Saturday, February 14, 2009


Enterprise Architecture and Proofs of Concept

Ashraf Motiwala discusses how enterprises conduct vendor POCs yet doesn't talk about practices that vendors should be encouraging.

How many POCs are really glorified ceremonial Hello World's? Enterprises sometimes come up with use cases that are just too simple and don't provide any product differentiation. In the world of identity, taking a feed from HR and provisioning an account in Active Directory is Hello World. So, what are some quick to execute use cases that also happen to be differentiators?

I wonder if Ash believes there is merit in doing SPML interoperability testing? Of course, I would love if Mark Diodati and Gerry Gebel of Burton Group would consider for upcoming Catalyst conference, but if they don't then us clients can do it ourselves. So, can Oracle OIM invoke a SPML web service built using Project Keychain? Can Courion provision a user into a Documentum application using SPML?

I have always wondered whether security products are written securely? If I wanted to steal lots of passwords, should I attack various enterprise applications or would the reward be a lot higher if I attacked identity management platforms since many of them store usernames and passwords either in cleartext or using a reversible algorithm. Does anyone know how Sun, Oracle, Novell and other identity management platforms line up in this regard?

Wouldn't it be funny to know that it is possible to perform a cross-site scripting (XSS) attack against these products? Many of the products and their product managers aren't aware of the OWASP Top Ten and therefore will be ripe for exploitation...

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?