-11-25



  • AuthN and everything
    Gunnar Peterson provides an interesting perspective of how Enterprise Architects need to think about authorization, even when many vendors have no incentive of helping them fix the problem. Maybe Gunnar has some thoughts on how the identity crowd could start conversations with the ECM and BPM crowds since this conversation has yet to happen as well.

  • Attributes of an Architect
    Max provides insights into the essence of enterprise architecture.

  • Has online banking became safer than offline banking?
    Seems counterintuitive. Doesn't it?

  • What are they smoking?
    Yakov Fain provides interesting insight into the American mindset of home ownership. For the record, I have owned my own home (paid in full) for the last five years. The same thing can be said of my car. Interest is evil.

  • Design Patterns Talk
    Gary Short shares his wonderful insights on patterns. I would love to hear him do a podcast with the folks at Redmonk

  • Swearing at work boosts morale
    OK, for the record I am jealous of David Heinemier Hansson as he gets to use bad words at work, while I must focus on perception management and political correctness.



    • # posted by James McGovern @ 3:00 PM links to this post
    | | View blog reactions


     

    More Links for 2007-11-25



  • World Usability Day
    Making things usable is an often concept. We have to figure out better ways to participate!

  • Solutions Architecture: What does it look like?
    A fellow Enterprise Architect needs assistance in creating a job description. Could you lend a hand?

  • The Roles and Responsibilities of an Enteprrise Architect
    From a social viewpoint, the Enterprise Architect should be able to communicate, influence, negotiate, motivate, facilitate and inspire, in other words, get the human interaction right which requires more than a process focus.

  • Next Generation Mashup Data Center
    What do you think the next generation data center should look like? This blogger has an interesting perspective.

  • A review of the $200 Walmart Linux PC
    The hardware seems fine for anyone but a hardcore gamer, but the pre-installed gOS flavor of Ubuntu has a lot of rough edges

  • Visibility as an Architecture Property
    All the wonders of architecture, elegant structure, proper provision for security and scalability amount to nothing if the user cannot make use of the application to accomplish the goal.



    • # posted by James McGovern @ 10:45 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-25



  • Services and Volatility
    I hope others chime in as to ways to reduce volatile SOAs

  • What is a good definition of ECM?
    Interesting to see that there are many definitions of what ECM is? I wonder how Craig Randall, Bex Huff, Laurence Hart and Jesse Wilkins would alter it?

  • Open Source Farming
    When IT concepts transcends...

  • Getting Hijacked Running Windows
    The most amazing part is not that the commercial software is so bad, but that so many people don’t appreciate just how bad it is. Then again, few people know that not only is free and open-source software often much better than the commercial counterparts, it can be had at no cost.

  • John Howard, facing * defeat
    I have zero clue as to who this guy is but the pictures in his blog are similar to mines.

  • Requirements for community funding of open source
    Should large enterprises continue to use open source without figuring out ways to contribute? The notion of financial donations is interesting at some level but would be a challenge in that no check gets cut unless it is attached to a purchase order.

  • Tracking the emergence of open source community governance
    If you haven't read the blog of Alex Fletcher of Entiva, you should. His statement: For commercial open source vendors, this fact changes the dynamics of what it means to meet the needs of stakeholders. Since customers often begin their open source experience as community members, or at least users, ensuring that the community's needs are being considered is paramount. Many Enterprise Architects don't blog themselves but otherwise are savage in lurking. They sit back in stealth mode and observe the conversations (or lack of). Before they are willing to make an investment in open source, they need to understand how the community will either support them or ignore them. Don't just listen to your customers especially if you are an open source vendor, listen to those who could become customers as well...



    • # posted by James McGovern @ 7:30 AM links to this post
    | | View blog reactions


     

    Celebrating my 1,500 Blog Posting...

    It seems as if I have been blogging for two years straight and have yet to miss a day of posting. When I first started to blog, I found it fascinating that someone actually cared to read what I had to say. Nowadays, I have lots of readers and even more critics all complaining about some little thing I said or didn't say. Others are easily thrown off track by random images I include in my blog while others focus strictly on the words. Humans are fascinating...


    # posted by James McGovern @ 7:15 AM links to this post
    | | View blog reactions


    Saturday, November 24, 2007

     

    Bangalore: Thoughts on Tamil Movies

    I normally watch Hindi movies as I am big fan of Shahrukh Khan. Having been married for ten years, I remember watching Indian movies on my Honeymoon in Trinidad. Some of my favorites are: 1942 Love Story, Lagaan, Major Saab and Biwi No 1.

    My mother-in-law used to sing Hindi songs long distance to my two sons, but since she passed away, they haven't heard these sweet melodies. I called my sister-in-law today, inquiring if anyone in Trinidad speaks other than Hindi and she could think of anyone.

    In my travels, it has been a long time since I have had interactions with folks who speak Hindi as it seems as if Tamil is the official language of outsourcing. To date, all of the movies I have seen that were Tamil was crapdidn't suite my tastes.

    Over the long weekend, a good friend of mines (Hi Saran) gave me two movies in hopes of changing my opinion (he was successful but I can't tell him that). They were Anniyan and Kaaka Kaaka. Would be curious to hear from others, what other Tamil movies this ignorant American should be watching?


    # posted by James McGovern @ 6:00 PM links to this post
    | | View blog reactions


     

    Links for 2007-11-24



  • Women in Technology
    Tim O'Reilly is doing something noble in recognizing the important role of women in technology. Many of us men need to encourage more young women to pursue careers in our discipline.

  • Are Wiki's ready for the enterprise?
    I wonder if there is anything else that bloggers are discussing that isn't enterprise ready?

  • Towards CSR 2.0
    Most industry analysts repeat in a humorless monotone the sentiments of those who pay their bills. Luckily, one stands out in the crowd and his name is James Governor. His blog on corporate social responsibility and its importance takes courage not demonstrated by his industry peers. I hope that you will read his blog and to continue to share more of his thinking on this topic.

  • The Risks of Outsourcing
    For every redundancy that a smart outsourcing program eliminates and every dollar that it saves, there also exists an increased element of risk in managing operations from a distance, both simple and complex. Outsourcing should be about more than just rate abritrage as this isn't sustainable.

  • Union Carbide Corporation and the Bhopal Communities in India.
    On the night of 2 December 1984, over 35 tons of toxic gases leaked from a pesticide plant in Bhopal owned by the US-based multinational Union Carbide Corporation (UCC)'s Indian affiliate Union Carbide India Limited (UCIL). The gases that leaked consisted mainly of at least 24 tons of poisonous Methyl Isocyanate (MIC) and other reaction products, possibly including toxins such as hydrogen cyanide, nitrous oxide and carbon monoxide. In the next 2-3 days more than 7,000 people died and many more were injured. Over the last 21 years at least 15,000 more people have died from illnesses related to gas exposure. Today more than 100,000 people continue to suffer chronic and debilitating illnesses for which treatment is largely ineffective. Sadly though, no one has ever said sorry.

  • EBay architecture principles
    It is intriguing to see the architecture of eBay which balances simplicity, cost, technology and other factors in order to achieve success.

  • High Availability Architectures
    This blog provides several interesting insights into making enterprise applications highly available.

  • Is Twitter Down?
    Find out now...

  • Identity: Buy or Build
    Paul Madsen states that federated identity involves/requires identity outsourcing - essentially, an RP decides to 'buy' identity rather than 'build' it, and thereby enjoys some reduced set of responsibilities. The conversation that hasn't yet occurred is that in any form of outsourcing, the notion of indemnification is an important attribute, especially in B2B scenarios. I wonder if Paul has any thoughts on how to hold identity providers liable if you are a relying party?



    • # posted by James McGovern @ 2:00 PM links to this post
    | | View blog reactions


    Friday, November 23, 2007

     

    Links for 2007-11-23



  • Why is WS-Federation necessary when we have SAML v2.0?
    Anil Saldhana hopes that these two specifications can converge. In order for this to happen, Don Schmidt and members of the Liberty Alliance will need to put their egos aside and do the right thing for all parties. This may be a very long wait.

  • IBM: We're Number One in ECM
    Forrester recently rated IBM as the leader in the ECM space over Documentum and stated that they offer the richest core set of ECM capabilities. Good to also see Stellent in the leaders section as well.

  • Sixing a D6 System
    Laurence Hart is one of the few ECM bloggers who goes beyond simple concepts and dives into details. I have learned more about ECM from Laurence that I have from reading the blogs of Craig Randall, Andrew Chapman, Cornelia Davis, Dave Robertson, Sumanth Molakala and other EMC employees combined. Hopefully, Laurence won't have to carry all the weight in 2008 and others will join the conversation in a meaningful way.

  • Social Networking, ECM, KM, and Lawrence Liu's Theorems
    I like Lawrence Liu's Theorems in that they are pretty accurate. I would only change one thing and that would be to remove the constraint of community as something that solely occurs within an enterprise (except for the occasional conference) and instead talk about knowledge management of the entire domain.

  • Superuser
    Jackson Shaw keeps me honest, something I wish other bloggers would do more often. His quote: There's not enough services revenue required for these products may actually be the primary reason why vendors are focused on identity while ignoring implementing XACML PEP within their products...

  • What to protect in open source software
    Should open source have IP protections similar to closed source? Mark Fleury has different opinions that the rest of the community. What is your opinion?

  • Gartner sums up the CIO debate on identity
    I suspect that Gartner summed everything up but didn't provide any details. Anyway, Nishant wonders whether user provisioning is ubiquitous enough that it is well understood or is it simply too boring a topic? My thought says that the answer may be both and neither at the same time. How many enterprises are wildly successful with user provisioning vs how many have at best achieved mediocrity? I suspect that many folks don't want to talk about it.

  • Reference Models and Architectures
    There are many definitions for the concepts of SOA reference models and SOA reference architectures that are now being defined by guys like me (my models are correct, as always), standards organizations such as OASIS and the Open Group, and vendors such as IBM, Oracle, BEA and TIBCO. Sometimes they align; most of the time they do not. I wonder who should step up and help all these entities get on the same page?



    • # posted by James McGovern @ 5:00 PM links to this post
    | | View blog reactions


     

    Thoughts on Black Friday...


    # posted by James McGovern @ 12:45 PM links to this post
    | | View blog reactions


    Thursday, November 22, 2007

     

    Content Security: Are you insecure?

    I just wasted valuable time reading a report entitled: Content Security: At the Fulcrum of Innovation and Risk which is published by AIIM...



    This study of 600 end users (performed in September 2007) found that a majority of organizations have either begun or are in the throes of establishing a content security strategy, but that vision suffers from lack of awareness and outdated perspectives.

    One of the perspectives and lack of vision many enterprises have is in reading such useless information gathered via surveys. For example, Figure 38 asks what is your budget to implement Content Security which is a bulhits question in that if you happen to be a user of open source and aren't required to spend lots of money, it doesn't mean that security isn't important to you.

    Consider all of the questions that they didn't ask. For example, imagine if they asked customers would they like to see Alfresco, Stellent, Documentum and Nuxeo implement the XACML specification, I bet the respondents would be a resounding majority. What if they had enough courage to also ask those who have taken the survey whether ECM systems should have their own user stores? I bet you get the point.

    Lots of facts doesn't mean lots of insights. It is clear that AIIM is owned and controlled by the software vendors who have no vested interest in solving for anything related to solving customer issues. No mention of what areas need standards or even security standards such as OpenID, SAML, WS-Federation, CardSpace, etc that could be leveraged in the ECM domain.

    I wonder when AIIM will figure out that pretty much every other technology domain has pattern catalogs including BPM, SOA, CRM,etc and that someone needs to document Enterprise Content Management patterns. I bet this is too challenging for many in the ECM community since the vast majority don't come from a software development background....


    # posted by James McGovern @ 2:45 PM links to this post
    | | View blog reactions


     

    Are Wiki's ready for the enterprise?

    Dave Oliver asks Are wiki's ready for the enterprise?. In my humble opinion, the answer is no!



    Have you ever considered the principles of being service oriented where the goal is to achieve loose coupling? Consider for a moment that my blog is loosely coupled in that the producer (me) publishes in a standard format where the consumers (you) can alter the format to suite your needs and it doesn't require me to either know nor care if this occurs.

    Fast forward to the enterprise where the focus is less on knowledge and more about presentation. Have you ever had a boss that has suggested that you change the look of your presentation in terms of format alone while not actually reading the message? Sadly, producers of content in large enterprises are tightly coupled to those who are consumers where we are forced to change formatting to fit someone's else notion of beauty as part of the overall desire to perform perception management.

    Imagine being the Enterprise Architect who champions the rollout of of Wiki's only to learn that the desire was to find a lightweight tool for productivity purposes only resulted in producers having to publish in multiple forms creating even more work and watching productivity go out the window.

    Besides, wiki's also don't align with the control the message way of thinking as the paradigm is more about publishing with instant viewability by your audience. There is little opportunity for censorship. Minimally, some wiki's do have authorization models that can help mitigate this particular concern. For the record, I do like the Wiki that is built into Liferay Enterprise Portal as it allows you to apply role-based security constructs to a wiki. Of course, Liferay is 100% open source and therefore cheap to acquire. If you however must spend money, may I suggest you check out Confluence.

    Before you consider Wiki usage within an enterprise setting, may I suggest that you solve the loose coupling problem between people first...


    # posted by James McGovern @ 7:30 AM links to this post
    | | View blog reactions


     

    Links for Thanksgiving 2007



  • Made in the USA
    As you start noodling Black Friday, hopefully you will consider purchasing higher quality toys made in the USA and not that unsafe cheap Chinese stuff.

  • Outsourcing in the Phillippines
    Here is an interesting study by Mercer Management consulting outlining how other countries are cheaper than India. A later study will emerge demonstrating how they are also of higher quality.

  • 20 Worst Venture Capital Investments of all time
    When will VC's learn that they need to also embrace the discipline of enterprise architecture to manage their own portfolio.

  • Software Estimation and the Business-Technical Conflict
    A great posting by Krishna Kumar on how business folks create IT death marches. I hope that he will continue this thread of thinking.

  • Whose buying what Forrester's measuring?
    Jeff Potts questions who is stupid enough to believe the latest Forrester ECM report. Let me state for the record that there are hundreds of Enterprise Architects who have read and unfortunately believed the contents without thinking any deeper. In fact, many of them may have encouraged their non-technical IT bosses to further amplify it. Likewise, it wouldn't surprise me that all those closed source ECM vendors won't also circulate it to their clients further digging the hole. Alfresco can't survive in the competition against closed source unless us enterprise architects demand more transparency from industry analysts.

  • Information Card Miscellany
    I wonder when Jeff Bohren and Phil Hunt will stop throwing daggers at CardSpace and figure out how to log into an Oracle Database and Remedy using an Information Card? Oops, that may actually require them having an internal conversation.

  • The Business Architect
    In many enterprises, the architect has fallen into a role of the gatekeeper. Rather than spending time on strategy, layers of abstraction and modeling, they are consumed by tactical decisions for projects at hand. If you think about this, it is really a problem.

  • Evaluating EA Processes
    Awhile back, I challenged Robert McIlree whom is process weenie and project manager attempting to convince others that he is an Enterprise Architect to talk less about process and more about practices. In fact, I rightfully predicted that he would either throw daggers, rationalize his thoughts or exercise his right to remain silent. He has managed to do all three.



    • # posted by James McGovern @ 7:15 AM links to this post
    | | View blog reactions


    Wednesday, November 21, 2007

     

    Enterprise Architecture: Is your boss really a leader?

    I am more afraid of an army of 100 sheep led by a lion than an army of 100 lions led by a sheep...

    Walter Lippmann


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture and Telecommuting

    Figured if there were any Enterprise Architects that were frustrated with their current employment situation, Sabre Holdings is recruiting. While they are located in Dallas, you are not required to relocate and can 100% telecommute.

    I wonder when other IT executives will adopt this practice?


    # posted by James McGovern @ 5:45 AM links to this post
    | | View blog reactions


    Tuesday, November 20, 2007

     

    Quote of the Day: Success

    I don't know the key to success, but the key to failure is trying to please everybody...

    Bill Cosby


    # posted by James McGovern @ 8:00 PM links to this post
    | | View blog reactions


     

    Links for 2007-11-20



  • Why are you working overtime?
    The primary driver for increased hours nowadays is outsourcing to India. Having to have the same conversation multiple times due to geographic considerations will make anyones work day longer.

  • Hiring Women
    Don Box talks about the difficulty of finding women in IT. One side of the argument says that his thinking is wrong and he needs to observe the modern distorted definition of diversity. Personally, I am of the belief that he is practicing diversity and doing the right thing by ensuring a mix along the lines of gender. IT simply needs more women and us men should do our parts to make this reality.

  • QCon Conference
    Gunnar Peterson made an interesting comment in saying that QCon has useful stuff produced everytime and it is noticeably absent of the its perfect or its broken crowd. I wonder which industry analysts he is referring to?

  • Securent and Cisco
    I like Mark O'Neills humor regarding company names. Anyway, I hope he will talk more about XACML in upcoming blogs and give other vendors in this space something to noodle.

  • OpenSSO and Liferay
    I wonder if I could ask Pat Patterson to work with Bex Huff of Stellent, John Newton of Alfresco and Craig Randall of Documentum to also incorporate? After all, the portal guys always lead in terms of modern software architecture while ECM tends to lag...

  • NSS is FIPS 140-2 level 2 validated
    NSS is the only open source crypto library that is validated to level 2 (the highest available certification for software)

  • TechEd: Developer 2007 Security Track
    Have you noticed that neither Oracle Open World nor the upcoming RSA conference have any notion of teaching secure software development to its attendees? Once again Microsoft wins.

  • Robin Wilton of Sun
    Good to see that Robin isn't afraid of listing worthy charities on the blog. I wonder how many other Sun bloggers also will step up and follow Robin's lead?

  • America with its balls cut off
    It is intriguing that there are so few corporate America IT bloggers that speak transparently. Yakov Fain is one of them. I suspect his blog may spook the process orientation out of most enterprise architects.



    • # posted by James McGovern @ 7:45 AM links to this post
    | | View blog reactions


    Monday, November 19, 2007

     

    Quote of the Day: Leadership

    The best executive is the one who has sense enough to pick good men to do what he wants done, and self-restraint to keep from meddling with them while they do it.

    Theodore Roosevelt



    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Holiday Gifts for Enterprise Architects

    Over the next couple of weeks, many software vendors will be sending gifts to Enterprise Architects to influence them and increase brand awareness. In an informally conducted survey, many feel that logo apparel makes the best gift while gifts related to golf are now passe. Anyway, it would be interesting to know what software vendors themselves are planning on giving to their best clients?


    # posted by James McGovern @ 7:45 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-19



  • Aspect-Oriented Programming and Security
    This may be a way for ECM vendors to add security to their otherwise insecure platforms

  • Why PCI isn't enough to ensure data security today?
    I wonder when the conversation emerges from folks who already think PCI is too much will occur?

  • The One Hundred Enterprise Architects Meme
    It is interesting to know that Enterprise Architects are interested in networking with each other and having a conversation without vendors present. I would panic if I were a software vendor or industry analyst if this grew too big.

  • Local Illegal Aliens offended by truth!
    In my humble opinion, the world would be a better place if more folks felt offended.

  • China is stealing American prosperity
    ts bad enough we have Big Business bastards outsourcing their own mothers to China but now they are over here actually stealing our technology...

  • $200 oil if US attacks Iran
    Maybe folks will understand why we need to Stop the Bushitler if described in economic terms. I wonder if Hugo Chavez understands that war in Iran may also impede trade between US and India. It will minimally have an effect on outsourcing

  • From a developer point of view...secure coding
    Developers don't matter, only aligning with the business. After all, IT exists to deliver valuable working software which can't be done without Overemphasis on process

  • Red Hat to launch virtual appliance OS in 2008
    This is a sign that vendors such as rPath are in trouble.



    • # posted by James McGovern @ 6:30 AM links to this post
    | | View blog reactions


    Sunday, November 18, 2007

     

    Links for 2007-11-18



  • Beyond the Dunbar Number
    Aloof Schipperke discusses enterprise architecture and social networking and wonders if this will result in an insular community. The funny thing is that the exact opposite thing will happen. If multiple software vendors observe a formation of Enterprise Architects across enterprises then they will most certainly attempt to expand the conversation.

  • Is there too much talk about EA Process?
    Mike Walker nails it by saying: I think the issue here isn’t that process is talked about too much, but it isn’t grounded with the reality aspects. One reality is that I haven't met any full-time employee of a large Enterprise that is an Enterprise Architect discuss Zachmann or other EA frameworks for more than 15 minutes a year. The folks who tend to talk about it are almost always either industry analysts, magazine writers, from the Federal Government or consultants who provide enterprise architecture services but otherwise are not enterprise architects

  • We are Microsoft
    Mark Wilcox points out how Microsoft is not genuine in terms of their support for charity. The funny thing is that Microsoft employees better exercise their right to remain silent and accept defeat here. I wonder whether Oracle will support Kiva before Microsoft?

  • A theory of simplicity
    Simplicity is one of those goals that everyone talks about, but few achieve. When designing applications, simplicity is supposedly a paramount concern, yet many applications never achieve that state. Very often, we see simple applications that are very basic in terms of functionality. Or, we have highly functional applications that are very complex for end users.

  • Churning Backlog AntiPattern
    It becomes a natural balancing act to stay nimble with our iterative learning process and to stay true to the strategic vision of the product. The key to staying true to both masters is properly balancing your backlog.

  • Getting to the problems of the root: Effective and efficient management of superuser privileges and shared account management
    I wonder if Jackson Shaw will acknowledge that the real reason identity management vendors aren't solving for this problem is that they believe that this should be a separate and distinct product and their customers are too stupid to know better.

  • Evaluating Password "Strength"
    Maybe we should discuss ways to make passwords disappear?

  • Is Microsoft preparing to challenge Open Source?
    Microsoft is trying to position themselves to challenge Open Source Software by attempting to redefine what Open Source means. This is a tactic taken from Enterprise Architects who have changed the meaning of governance, diversity, innovation, leadership and so on. I would do the same if I were Microsoft.

  • Fedora 9 Roadmap
    Should Linux support the ability to externalize credentials to Active Directory? Should Linux support NIS? Should Linux be able to participate in an AD GPO model? Should Linux have a mechanism to support full-disk encryption?



    • # posted by James McGovern @ 11:45 AM links to this post
    | | View blog reactions


     

    Why most IT executives aren't leaders...

    Blessed is the leader who seeks the best for those he serves.


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


    Saturday, November 17, 2007

     

    Links for 2007-11-17



  • Career Buzz Killers - Worst Jobs
    It is sad to know that our Federal Government is the number one employer with WalMart taking the number two slot.

  • Open source to hit $22 billion by 2010
    There are several problems with measuring growth of open source via revenue numbers as it makes the focus all about software vendors and not the real open source opportunities that will emerge when large enterprises within their own vertical start solving vertical specific problems collectively.

  • Aid for American Soldiers not outsourcing havens
    Here is a blogger ranting about how America can be too broke to pay for veterans aid and care but not too poor to send millions to Bangladesh to give to individuals affected by the recent cyclone which hit Bangladesh. Regardless if individuals in Bangladesh have made millions in outsourcing, they simply aren't sharing as individuals are not encouraged to be charitable by their employers. If you look at India, the vast majority of charitable acts occur via employers with no individual taking direct responsibility nor personally giving. In a scan of the blogosphere, you will also notice that the vast majority of folks from India don't even have enough courage to talk about charity...

  • Defending Enterprise Content Management
    Laurence Hart shares a thoughtful posting on how ECM + SOA = ECM 2.0 and mentions how EMC should continue to extend DFS without mentioning why this is a bad idea. ECM is a participant in an SOA, but is not the main actor. Retrieve a document is not a process but is simply a substep in a larger process such as pay a claim and the horrific design of DFS should be revisited. Pretty much everyone understands that services should be stateless, yet in the WSDL there is a notion of a session ID. This is simply fugly.

  • Liferay Integration with OpenSSO
    It is a good thing to see two open source projects from fundamentally different organizations seamlessly interoperating with each other. Something that is more difficult to achieve in closed source models.

  • Driving SOA
    Todd Biske discusses the notion of VP of SOA as outlined by Jason Bloomberg and David Linthicum as hogwash and is correct in stating that this role already exists under the title of Chief Architect. Mike Kavis also mentions that enterprise architects need more responsibility and decision making power. It is good to see real enterprise architects keeping the hype of industry analysts in check.



    • # posted by James McGovern @ 1:00 PM links to this post
    | | View blog reactions


     

    Sourceforge celebrates eight years...

    On Saturday, November 17th, 2007 SourceForge.net celebrated eight years of life.

    Here are a few stats:

    It is interesting to see that open source isn't just about commercial concerns but that many of the participants in the community are just like me and you whom have other jobs but find the time to give back...


    # posted by James McGovern @ 7:00 AM links to this post
    | | View blog reactions


    Friday, November 16, 2007

     

    Links for 2007-11-16



  • People or Process
    Jiri commented on Robert McIlree and his process weenie orientation by providing a thoughtful perspective. The question I think got twisted in a couple of ways. First, the question is whether Enterprise Architects should focus on people over process. Robert McIlree is really a project manager who chooses the label of Enterprise Architect when convenient. If the question were should Project Managers focus on Process more than People, I would say the answer slants more towards his court. Anyway, the real litmus test is if he could sustain his blog for thirty days by solely talking about practices over processes. I am willing to bet money that he will either throw daggers at me, exercise his right to remain silent or fail at this challenge.

  • Oracle Community Giving
    I would be embarassed if I were Phil Hunt. Microsoft helps charities create software while Oracle can only respond with a speech from their CFO. The point I think he missed is that charity is not about a corporation but about a corporation acknowledging the importance of getting others in a community to participate.

  • Microsoft's Identity Vision and Strategy
    Jackson Shaw comments on Microsoft Certificate Services and believes it is a great solution. I think I choose to disagree in that it is good but not great. Consider for a moment that in order to interact with the CA programatically, you either have to purchase additional products or deal with fugly COM APIs. While I know Microsoft will never entertain, wouldn't it be great if it also came with Java APIs. More importantly, how about a services interface into the CA?

  • Is there too much talk about EA Process?
    Absolutely. Mike Walker commented that he wanted to see what are the challenges that the EA community faces and how they were addressed. Of course, if you want to understand what I am challenged by, the top three would be (no particular order): First, establishing a sustainable way to build security into products we procure, the code we develop and the mindset of peers in terms of their duty to protect. Second, getting industry analysts to talk more about the problems without such a focus on products. The simple reality is that many folks have way more faith in industry analysts than they should and by analysts not always choosing the right decisions, makes it difficult for many EAs. The third thing would be acheiving a chaordic balance between globalism and local communities which as touchpoints into people, agility and the human aspects of technology.
    The one thing that I would say to any blogger that wants to understand more about EA and particularly whats on our minds, is to simply trackback and ask questions.

  • Enterprise Architecture: To process or not to process
    Dave Oliver truly brings balance to the equation and shares words of wisdom...



    • # posted by James McGovern @ 7:15 AM links to this post
    | | View blog reactions


    Thursday, November 15, 2007

     

    More Links for 2007-11-15



  • A blogger watches someone get shot
    Life in corporate environments is serene compared to the real world. A dose of reality and the life of those who aren't fortunate to be gainfully employed and given an opportunity by corporate America is sometimes needed.

  • Comcast is indeed editing your Internet connection
    ISPs that have unethical business practices deserve to have their call centers spammed.

  • Everything you know about identity management is wrong
    Jackson Shaw talks about Identity Management not from a product perspective but how it needs to be noodled within large enterprises. This guy rocks.




    • # posted by James McGovern @ 8:30 AM links to this post
    | | View blog reactions


     

    On Technology Security Standards: BPM, SAML, XACML

    If you haven't read the blog of Phil Gilbert, CTO of Lombardi Software, you need to...



    I asked: The rationale for storing policies centrally is more than just one product needing to be its own enforcer. In an integrated world where a BPM engine needs to talk with an ECM engine, the need for these two to have the same access control policies is important where Phil stated Yep, I agree. I didn't make reference to it in my post, but of course for any services you expose from a BPMS (or ECM, or ERP or other platform) you should be able to author them so that the centrally defined policies govern who has access to that service. I suspect that all BPMS allow for this. If we are in agreement, then it would mean that all BPMS products should implement not only a standards based way of defining/importing them but also support externalizing them. I would love to understand how Lombardi could consume policies at runtime from an XACML Policy Decision Point such as Securent, BEA or Jericho Systems. From what I know of other BPM products, they cannot implement this type of functionality. If Lombardi can then you have competitive advantage over others.

    I also commented: It is good to see that XACML checks are done to protect web services but they may also be leveraged by UI components as well as access enforcement may require displaying or not displaying a particular feature/function. where Phil responded: Having UI's call the central policy server for presentation-layer rules on what aspects of a UI to show would be an interesting thing to debate. I'm not sure I'd agree with that as a good mechanism. Someone better tell all those portal vendors including BEA WebLogic Portal, IBM Websphere Portal, GlueCode, Liferay and others that they shouldn't use centralized policies to protect user interfaces as they have all implemented this pattern successfully in a highly performant way. All of these products support XACML, so what am I missing?

    Phil commented: If, however, you want to drive your presentation-layer in this manner, you probably also want the presentation layer up and outside the BPMS. So while in Lombardi's BPMS (Teamworks) you can author UIs, we also give you the ability to easily plug in your own UIs for particular steps in the process. I wonder if this means that Lombardi can generate JSR-286 Portlets for you so that you don't have to hand code to a web services interface?

    Phil then commented: At Lombardi, you don't have to manage users in our store, if you manage them elsewhere (like LDAP or AD) I wonder if he is aware that his competition doesn't have the same story and that he may be missing out on an opportunity to educate industry analysts such as Bruce Silver, Sandy Kelmsey, Alan Pelz-Sharpe and others as to the importance of this? Minimally, he should encourage enterprise architects who create RFPs in the BPM space to add this to their criteria.

    Finally, Phil commented: As companies begin to measure more of themselves using process as the normalization, then these numbers of "matrix organizations" expands. So we think that organization modeling is part and parcel of the larger BPM discussion... and that these models will integrate with [LDAP or AD], but provide more extensive information. This is an area that I think will really change and expand in the coming decade, as the convergence of increasing security along with increased decentralization of computing resources gets mainstream emphasis. which is absolutely brilliant. The convergence of the identity conversation by the likes of Pat Patterson, Johannes Ernst, Nick Malik, Kim Cameron, Mark Dixon, Bex Huff, Laurence Hart, Jackson Shaw, Gerry Gebel, James Governor and others with other domains is a conversation that needs to break out of its insular mode. Phil has started the conversation and I hope that others will continue to not think of identity so insular...


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    A Reality Manifesto

    Robert McIlree responded to a previous blog entry where I talked about the overemphasis on process in terms of the blogosphere. In his own words, he stated: The real issue is how to strike the proper balance between people and process, not blindly choose one over the other. I wonder if he is willing to strike the balance in terms of his future postings?


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture: Why People no longer matter!

    Robert McIlree stated in his blog that process generally wins out over people, and the main reason is that processes (good, bad, or indifferent) outlast people. Nothing could be further from the truth...



    In order to have a dialog, I have to first acknowledge what aspects of his posting I agree with. First, I agree that bad processes outlast people, especially many of the ones that are discussed in the blogosphere. CMMi will unfortunately outlast most of us.

    One example that he didn't acknowledge is that everytime there is a reorganization in corporate America where the organization chart fundamentally shifts, it is also accompanied with changes in process, so to say that processes always outlast people wouldn't be quite accurate.

    In terms of reality, I can say that I have also encouraged processes on others and may be part of the problem. The key thing though is that I do acknowledge that the ones I tend to evangelize don't have lighter-weight alternatives. I wonder if Robert can say the same? Anyway, if you agree with Robert, then I encourage you to add him to your blogroll. If you don't agree then respond to his blog and this one via trackback and let the dialog begin...


    # posted by James McGovern @ 7:45 AM links to this post
    | | View blog reactions


     

    The One Hundred Enterprise Architects Meme

    Have you heard about The One Hundred Enterprise Architects Meme? So far, I have received 20 invites on LinkedIn. If you want to connect with me, send an invite to: linkedin at jamesmcgovern dot com.


    # posted by James McGovern @ 6:45 AM links to this post
    | | View blog reactions


     

    ECM: How LDAP Syncronization creates additional security holes...

    Awhile back, Bex Huff wrote the most brilliant posting that stated ECM systems should store content, not users while Laurence Hart talks about LDAP syncronization. Through the lens of of a security architect, I think an important consideration hasn't yet been discussed...



    Sumanth Molakala and others talk about syncronizing users against an LDAP store but this seems to also leave security exposures that may be important within an enterprise setting.

    In the scenario that Craig Randall departs his current employer for introducing suboptimal architecture into the product, the LDAP syncronization "feels" like it can work. The conversation that hasn't yet occured is what happens if Craig Randall moves to a different role within the organization where he shouldn't have access to Documentum any longer?

    Let's say that the LDAP directory has a multi-valued attribute that contains an enumeration of all of the document types I am authorized to see. If one of the attributes is medical records and another is billing information but do to the constant corporate reorganization mindset, I am no longer authorized to see medical records.

    It would be expected that Jeff Bohren, Nishant Kaushik, Jackson Shaw, Pat Patterson and the tools they represent would simply remove one of the attributes and that it should trickle down yet none of the ECM bloggers are talking about how this would actually work. Any thoughts?


    # posted by James McGovern @ 6:30 AM links to this post
    | | View blog reactions


     

    Unethical Open Source

    It is one thing to embrace open source, it is another to support a software vendor with unethical behavior...



    Have you ever heard of CentOS? They distribute an enterprise-class Linux version that isn't based on contribution, but on the notion of theft. If you visit their home page, you may notice on their home page the following phrase:For the record, the software that they steal is RedHat.

    I am normally not in support of legal action, but in this scenario the lawyers from RedHat should rip them a new one...


    # posted by James McGovern @ 4:00 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-15



  • Open Source Storage
    BMC was forced to move from proprietary to open source storage. Maybe this will allow customers to have their storage devices support not only deduplication but also compression. I suspect EMC will be the last company to become open in this regard.

  • Creating my own OpenID identity provider
    OpenID is really easy to enable and not just for consumerish sites.

  • Matrimonial Detectives
    If you don't trust your significant other before tying the knot, you should run in the opposite direction.

  • Source Code testers expect PCI windfall
    I wonder why industry analysts haven't yet picked up on this important approach to PCI compliance and let magazines lead them in terms of providing insight to customers?

  • Improving OpenID Support
    I am surprised that Burton Group analysts such as Bob Blakley, James Governor and others haven't commented on MyVidoop yet?



    • # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Wednesday, November 14, 2007

     

    Enterprise Architecture and Career Planning

    So, what do I want to be when I grow up?



    Before heading off to school, my older son commented on what he wanted to be when he grew up. His current thinking is he wants to be CEO of a food company as he understands at an early age that everyone around him is fat and getting fatter and that selling to them is easy. He of course asked me about my plans of which I didn't have a good answer and therefore spent some time thinking about it.

    The funny thing is that I am happy with what I am currently doing and not only wouldn't want to change anything but wouldn't want anything to change. This doesn't mean I don't have aspirations like everyone else, but I guess the vast majority of them don't really have anything to do with work. At some level, I guess my career planning has a strong element of work/life balance so I can focus on things more important than money.

    I do however see myself being the CTO of a mid-sized technology firm (around 500 employees) in the next ten years where I can leverage my background to help change how software is fundamentally built. The one thing that I have concluded is that as much as I enjoy Enterprise Architecture, I don't want my next position to be the same as what I am currently doing.

    Part of my aspiration isn't around innovation but invention. I need to invent new things, create intellectual property on an extreme scale and most importantly prove to myself that I have what it takes to be better than others in the technology ecosystem. Innovation is the application of novel ideas using existing inventions which is what Enterprise Architecture tends to focus on. I think I have had consumed enough and need a change of diet.

    Fifteen years from now, I do see ending my career by becoming an industry analyst. The thought of working from home and periodically travelling to industry conferences in cool destinations such as San Francisco, Orlando and London is appealing. More importantly, the ability to have conversations with Enterprise Architects from diverse companies and backgrounds is of even more interest to me. My ideal situation would be to either work for the Burton Group or RedMonk when they purchase Gartner and make it more open...


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Paris Hilton, India and Drunk Elephants

    I normally don't lower my standards to talk about scum such as Paris Hilton but this headline caught my attention. Apparently, in India there are villagers who make alcoholic beverages and the elephants are stealing it and getting drunk. I guess a drunk elephant could be dangerous to human life or at least minimally amusing to watch, but can't we find better uses of charity?

    Why can't she visit Bangalore and stop the government from displacing Lisa's Home which serves needy handicapped children...


    # posted by James McGovern @ 6:45 AM links to this post
    | | View blog reactions


     

    How Software Vendors Weaken Enterprise Security: Part Two

    I received an interesting comment in my blog regarding why software vendors aren't interested in addressing enterprise security considerations that I wanted to share...





    I think I have several thoughts. First, if you were to look at the demographics of the Fortune 500 enterprises, you would see that Microsoft has sold software to every single one of them, Oracle has penetration in less than half and the number goes downhill from there. I guess at some level, if you want to compete with Microsoft, the one competitive advantage you will have over them is in the ability to integrate with other products. If software vendors don't leverage this fact, then they are leaving money on the table.

    I can tell you that Craig Randall, Brian Huff, Laurence Hart, John Newton and others understand the importance of integration and that the world isn't just about their products where they are just a component in a larger ecosystem. They are all passionate individuals working towards common goals of eliminating user stores from their applications, supporting native binding to Active Directory and externalizing AuthZ via XACML. In fact, in the next couple of weeks, two players in the ECM space will be announcing their support for this functionality.

    I would encourage all of us bloggers to not loose faith that software vendors in the ECM community aren't game to make things better, they simply are playing catch up to the rest of the world and they need our public support.


    # posted by James McGovern @ 6:15 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture: How should BPM converge with Enterprise Security?

    Phil Gilbert, CTO of Lombardi Software left an interesting comment in my blog that I wanted to share and of course analyze...



    Below are snippets from his comments:So far we are in agreement.

    It is good news to hear that Lombardi Teamworks acknowledges the importance of supporting SAML and that you have a capability that doesn't exist in Intalio, Pega and others. Of course, one should ask the question of why others don't have and whether the issue in terms of implementing it should be that difficult. Many of the BPM engines run on top of J2EE containers such as BEA Weblogic Server which provide support for SAML as well as other methods for passing around identity. In the world of BEA, a product vendor needs to hook into the Identity Asserter mechanism and simply leverage.
    The rationale for storing policies centrally is more than just one product needing to be its own enforcer. In an integrated world where a BPM engine needs to talk with an ECM engine, the need for these two to have the same access control policies is important.
    It is good to see that XACML checks are done to protect web services but they may also be leveraged by UI components as well as access enforcement may require displaying or not displaying a particular feature/function.
    While everyone stores metadata inside the process definition, there is no technical reason why it can't also store a pointer to an XACML PEP there as well. Minimally, there is a semantic issue around whether a process can be self-contained within a single engine or spans them.
    Could you in an upcoming blog entry explain in more detail not how things currently work today but what is the real constraint in terms of BPM engines leveraging XACML? Likewise, it would be equally interesting to understand other aspects of BPM engines such as their ability to support asymetric encryption, log management and the ability to leverage existing directory services. After all, I think many would agree that a BPM engine should store processes not users.

    There are two dimensions to security with the first being security features which we have done a great job of talking about. The second dimension of security is one we haven't discussed yet as that is whether the design and coding of a given product is secure. I would be intrigued to learn what occurs within the walls of Lombardi Software when it comes to not just making sure a design meets the functional needs of customers, but also the often unstated security needs of your clients. Likewise, I would be even more interested in learning what tools Lombardi uses to ensure Secure Coding practices have been strictly adhered to. Do you leverage Ounce Labs, Fortify Software or others?

    It is a good thing to see that CTOs are participating in the public discourse. In order to encourage others to participate, I ask that we trackback to each other. Likewise, it would be great to hear from Bruce Silver, Sandy Kelmsey and other industry analysts on their perspectives on BPM and Enterprise Security and how they should converge...


    # posted by James McGovern @ 5:30 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-14



  • It's not the government stupid
    Did you know that Indian Outsourcing firms don't pay income taxes?

  • Infocards and SSL Termination
    Rohan Pinto asks about a popular deployment of SSL Load balancers in large enterprises and how it will work with CardSpace. To date, the conversation regarding user-centric identity has been consumerish. Now its time to get down to business.

  • Documentum Opens Up (Not)
    I wonder how folks such as Laurence Hart see this playing out for his practice?

  • Five Ways to move beyond Conventional Wisdom
    Independent thought is pretty rare these days, partly because those who think differently are ridiculed and if your last name happens to be McGovern, you are periodically taken out to the woodshed...



    • # posted by James McGovern @ 4:30 AM links to this post
    | | View blog reactions


    Tuesday, November 13, 2007

     

    Enterprise Architecture and the Confused Deputy Problem...

    Programs generally take actions on the behalf of other programs or people. Therefore programs are deputies, and need appropriate permissions for their duties. The confused deputy problem happens when the program applies permissions that it has for one reason for the wrong reason, and therefore allows something that it shouldn't...



    A classic example involves a program that needed write access to its licensing information so that it could track usage. The problem came when the user accidentally asked the program to remove the contents of a folder that happened to contain the licensing information. The program should not have done that, but had the necessary permissions and did. A more up to date example would be a program that needs read access to the local file system to get information needed to display information, but which can be tricked by the user into reading part of the file system that it should not, for instance displaying /etc/passwd. Many more variations exist.

    Generally, people say that this happens because the application had security holes or was poorly coded. However, when constant vigilance becomes necessary to keep things from going on, it is good to find a more fundamental cause. In this case, a more fundamental cause is that no direct connection is maintained between what the application does and why it has permission to do that.

    If you look at modern security approaches, you may conclude that the better answer is to leverage XACML where each enterprise application (e.g. BPM, CRM, ECM, ESB, ERP, etc) implement a common grammar for how access control is modeled, such that it enables runtime conflict resolution and reads more like a business requirement than a confused list of flags we know as access control.

    Many software vendors have been negligent in terms of designing their own code to centralize authorization decisions via a standardized interface and have spread authorization decisions throughout. A good question that should be added to RFPs sent to vendors such as EMC, Oracle, CA and others, is to ask when will they support XACML on their roadmap. If you detect hesitation, it may uncover a suboptimal product design that they don't want others to know about.

    Within the open source community, since source code is transparent, a good example of doing it correctly is Liferay Enterprise Portal where if you decided you wanted to support a different model for authorization, you can simply extend the PermissionsChecker class and you are off to the races.

    Sadly, software vendors in the ECM space such as Stellent, Documentum and Alfresco don't incorporate such a notion in their architecture. Nuxeo is the only ECM platform that doesn't suffer from this deficiency, yet you won't even hear this from industry analysts. The news is even worse in the BPM space where players such as Intalio, Lombardi Software, Filenet, Pega and others aren't even having the conversation as to ways to change their security model for the better. I assume that if enough customers uncover the problem with ACL-based models, that will change very quickly.

    Anyway, if you have to spend time figuring out how to connect what the application does and why it has the permission to do that and not thinking about how it would increase productivity by having the ability to simply declare a policy using a standard grammar then you to are a confused deputy...


    # posted by James McGovern @ 7:30 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-13



  • The War on the Unexpected
    The security professionals failed completely on 9/11. The only effective Americans on that day were the security amateurs. The shoe bomber was stopped by amateurs before the professionals deployed any million dollar sniffers or had us all walking in our socks through airports. Does this remind you of how large enterprises work?

  • Pair programming and productivity
    The University of Utah study in 2000 found as much as an 86% reduction in defects, with an increase of initial coding time of between 0% and 15%, as compared with two people working individually to produce the same quantity of code. How come more Enterprise Architects aren't attempting to overrule their process weenie CIOs and encourage this practice?

  • Calling Rapist Hispanic is Racist
    While offtopic in terms of my blog, this is a predictor of how political correctness and inclusion may backfire.

  • A warning to CIOs on Survival
    Lora Bentley believes If you’re not using open source or at least contemplating its use in your organization in the near future, “you should be fired.”. My belief is that your job being outsourced while the ones you already moved offshore come back on would be a much better form of justice.

  • Is there too much talk about EA Process?
    Maybe we could turn this into a challenge for other bloggers to put a ban on blogging about process for the next thirty days. This would remind me of alcoholics anonymous.

  • Outstanding Questions regarding BPEL and ESB
    It would be interesting to hear from participants from the Intalio, Pega, Lombardi and jBPM communities.

  • Docstoc.com: Find and share professional documents
    Finally, a site more useful than the usual dribble of industry analysts babbling about social networking. The ability to share documents amongst the community in a creative commons way is compelling.



    • # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Monday, November 12, 2007

     

    More Links for 2007-11-12



  • Free Ford Mustangs
    Here is an interesting site that discusses how some residents in America can get a free Mustang.

  • Sun Java System Access Manager
    Pat Patterson glows with joy regarding Gartner's Magic Quadrant but of course would never talk about how much of this functionality should be built into J2EE containers. Consider the simple fact that both BEA and JBoss support both SAML and XACML within their containers while Sun doesn't feels like they are leaders in one quadrant while being laggards in another.

  • Chinese Bloggers, we feel your pain!
    Sadly, as we move towards a global model of interaction, America will practice censorship in the name of alignment.

  • Windows Update
    Enterprises need to noodle ways to make their infrastructure more secure and this starts with understanding that the software ecosystem requires more interoperability and integration than is usually discussed.

  • One Hundred Enterprise Architects Meme
    I wonder when someone will start an equivalent of 100 CIOs or 100 Chief Security Architects?



    • # posted by James McGovern @ 11:00 PM links to this post
    | | View blog reactions


     

    The One Hundred Enterprise Architects Meme

    Memes spread through the blogosphere like wildfire. One that was recently started was a meme where Enterprise Architects of Fortune 200 enterprises connect to each other via LinkedIn. I have always said that social networking is vital to the long-term sustainability of enterprise architecture and therefore will accept invitations from others. Send invites to: linkedin at jamesmcgovern dot com.


    # posted by James McGovern @ 8:30 PM links to this post
    | | View blog reactions


     

    Patriotism and the successful IT executive...

    A friend of mines recently commented on the lack of military service amongst today's IT executives. I challenged him to name a single IT executive with a military background that also lead an IT offshoring effort and he understood my point...



    Today, may be the only day (if you are lucky) where your boss will even pause for a moment to think about our country. The savage focus on the numbers is dehumanizing corporate environments to the point where it destroys morale and causes folks to care less which results in less innovation which results in less revenue. The vicious cycle can only be stopped by getting IT executives to publicly speak on their fiduciary duties towards leadership of which patriotism is one component.

    Maybe we could noodle how many reservists are IT employees who are serving in our Armed Forces putting themselves in harms way so that IT executives can exercise their right to ensure that they won't have a job when they return. Maybe we could noodle the potential of young bright individuals and the possibilities that could be afforded to us if we gave them the same chance to become IT employees as folks in other countries nowadays have.

    Don't worry though, we are Americans with a short attention span, so today will pass and nothing will change. We will continue eliminating opportunities for our citizens and celebrating the bottom line. We will continue to get it twisted by thinking it is a best practice to think about globalism while ignoring that the real best practice is community orientation and that all communities are local.

    On the way home, we will drive through many inner-city neighborhoods and ignore the poor. After all, our priority is to create a middle class in other countries and not our own. Maybe, we should work even harder in changing the accepted meaning of diversity and inclusion so that it doesn't reflect past sins but allows us to rationalize our decisions in hiring? Maybe the notion of supporting our troops is a buzzword that we should also repeat at opportune times but never believe and most certainly shouldn't take action on and instead focus on our next bonus which may be tied to us being even more unpatriotic...


    # posted by James McGovern @ 8:30 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture: Thoughts on Windows Update

    Imagine what would happen if Microsoft bloggers actually read this blog entry where I commented on Microsoft Windows Update and decided to take action to make it better...



    Have you ever thought for a moment why Microsoft platforms always get a bad rap? Sometimes it is well deserved in that their operating system wasn't built with security in mind. Of course they have initiatives around secure coding but it will be difficult at best while also attempting to maintain backward compatibility.

    Anyway, half of the problems of the Microsoft platform aren't Microsoft's fault but are more about third party software running on top of it. If you were to look at your own desktop, you may realize that you have at least a dozen or so software products installed that Microsoft didn't create. Each of these products may have their own way of patching software, but the problem is that you probably have no clue that a patch even exists or where to find it.

    The Windows Update platform could be the solution to this problem. By providing one place where users can find all the necessary security patches can help make the Windows operating system more secure. For the record, I am not asking Microsoft to provide hosting for the patches themselves as this would kill their bandwidth, but I am asking for them to help figure out ways for users to find them.

    What if the folks at Microsoft provided MFC classes that allowed for Windows Update from the UI? What if the same MFC classes had hooks into the update code? What if the act of code signing an application also allowed for registration to the Windows update site?

    Enterprises spend a lot of time on patch management where vendors such as Microsoft, Oracle and others are not only the problem but have the potential to become part of the solution. Think about how much money large enterprises spend simply patching things and then prioritize its importance. I think you get the picture....


    # posted by James McGovern @ 5:45 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-12



  • Using Technology to Fight Poverty
    Good to see that other Enterprise Architects understand that profit isn't the only motive.

  • Judging Project Managers in 10 Minutes
    This blogger believes If they just use jargon from the PMBok, I put them on the lower end of the scale. Do you agree?

  • Penrose Virtual Directory
    I haven't seen any of the open source industry analysts provide commentary on this product but it feels competitive to OpenLDAP and Oracle Virtual Directory

  • IT and Patriotism
    What is the responsibility of IT employees to show a little bit of patriotism?

  • Federated Identity and Social Networking
    Curious to understand what others feel the responsibility of software vendors such as Sun, BMC, Oracle, HP and CA is towards helping their customers not only purchase products but to also federate with each other?

  • Principles for Enterprise Architects
    So far the conversation in the blogosphere on Enterprise Architecture is usually centered around a set of processes when it should focus on a set of values.



    • # posted by James McGovern @ 5:30 AM links to this post
    | | View blog reactions


     

    More Links for 2007-11-12



  • Why is Azul Failing with such cool technology
    Azul Systems has several things it needs to overcome. First, I bet you didn't know that most J2EE application servers including WebSphere, JBoss, BEA WebLogic and others have fundamental design issues that prevent it from using more than a dozen or so CPUs. I bet you won't learn of this from your friendly neighborhood industry analyst. Furthermore, it takes special skill to write an application that can leverage that many CPUs. Azul Systems will continue to struggle until the industry at large figures out how to design better software.

  • Authenticate against something else, its not that hard people
    It is especially difficult for ECM vendors though.

  • Whats more boring than Human Resources
    I would add discussions in the blogosphere regarding Smalltalk, enterprise architecture processes and CMMI.

  • TJX: Update on Credit Cards and PCI
    TJX has been given until 2009 to get compliant with PCI. Folks have to understand that PCI isn't really about protecting consumers but more about protecting the Visa and Mastercard brands.

  • Barbie is an Identity Provider
    Kim Cameron comments on Barbie. I wonder when he will comment on plans for Active Directory to be an OpenID Identity Provider?

  • 2008: JavaOne call for papers
    The notion of submission doesn't feel right. How come conference chairs are simply inviting folks with compelling topics to present? Is it that folks at Sun have no clue?

  • Software Metrics Don't Kill Projects, Moronic Managers Kill....
    I couldn't have said it better myself!

  • Oracle World
    Bex Huff is off to Oracle Open World. Maybe he could figure out why the word open is in the title?

  • Pluggable Security Architectures
    I wonder if Oracle Fusion supports a similar notion?

  • Nested VM
    NestedVM provides binary translation for Java Bytecode. This is done by having GCC compile to a MIPS binary which is then translated to a Java class file. Hence any application written in C, C++, Fortran, or any other language supported by GCC can be run in 100% pure Java with no source changes.



    • # posted by James McGovern @ 2:00 AM links to this post
    | | View blog reactions


     

    Principles for Enterprise Architects

    Many of my industry peers have a ton of integrity and are willing to jeopardize their careers in support of unwavering values...



    Below are principles for the good ones amongst us. As for the rest, continue along with your perception is reality mental disorder:

    To make sure all 170,000 members of our Armed Forces who won't have the privelege of being home for the holidays are not forgotten, consider making a generous donation to USO or Give to the Troops...


    # posted by James McGovern @ 1:45 AM links to this post
    | | View blog reactions


     

    OpenID and Windows

    I had an interesting idea that I wanted others to tell me whether it makes sense. I periodically visit Internet Cafes on vacation and have asked myself, why is my identity only limited to Internet web sites. When I sit down to use someone else's PC, why can't my identity travel with me?

    Wouldn't it be interesting if someone from the OpenID community wrote new Login method for Windows PC that hooks the GINA to allow a user to specify their OpenID? The notion of federating down to the desktop is compelling. It could be equally interesting within an outsourcing context where folks in India who may use Citrix for remote access as well.

    What am I missing?


    # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Sunday, November 11, 2007

     

    Links for 2007-11-11



  • How Do You Describe A Project Problem?
    There is so much knowledge about software project management available in bookstores, universities, businesses and the internet, if you encounter a problem in your project, chances are the right solution is already invented and waiting for you to find it.

  • Adventure Game Studio
    A point-and-click way to make video games absolutely free.

  • EA and Software Factories
    Mike Walker provides an interesting perspective on how design patterns can provide a great way of communicating and accelerating solution development in the enterprise.

  • The Problem is what people consider important
    I couldn't have said it better than Taran Rampersad

  • Bullshit Bingo
    A great way to stay awake in otherwise useless meetings.

  • Labor Shortage and Outsourcing Contradiction
    Many believe that the skills shortage is fabricated. What do you believe?

  • Sun's Open Source Strategy Questioned
    Former VP Larry Singer says he left Sun because he disagreed with CEO Schwartz's over-emphasis on open-sourcing when the company should have been focusing on generating revenues. Maybe it is a good thing that he left as he thought that open source was all about free when it is all about connecting with new customers and helping build brand.

  • Seven Reasons why Money is NOT the best motivator
    So much for bell-curve compensation theories.



    • # posted by James McGovern @ 1:45 PM links to this post
    | | View blog reactions


     

    Microsoft vs Oracle vs Sun: Will the most ethical software company please stand up...

    Have you visited: We Are Microsoft? They are sponsoring a three day event that matches developers with charities to develop applications for those charities. At the end of the 3 days, all of the participants will vote and the winners will be proclaimed champion coders.

    I wonder why folks from Sun, EMC or Oracle aren't organizing similar events. Is it because they can't find their identity?


    # posted by James McGovern @ 12:15 PM links to this post
    | | View blog reactions


     

    Call for Papers: Enterprise Architecture Conference

    If you are in the UK and want to better understand Enterprise Architecture, I encourage you to attend the Enterprise Architecture conference. I would love to see Neil Ward-Dutton and James Governor present on software ecosystems, business alignment and technology gardens.

    Likewise, a presentation or two from Brian Chess, Dinis Cruz and Gunnar Peterson would put it over the top...


    # posted by James McGovern @ 10:00 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture: Do we also have a patriotic duty?

    One common but incorrect assumption regarding enterprise architecture is that the main concern is the bottom line and profit...



    If you understand that enterprise architecture is also about stewardship and we have a duty to be Keepers of the Flame then the conversation regarding enterprise architecture becomes more than just a discussion about process and instead focuses on the human aspects of technology.

    What if bloggers such as Robert McIlree, James Robertson, George Alexander and others where to get over their fear of discussing the human aspects of technology and added a dimension to their blog that takes a step beyond “knowing“ and “giving” around technology to to what we are “doing” with technology in the name of wiping out poverty around the globe and encouraging corporations to actually have values around patriotism. For the record, there is no such thing as globalism, but there is merit in focusing on local communities, where one lives, work and prosper.

    The funny thing is that us Enterprise Architects in corporate sectors think we are doing something meaningful when we achieve ROI but nothing could be further from the truth. In fact, many of our non-profit brethren actually are better practitioners of enterprise architecture as they are not constrained by the need to make a profit.

    There are many organizations and individuals out there doing amazing things with technology where the benefit is not a personal bonus or a shareholder dividend; it is a child who can read and write, a mother who can start a business to feed her family, or a saved life. Imagine if industry analysts such as James Governor, Alex Fletcher and Nick Malik also focused on this most important consideration. Other than individuals such as Graham Glass, this story needs to be told more...


    # posted by James McGovern @ 8:30 AM links to this post
    | | View blog reactions


    Saturday, November 10, 2007

     

    Links for 2007-11-10



  • Dell Computer Corporate Officers and Directors Email Addresses
    I suspect that many Dell employees will spend a lot of time on Monday managing email.

  • Want to shine as a Business Analyst?
    The role of business analyst is important and more than just creation of comprehensive documentation.

  • Fog: The Open Source Equivalent of Norton Ghost
    Fog is a basic computer imaging solution for Windows XP and Vista that ties together a few open-source tools with a php-based web interface.

  • The Growing IDM Suite
    Mark Diodati provides insight into CA Netegrity Siteminder yet doesn't talk to the community that CA has worked so hard to build behind the scenes. Bet you didn't know that CA makes tons of sample code available free of charge demonstrating cool ways to extend the Siteminder platform. Now the only trick is to find it.

  • Hesitation from Relying Parties
    I wonder if Ashish understands that even when multiple customers ask for functionality from vendors, it still may not result in a change of priority for many vendors.

  • I just donated money ($50) to Wikipedia
    Good to see that folks are becoming more open in terms of talking about charitable acts.

  • How Design Impacts Security
    Sadly, the security community only writes books on secure coding. Maybe someone needs to step up and write a book on designing secure software?

  • We Used to Worry About Security Appliance Sprawl - Now It's Endpoint Security Software Sprawl!
    We need to push for an approach to an ecosystem that allows devices that have visibility to our data and the network that interconnects them to tap this messaging bus and either enact a disposition, describe how to, and communicate appropriately when we do so.

  • What do Project Managers, Software Architects, and Software Process Engineers have in common? Some say… Unnecessary Overhead
    Don't folks understand that unnecessary overhead has been rebranded as governance?

  • Five Reasons it sucks to be a web developer
    I wonder if it would be politically correct for me to outline five reasons of why it sucks to be an enterprise architect?

  • The Practical Guide to Enterprise Architecture
    My book is being bootlegged again by offshore outsourcing firms. Maybe this is a good thing?

  • The Enterprise SOA Manifesto
    Self-reflection and evaluation by those practicing SOA is like trying to figure out the correlation between World Series and the price of tea in China



    • # posted by James McGovern @ 11:00 PM links to this post
    | | View blog reactions


    Friday, November 09, 2007

     

    Developing Open Source for the Microsoft Windows Kernel

    I have this hair-brained idea on ways to improve the Windows Kernel and believe the best way to accomplish this is via open source...



    The Windows kernel today has several deficiencies that can be explored in order to increase performance. First, if you acknowledge the fact that the vast majority of CPU capacity within most enterprise data centers goes unused, then you may also acknowledge that the algorithms used for scheduling of resources is also flawed. Instead of schedulers attempting to keep CPUs busy, what would happen if they instead focused on keeping IO moving?

    The Windows kernel also allocates threads on the stack, so if you were to assume that each thread took 2mb, 1000 threads would consume 2gb of RAM. If we can move away from stack-based threads to allocation on the heap, we could enable order of magnitude increase in concurrency while also freeing up memory for more important things like caching of data. Likewise, it would help increase security by eliminating the notion of a stack overflow.

    These two changes would displace GNU Linux as the number one platform for software appliances and allow Microsoft to retain its lead. Does this make sense or am I full of it?


    # posted by James McGovern @ 8:30 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-09



  • Why smart people defend bad ideas
    We all know someone who’s intelligent, but who occasionally defends obviously bad ideas. Why does this happen?

  • IT Professionals
    It is intriguing when you analyze the demographics of attendees of IT conferences as interesting patterns emerge.

  • Top Billing for PingFederate
    Mike Neuenschwander of Burton Group comments on a variety of federation products and classifies them but never talks about whether any of them are needed. Today, you can build a federation with software you already have by leveraging Active Directory Federation Services, the built-in SAML support for JBoss and BEA Weblogic Server and so on. The issue is more about whether you have the need to bridge protocols. Maybe the Burton Group guys could collaborate with their APS team and talk about leveraging federation approaches using existing software?

  • ITExpo East 2008
    This conference will be following the trend of other conferences by setting registration fees to $0 in order to encourage attendance by enterprise customers. This is a smart move and good for software vendors that exhibit.

  • Linux Game Company Open Doors
    The ransom model to funding commercial open source will be intriguing to industry analysts such as James Governor and Alex Fletcher. I look forward to reading their take.



    • # posted by James McGovern @ 6:00 AM links to this post
    | | View blog reactions


     

    Federated Identity and Social Networking

    I am attempting to kick off an initiative for my industry vertical in the federated identity space and would appreciate assistance in making contact with industry peers...



    One of the more interesting behaviors that I have ran across is a failure on my part in terms of using social networking to make contact with industry peers. Generally speaking, social network sites such as LinkedIn and even the blogosphere itself still doesn't enable certain types of interactions.

    Part of the problem is that the days of being genuinely helpful and not expecting to get something out of a small effort are long gone. Industry analysts hide behind non-disclosure agreements while software vendors only participate in social networking sites and blog to propose thinly veiled sales pitches.

    We will be having our first meeting this month where major players in the Insurance Vertical will be discussing ways to implement Federated Identity for our vertical. If you happen to be an EMPLOYEE of a major carrier and would like to participate, please do not hesitate to contact me on LinkedIn.

    We are NOT entertaining requests for participation from consulting firms, industry analysts or software vendors at this time, it doesn't mean that you aren't welcome to forward contacts that you know could benefit from this initiative. Besides, it is important to understand that you don't always have to be a degree away in order to achieve your goal as networking is just that, networking...


    # posted by James McGovern @ 5:15 AM links to this post
    | | View blog reactions


    Thursday, November 08, 2007

     

    Enterprise Architecture: Can you build software using the factory model?

    Real Enterprise Architects that understand that you shouldn't run your enterprise using management by magazine, substituting process for competence and using the words management and leadership interchangably also understand that the factory analogy is flawed...



    While the perception management crowd continues to get it twisted, reality says that you can't factory-produce software. Developing software is more like team surgery, where competency, experience, group chemistry and knowledge of the patient go a lot further than a set of processes for how the surgery should be performed...


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-08



  • rPath and Software Appliances
    Gerrit Huizenga comments on building software appliances. My thinking says that the best way to build an appliance would be to leverage VMWare and figure out ways to avoid installing an operating system. Approaches such as BEA's LiquidVM feel like a good approach. Hopefully, folks in IBM and EMC can provide public guidance on writing applications on top of VMWare and Hypervisors and not using an OS at all.

  • Question For Software Project Management Academics
    Let's see if others can help make project management into a discipline and move beyond PMBOK

  • IT Professionals
    Does anyone else in the blogosphere have a problem with the fact that IT has way too many males? Indian outsourcing is making this problem worse. How come we can't change our Visa policy to only allow long-haired ladies from India to work here and keep the guys at home.

  • More self-issued stuff
    Dave Kearns points out weaknesses in Jeff Bohren's blog regarding claims. If you are following the user-centric discussion, this is worth a read.

  • What's wrong with an independent BEA?
    Haven't you heard that Oracle Fusion is having a meltdown? The notion of a common framework to be used throughout all product lines is noble but challenging. RSA is going down this same path but also has ran into internal challenges. Luckily, BEA has a better approach that either of these companies if smart would be wise to purchase. My bet though is that HP will get a clue.



    • # posted by James McGovern @ 6:00 AM links to this post
    | | View blog reactions


    Wednesday, November 07, 2007

     

    Quote of the Day: November 7th 2007

    Processes don't do work, people do.

    John Seely Brown


    # posted by James McGovern @ 5:30 PM links to this post
    | | View blog reactions


     

    Enterprise Architecture: Are you reading and believing misleading advice?

    Many bloggers who write about enterprise architecture are doing the community at large a huge disservice by talking about process while not talking about practices...



    There is way too much discussion regarding improved processes these days, including everything from ITIL and RUP, CMMi, project portfolio management. Many folks who aren't indoctrinated process weenies can be heard in the corridors of large enterprises saying phrase such as: "They are talking about creating a complicated, time consuming process involving spreadsheets and GANTT charts that could all be done on the back of a cocktail napkin."

    The phrase about getting on the bus seems to be the latest meme traveling across enterprises. If you have ever read book: Good to Great by Jim Collins, you would notice that great enterprises acknowledge:


    If you hire the smartest people, give them the best tools, and let them work, they will do the right thing, intrinsically. You only need process when your people have let you down. In fact, when you institute a mandated process, you are slapping your employees in the face. You are saying, "I don't trust you to get this right, so I, your leader, have mandated that you must follow these steps." The best people will follow the best practices.

    Get the right people on the bus and get the process off the bus. Let the people find the best practices and let them have a great time producing great valuable working software...


    # posted by James McGovern @ 8:30 AM links to this post
    | | View blog reactions


     

    Interesting Statistics on Microsoft Internal IT

    Microsoft internal IT:

    600k connected devices
    10,000 Servers
    3 Datacenters 1 operations center
    11% is virtualized in Microsoft Datacenters
    330 of 385 servers run Windows Server 2008 (RC0) plus all 85 Microsoft.com servers
    11 clustered systems
    30,000 users in redmond domain (50,000 with vendors)
    NAP reporting 140K clients, 90 clients deferred mode

    The Redmond Active Directory domain is running in Windows Server 2008 mode since last thursday (Nov 1st)

    Microsoft Email:

    6 million internal emails per day
    20 Million emails from Internet
    97% rejected as spam
    99,999 uptime

    Worldwide:

    140,000 end users
    550 buildings
    98 countries
    1/3 of the sites are connected over Internet only

    2300 Line of business applications
    1 single SAP instance (5 Terrabyte database)
    Dynamics/MSCRM

    Windows Live Services:

    130,000 servers online
    435 Million unique users
    280 Billion pageviews daily
    12 Billion emails daily
    6 billion Instant Messages daily

    Remote connect
    1 million VPN sessions per month
    80,000 unique OWA users
    Remote app portal
    TS gateway 20,000 users
    Direct Connect pilot

    Microsoft.com figures
    55,7 million unique users, #4 overall site in US
    280,5 Unique users wordwide #6 site worldwide
    15,000 request a sec


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    More Links for 2007-11-07



  • Ideal Log Management Tool
    The notion of log management isn't discussed much by industry analysts nor magazines but is something that should be on the radar of most enterprise software development firms.

  • Medtronic: Becoming a world-class IT organization
    Not only is finance doing their part, but I hear they have some pretty bright individuals working on their enterprise architecture.

  • Where in the World am I
    Stephen, the next time you travel to St Croix, ping me as I have family there that can show you the better parts. Besides, nothing is better than a meal made by a native.

  • China Bans Bibles at the Olympics
    This blogger doesn't understand that having a set of values and publishing publicly will get him labelled as a racist, especially since his comments are directed at another country.

  • Enterprise Security and Responsibility
    When other bloggers comment on observable weakness, are they doing so simply to get a rise or to get a discussion on the problem space so that the community as a whole can brainstorm solutions?

  • Security Standars for the Country
    It is good to see IT executives leading the charge for standards to be embraced by an entire industry vertical

  • Feeling superior while people starve
    The key may be to leverage one's feeling of superiority by encouraging them to focus on Making Poverty History

  • OSIS User-Centric Identity Interop
    I have been known from time-to-time for giving industry analysts a hard time, but I must give kudos to analysts Gerry Gebel and Bob Blakley of the Burton Group for not just reporting on vendors and their ability to execute but in also helping them become better.

  • Cisco acquires Securent
    The most brilliant Shekhar Jha provides insight into Entitlements management and why it is important to not only Cisco but large enterprises. Software vendors need to pay attention to his message.

  • SmallTalk Video
    James Robertson of Cincom has been busy creating videos on using SmallTalk that are actually really good. I would love to personally see a video on ways to design application authorization and log management as upcoming features. I hope he will honor my request.

  • Java and Ruby
    Here is a great article on how to integrate a Java Swing application with Ruby using NetBeans. I wonder if anyone knows how to integrate Java and Smalltalk?

  • Carter and The Devil in the Detail: a mammal’s eye view of industry analysts
    The vast majority of Enterprise Architects in the blogosphere read James Governor's blog and even have him on our blogroll, yet others question the influence he has. What's wrong with this picture?

  • CTO for Hire
    Brenda Michelson is intriguing at many levels. Imagine the thought that someone actually figured out that industry analysts tend to know who are the best and brightest within the IT industry and that they make better recruiters than recruiters.



    • # posted by James McGovern @ 7:45 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-07



  • Instance Based Security
    Anil Saldhana is looking for assistance in terms of XACML enabling a non-J2EE application. The best advice I can give him is to take a look at the source code for JBoss and borrow it since it is open source. Reality though says that folks from Securent, Oracle, RSA, Jericho Systems and BEA need to understand that if XACML is to be successfully incorporated into products that aren't security-oriented such as ECM, ERP, CRM and BPM that an 100% open source implementation needs to exist. Maybe Anil could look towards Sun maturing its reference implementation?

  • When IT resists Open Source
    I wonder if this blogger understands that much of the resistance would disappear if industry analysts stopped justifying existing practices and started putting open source products on the same level playing field as commercial proprietary products in their Quadrants and Waves.

  • The Magic (of) Quadrants
    This blogger refers to the Quadrant as a money shot, unfortunately sometimes it is premature.

  • Documentum ECM Platform
    Curious to know if Documentum is the only platform that needs acceleration?



    • # posted by James McGovern @ 1:30 AM links to this post
    | | View blog reactions


    Tuesday, November 06, 2007

     

    More Links for 2007-11-06



  • Do Technologists dream of non-toxic futures?
    Focusing on values over comprehensive documentation is good practice

  • Gung Ho Organization and Enterprise Architecture
    Andy Blumenthal is the Director of Enterprise Architecture and Strategic Planning for the United States Coast Guard. It is good to see that he is doing more than his fair share in terms of bringing the right thinking to our Armed Forces. I encourage others to check out his blog.

  • Bystander Apathy: Discriminatory Enabler
    It is good to see that folks believe it is important to share their thoughts with others so as to not be a bystander. The blogosphere is an interesting place where perception management is even harder to control where no conversation lasts more than any particular entry. Luckily, some stand to reason, choose to not be offended and seek a higher moral ground than the masses.

  • Democratizing Architecture Creation
    Aloof Schipperke asks is it possible that self-directed learners could become the norm, rather than the exception? In my tiny little world, I would like to think that this is reality today and that the only impediment is in having the right compensation systems and IT executives that appreciate this type of activity from their reports.

  • Sameer Tyagi
    I have known Sameer for almost ten years and he is not only one of the best Architects on the planet but also one of the most human. The funny thing is that I always wanted to apologize for something that has been bothering me for years that I never had the courage to say. Awhile back, when I was less human and solely focused on money, I questioned him on why he contributed to a certain charity. Of course, he was man enough to simply brush it off and didn't throw daggers or find faults. In other words, he chose to be the bigger man. Don't share this with him, but he inspired me to think about charity more than anyone else. He even one upped me by making worthy charities more prominent on his blog than mines...

  • Human rights and wrongs
    History will reflect poorly on those who have exercised their right to remain silent and allow genocide to become pervasive while those who encourage charity are the ones who are considered wrong. When did wrong become the new right? When did we as IT professionals forget about being human and compassionate to each other?



    • # posted by James McGovern @ 9:00 PM links to this post
    | | View blog reactions


     

    Charity: Giving to some may be a bad idea...

    Charities that put scales of requests of $500, $1000, $2000 especially after a one time donation, marked as such are using a different idiom of giving/sharing...



    If charity is amongst a community of neighbors, there's an asking only when one knows the person is in a position to give. Many corporations broadcast requests to their employees to contribute to charities such as United Way which puts a strain on the relationship of giver and accepting if one doesn't consider this is a different dialect of impersonal optional request.

    Sponsoring a specific whale or child or shoebox of school supplies project works effectively as a selling-charity model because people want to see tangible, one-individual results. If your money ends up being lost in a huge organization on pages of printing that were mistyped so all junked, your piece of the pie, big for you, small for multinational charity, is devalued, nulled.

    Awhile back, Esther Schindler encouraged me to make a donation to her favorite charity: Heifer International which I quickly abandoned because of the above tactic. Likewise charities that abuse personal contact by printing address labels in an attempt to feel obliged to reciprocate is outright manipulative. This act engages a psychological habit but creates cognitive dissonance.

    For those that want to contribute to worthy charities, please check out the ones listed here...


    # posted by James McGovern @ 10:00 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-06



  • Self-issued cards are more secure
    Pamela Dingle on one level is correct that self-issued cards are more secure in that attacks against an identity provider that has only a few things aren't worth the time for hackers to penetrate where as managed card implementations suffer from gaping security holes that exist for other reasons. The issue that all the folks in the community are ignoring because they are wearing their consumerish glasses and can't see the B2B need is that having a managed card in a business scenario could afford you with indemnification which shouldn't be underestimated. Hopefully, we can acknowledge that indemnification is a component to being secure.

  • Oracle: You should support direct authentication against Active Directory
    I wonder why Oracle employees such as Tom Kyte, Mary Ann Davidson, Roger Sullivan, Amit Zavery or Mark Wilcox hasn't chimed in on when Oracle will support direct authentication against Active Directory without requiring an additional product?

  • Open Source Identity Management
    Does anyone know how this compares to Sun Identity Manager, BMC or Oracle?
    • Will Gartner consider including it in their magic quadrant or continue to ignore open source as a viable solution to enterprise problems?
  • Single Sign-on, SAML and Authentication in Documentum
    Craig Randall acknowledged Security, in order to be done correctly requires server APIs which run in the address space of Documentum itself but never posted any guidance on how to enable. I look forward to him and Robin East outlining solutions to this approach.

  • Sun Identity Manager
    Have you ever noticed that Kim Cameron blog whenever you present a new information card to it requires a workflow of sorts? I wonder if the relying party needs the ability to kick off a workflow via a standards based mechanism and whether it should delegate to an identity management tool such as Sun which should expose SPML or a BPM process that uses BPEL?



    • # posted by James McGovern @ 6:30 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture and the Titanic Effect

    The thought that disaster is impossible often leads to an unthinkable disaster...



    Turning the large enterprise in the direction it should head is a herculean effort. I am of the belief that the best way to accomplish this goal is for enterprise architects to focus on the creation of valuable working software. We tend to spend way too much time on working up the ladder while ignoring what it takes to create great software and the folks who from an organization chart perspective are below us.

    What if we were to noodle ways to make ourselves more efficient at the lower levels? While I asked Why have process? maybe the question should have been what should enterprise architects acknowledge in their own minds when it comes to process. The analogy of manufacturing is the latest meme to invade the mindset of corporate America, so maybe the best way to uncover bad EA thinking is to think about software development as a plant.

    Now, if we were to analyze each phrase, you may walk away with a couple of action items. Consider that if speed of the bottleneck is the speed of the plant then maybe you should have an initiative to figure out where the bottlenecks are. If it is your governance and folks are stepping in it, then maybe it needs to be removed. If Indian outsourcing slows down delivery of software then maybe you need to bring it back inhouse. If we focus on Dont run for individual station efficiency then we may acknowledge that we spend way too much time selling up the foodchain and need to spend more time interacting with the masses in our organization whom actually make things happen. We may even acknowledge while transparency is important, that we shouldn't sacrifice productivity for it.

    Have you noticed that since IT outsourcing became popular, most enterprises haven't actually focused on making software development more productive? In fact, I suspect that most have made it more inefficient. The funny thing is that Indian outsourcing firms also never take steps to increase productivity as it would have the side effect of less hiring. Someone has to keep this process honest...



    # posted by James McGovern @ 5:30 AM links to this post
    | | View blog reactions


     

    Promoting the concept of Team Leads

    Indian outsourcing is best enabled when their clients not only acknowledge the importance of having a role of team lead to work with but also when the team leads are the strongest developers in the group and work hard to ensure that they get to do as much real development with as little administrative overhead as possible...


    # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Monday, November 05, 2007

     

    Enterprise Architecture: Do you abuse the phrase Best Practices...

    The phrase Best Practices flips the "yet another buzzword" bit of many of us literal-minded architects...



    "Best practices" is becoming a synonym for "the way I do it". It is used as a marketing term and as an argument for the status quo. Usually the folks using this phrase also are savage practicer's of hand waving when doing presentations.

    I am always busy correcting folks and telling that there is no such thing as a best practice. I do use the phrase: practical considerations and sometimes decent practices to describe practices that others should consider.

    Best Practices is often used as a shortcut instead of thinking for oneself. If a practice is good, it should be possible to justify it in its own terms; and if not, calling it a Best Practice will not improve it. Whether a practice is good for me or not depends on what I am trying to do with it. Just because some others in a similar (but not identical) industry do something and have judged it to be (or call it) best practice does not automatically guarantee that it will be good for me. Small differences in situation can result in a large difference in effect.


    # posted by James McGovern @ 9:00 AM links to this post
    | | View blog reactions


     

    More Links for 2007-11-05



  • Why Software Development should be like the Miami Herald
    Joe Arnold provides insights into how software development should work in large enterprises. I suspect that he is indicating that it is less about process and more about values which are missing in action in most shops where IT executives don't distiguish between management and leadership.

  • HP Security Handbook
    I wonder if HP encourages all of their products to undergo extensive secure code review and whether they use tools such as Ounce Labs, Klockwork or Coverity?

  • RUP User Group - Scott Ambler
    It seems as if agile methods for software development are no longer being discussed by industry analysts nor magazines such as CIO. We need to figure out how to get these demographics to resume the conversation in order to assist all those IT leaders managers to understand that if they adopt agility over heavyweight processes encouraged by Indian outsourcing firms they won't be alone in the wilderness.

  • Sponge Bob spotted in Trinidad
    I wonder if this is James Robertson hiding out from the rest of the Smalltalk community

  • The best paper in T&T
    Sorry to disagree, but I prefer the Guardian and the Punch

  • How to avoid evil habits
    Words of wisdom for the blogosphere.

  • Indian Sweets
    Indian food is so much more tasty when not made from someone from India, but from Trinidad

  • Cisco gets entitled
    Dave Kearns misses the point in that enterprises should focus on the platform and not the user. If you were to ask my boss, am I still an employee, he would say yes. The issue is whether folks have syncronization strategies where as if you ask my boss what am I allowed to do, he wouldn't have a clue. In fact, I don't have a clue either which is the more important architectural consideration that enterprises need to master. Identity is overhyped.

  • Death of PKI
    Anil Saldhana comments on PKI and falls for the hype of PKI equals expensive software vendors. Maybe the focus should shift away from products and towards problems which will cause a different type of conversation to occur. Anyway, I wonder what his thoughts are on identity based encryption?

  • Discussion on ECM standards
    I wonder if Apoorv Durga would be willing to step up and start a discussion on which security standards he would like to see Documentum, Alfresco and Stellent embrace?



    • # posted by James McGovern @ 7:45 AM links to this post
    | | View blog reactions


     

    Bob Blakely and Secure Coding

    Bob Blakely of the Burton Group pointed me towards a paper outlining why Information Security is hard...



    Bob is 100% correct in that if vendors adopt secure coding practices, it won't make much of a difference as the problem starts before even a single line of code is written. There is a subtlety that Bob missed in that he does ask vendors whether they have secure coding practices which is good but doesn't necessarily share it outside.

    Imagine if there were an analyst firm report that outlined which software vendors didn't provide evidence that they actually use tools such as Fortify, OunceLabs, Coverity or others in this space and it wasn't just available by calling up an analyst but actually published under Creative Commons for all to consume. I suspect that it would make a significant dent in the challenges outlined in the paper.

    The funny thing is that I wouldn't consider secure coding as something that leads to competitive advantage but more of table stakes. It should be expected that security product vendors are at least doing this and if us customers had more visibility / transparency then I suspect our purchasing decisions may change.

    More importantly, Bob Blakely is one of the few analysts that I absolutely respect and love his insights. In many ways, his style is in your face similar to my own. I would speculate that he sometimes is moderated and often has to moderate himself. While others may not appreciate transparency, I am one that does.

    Bob, even though you ask, I would like to see Anne Thomas Manes and her team also ask and publish whether vendors in the APS space are thinking deeply about security by investing in tools and practices. More importantly, I would love to see Guy Creese provide more insight into where enterprise security converges with ECM, where vendors are deficient and what steps they are taking to make things better...


    # posted by James McGovern @ 7:00 AM links to this post
    | | View blog reactions


     

    Business/IT Alignment and the Brococoli Principle

    It doesn't matter how healthy it is if they won't eat it...



    Survival instincts are the primary impediment to business/IT alignment. Consider the simple fact that not aligning doesn't have any negative consequences. While it is better for you, we are a culture that believes in instant gratification and not investing time in relationships.

    Sadly, when IT brought in non-technical managers with their process as a substitute for competence mindset, they managed to undo years of trust where IT folks would actually help each other. Now that we have Bell Curve Compensation there is no incentive for most to help IT align with the business nor for IT to even align with itself...


    # posted by James McGovern @ 6:00 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-05



  • Make Poverty History
    Good to see that bloggers from ThoughtWorks understand the importance of amplifying the need to talk about charity

  • Does outsourcing to the Caribbean make sense?
    Sure, especially if you believe in quality over quantity...

  • Leading in the technical environment
    Most Enterprise Architects miss out on opportunities to improve their own enterprise by not serving as mentors to those lower in the organization chart.

  • Speaking at Gartner
    I have asked for several attendees to put Todd Biske on the spot by asking questions such as which open source SOA tools do you think Gartner should provide deeper research on?

  • A Call for More Enterprise Architects to blog!
    Software vendors haven't yet figured out that it is in their best interest for Enterprise Architects to blog. Consider the fact that you can learn a lot about an individual prior to making a sales pitch simply by reading their thoughts.

  • The Real Meaning of Enterprise Architecture
    I know that everyone has their own definition, but should they?

  • SharePoint is not an ECM platform
    I agree with Laurence Hart that SharePoint is not an ECM platform. After all, its security model is externalized, you don't have to duplicate user stores and it is pervasively used in most enterprises. Putting Sharepoint into the category of Stellent, Alfresco and Documentum is an insult.

  • IT Industry launches SAFECode initiative
    Good to see that EMC is a participant. I wonder if they will beat Stellent in getting Documentum to be more secure first.

  • How design impacts security
    I wonder what others think of letting folks in India outsourcing firms do their own design and what they would recommend to customers to ensure that their designs are secure?

  • The Insecurity of Ruby on Rails
    I wonder if Smalltalk suffers from the same problem?



    • # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Sunday, November 04, 2007

     

    Links for 2007-11-04



  • Why Have Process?
    The purpose of process is to prevent work from being accomplished. Now I know why most Enterprise Architects who talk about process are having a hard time understanding how to align with the business.

  • Policy Driven Security
    Phil Schacter of the Burton Group is smart. Now if he could convince Anne Thomas Manes and others within Burton to start quizzing those ECM/BPM vendors such as Pega, Lombardi, Documentum, Stellent, Alfresco and others as to why they are so behind the times when it comes to modernizing the security within their product, there would be many happy customers.

  • On Toilet Paper and Cultural Differences
    JP Rangaswami comments on being from Calcutta but doesn't know that others in the blogosphere understand his aloneness. How often do you think I run across a speaker with my background at industry conferences? How many Enterprise Architects have I met like me?

  • Selling Web 2.0 by doing Web 2.0
    Of course if an Enterprise Architect wanted to be successful, he would in this situation have to come from a technical background

  • Uruguay, a Hot destination for IT Outsourcing!
    Many CIOs have strategies to reduce risk by moving much of their offshoring activities away from India towards South America which I think is a wise move.



    • # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Saturday, November 03, 2007

     

    India and Charity

    George Alexander thinks that the reason I blog on charity is for publicity, he may actually be right...



    I am savage in the belief that the best form of charity is to not outsource one's individual responsibility to make the world a better place by simply giving money to charities but that we should invest more of what is most precious, and that is time.

    The best way to make poverty history is to simply start talking about it. In the blogosphere, there have been a variety of memes such as 2000 Bloggers and others. What would happen if making poverty history were discussed with the same level of passion and frequency as Linux or Outsourcing, the problem would simply go away.

    You may be familiar with the theory that if a butterfly flaps its wings that somewhere in the world it would cause a Tsunami? What would happen if one sole individual traveled to India and bought ten bags of groceries for those in need, could it be felt in America?

    Of course this is silly and would be futile to think that one individual could make a difference. Examples such as Martin Luther King, Rosa Parks, Gandhi and others have proved this theory wrong. Now, if you think for a moment what it would take to get the message amplified, you would realize that it takes a nation of millions to hold people back and that the best way to overcome this problem is to find an even larger nation to talk about it.



    Simply, India is the most populous country on the planet. Imagine what would happen if just 1/10 of 1% of all employees of Wipro, TCS, Cognizant, Infosys, etc decided to trackback to my blog. Sure, I would gain from it in terms of getting a higher technorati rank, but more importantly millions of others may step up and decide to contribute groceries along with me. Minimally, they may even talk about it in their own blogs which are read by millions more.

    For the record George, I do not contribute to charity in order to reduce my taxes. If you must know, I do not itemize my taxes and instead take the standard deduction. The issue at hand is unlike other American's, I haven't bought a home that I can't afford nor have tons of credit card debt. In fact, my modest home was paid in full five years ago. The car I drive is a 1996 Ford Explorer which I paid cash for. Sure, you can throw daggers at me for driving an SUV but in all reality, I drive less than 10K miles a year, so I am more environmentally friendly that most.

    In terms of racism, that is humorous at many levels. If you think about diversity, I can truly say I am living it above and beyond anyone that attempts to throw daggers at me. Before commenting, it would be intriguing to understand how diverse one's family is when looked at through the lens of race, nationality, religion, etc. If you were to check the chromosomes of my two sons, you would see that they have both types of Indian blood in them (Choctaw and India). Likewise, you would also discover they could check the White, Black and Hispanic EEOC boxes as well. I bet most can't claim the same for their family.

    May I ask George to instead of posting responses as to why folks from India aren't participating, instead provide suggestions on how to get more folks from India to step up and have the conversation in the blogosphere...


    # posted by James McGovern @ 9:30 AM links to this post
    | | View blog reactions


     

    Should Enterprise Architects be allowed to write code?

    Over the last week, I have started to revisit programming in Microsoft languages, something I haven't done since 1998 when I became a Javaholic. It is interesting to pick up Visual C++ and see that in some ways MFC has improved immensely while in other ways it is still behind the times.

    Anyway, if anyone knows of any open source MFC libraries that do the following, please do not hesitate to point me in the right direction.


    # posted by James McGovern @ 9:15 AM links to this post
    | | View blog reactions


     

    More Links for 2007-11-03



  • Outsourcing as a strategic mission
    Are CIOs irresponsible for only outsourcing to India or should they also consider countries such as Trinidad and Venezuela?

  • Are you looking for a charity case?
    Charity is supposed to be a gift from the heart and not a payoff. I wonder why folks always expect something in return?

  • Future Risks of Knowledge Acquisition
    James Tarbell provides a thoughtful post on why we shouldn't focus on knowledge management

  • India and Charity
    I wonder if folks in Bangalore are more charitable than those in Chennai and Delhi?

  • Young people give back to community
    I wonder why we can't virtualize community giving?

  • Seven Characteristics of Successful Bloggers
    Are bloggers that practice philathropy more successful?



    • # posted by James McGovern @ 1:30 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-03



  • Cisco Acquires Securent
    Entitlements Management is the next wave. Folks in large enterprises are starting to realize that the conversation around identity management is simply not sustainable and that they need to change their focus. Sadly, most software vendors in the BPM/ECM space such as Documentum, Interwoven, Filenet, Alfresco, Stellent, Intalio, Lombardi and Pega aren't well positioned...

  • A day in the life of an Enterprise Architect
    Mike Walker posted an interesting graphic indicating breadth vs depth of enterprise architects. At some level this is true while at another All abstractions lie...

  • Are Business Applications Boring?
    If you believe this to be true, then you most certainly wouldn't make a great Enterprise Architect.

  • Enterprise Architecture and Astronauts
    So, what does the blogosphere think of enterprise architects?

  • Industry Analysts: Do they want to increase transparency?
    Very few of them desire to increase transparency in order to help end customers make better decisions.

  • Role of Architecture in Business Analysis
    This is the age old argument of how technical should Enterprise Architects be?



    • # posted by James McGovern @ 1:00 AM links to this post
    | | View blog reactions


    Friday, November 02, 2007

     

    Why Enterprise Architects may not be contributing to Open Standards...

    Lately, even I have been somewhat annoyed by other participants in the various communities attempting to create useful standards...



    When I joined the OpenID list in hopes of contributing insight on how OpenID may be used in large enterprise B2B settings, I immediately received at least one dozen offlist replies wanting to know more about the problem space so as to them wanting to sell me a solution.

    Likewise, whenever I post to the secure coding mailing list, consulting firms and software vendors come out of the woodwork. The same exact behavior is exhibited on LinkedIn.

    I wonder if folks understand that they are doing themselves and the community at large a disservice by practicing these thinly veiled tactics?


    # posted by James McGovern @ 8:45 AM links to this post
    | | View blog reactions


     

    Links for 2007-11-02



  • CIO Magazine and Open Source
    Esther Schindler wrote a wonderful article on Alfresco and marketing of open source.

  • ECM Standards for SOA
    I find it intriguing that vendors throw daggers at standards they don't want to invest in while customers are openly and passionately asking vendors to create more. There is nothing more at odds than the ECM space. Bex Huff being employed by Oracle at least has courage to comment while folks from EMC tend to remain more silent on the issue especially when the discussion is all about standards they need to create vs ones that they have already embraced.

  • Identity Management in a big organization
    I wonder what would happen if word got out that identity management is starting to collapse in many large enterprises, would Jeff Bohren, Mark Dixon and Nishant Kaushik comment or exercise their right to remain silent?

  • Working at a distance is hard
    Yes, the reason that all the agile methodologies recommend colocation is that it is hard but folks such as Martin Fowler believe that it is less hard than being patriotic and keeping more jobs in America.

  • Does packaged software always provide an advantage in IT?
    Why do folks think they can call up Gartner and choose products on the Magic Quadrant, practice management by magazine and so on and still think that this will result in competitive advantage?

  • Difference between knowing programming and knowing syntax
    Teaching syntax is vital to the survival of India outsourcing so stop attacking it.

  • Is crackdown on illegals working?
    Everyone has their opinion, but the fact remains that the amount of illegals is increasing.


    • Is this how the Boston RedSox won the World Series?


    # posted by James McGovern @ 8:30 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture: CMM is an Antipattern

    In order to get to high levels of CMM, an enterprise needs to focus on the creation of comprehensive documentation where at best will be read by folks in the enterprise only once and probably not at all...



    If we can acknowledge that the essence and reality of CMM are distinct, then we can also acknowledge that CMM may not be right for most enterprises. The essence of CMM is to be able to repeat your successes and to avoid repeating your failures, across the organization and down through time. This means that the guy you hire for Team A next year learns from the successes and failures of the Team B guy who died last year. This takes not just great documentation but also the merciless kind of introspection that's hard on self-esteem. Agile Methods encourage this but the process weenies destroy lightweight processes. Given the culture in most enterprises, self-reflection is unlikely.


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


    Thursday, November 01, 2007

     

    So, why aren't industry analysts providing deeper coverage of open source?

    Figured, I would provide one perspective and hope that others may chime in...



    The way the Quadrant and Wave processes works is that the analyst firms create huge spreadsheets full of evaluation criteria that they force vendors to complete, and then they do a series of interviews with the vendor and their customers, and then write up the report. The vendors normally have whole teams of people working full time on these for many weeks gathering information, answering follow-up questions, recruiting customer references, etc. It's a huge project.

    In the case of open source projects, there's often no vendor for the analysts to lean on to do all the data gathering and analysis work. If it happens to be a commercial open source offering, then there is a vendor and they may be able to do it. But if it's not a commercial open source product, the analysts have to do the work themselves, which they are often not equipped to handle and/or prefer to take the path of least resistance in which some aspects of research simply go ignored.

    Additionally, vendors pay large amounts of money to the analyst firms in the form of subscription fees, event sponsorships, consulting days, and speaking fees when they invite analysts to speak at their events. This can easily exceed $1M annually.

    Spending a lot of money with the analyst firms makes sure you are on their radar. It's not outright bribery, but there is a correlation between budget and mind share. Since open source projects never pay anything, and since commercial open source companies often have tight budgets, they don't get on the radar as forcefully as a big vendor client.

    The real question is whether industry analyst themselves feel this is a problem or simply reality. From an enterprise perspective, we would like to think that they are providing us with all the options and not just a limited set. If enterprise architects start getting smarter about this particular problem, analysts could lose an important source of revenue...


    # posted by James McGovern @ 8:15 AM links to this post
    | | View blog reactions


     

    Enterprise Architecture and Encouraging Slack...

    Slack and laziness are different. Laziness implies not doing the necessary work (or doing it badly) while slack implies doing whatever would save the most effort.



    Imagine a project where work (1x) would save work (2x) later. However, (a different) work (2x) would save work (4x) later. The lazy architect would do work (1x). The slack architect would, in order to exert minimal effort, would choose work (2x), to save twice as much energy later. Overall, a slack-principled architect is even "lazier" than a lazy architect. The difference is that the slack-principled architect is less concerned with immediate gain, and more concerned with overall gain.


    # posted by James McGovern @ 8:00 AM links to this post
    | | View blog reactions


     

    Outsourcing and Fair Trade

    Support Fair Trade...


    # posted by James McGovern @ 7:45 AM links to this post
    | | View blog reactions


     

    Links for 2007-10-01



  • How Industry Analysts weaken enterprise security
    I wonder if CIO magazine has enough courage to discuss problems with industry analyst research or is InformationWeek the only magazine with enough integrity to uncover this problem?

  • Macrovision DRM security exposure
    I am happy and amused when security oriented companies don't actually practice Secure Coding especially when their business model is all about preventing community interactions.

  • Information Cards and Security
    Jeff Bohren missed an opportunity to provide his perspective on Claims based model for AuthZ and why identity alone isn't sufficient in most B2B scenarios. Maybe he could share his personal opinion on XACML and how to get other software vendors to pay more attentin to it

  • Active Directory role in Linux Authentication
    This is a good article that should be amplified by Microsoft bloggers. What they failed to mention is that the Linux community needs to figure out how to get daemons that don't use PAM to also bind to AD. For example, when using FTP, you need to replace the daemon which one that is AD aware.

  • No Java 6 in Leopard
    When will users of Apple products realize that they are using a second-class platform.



    • # posted by James McGovern @ 7:30 AM links to this post
    | | View blog reactions


    This page is powered by Blogger. Isn't yours?