Monday, April 30, 2007


Links for 2007-04-30

  • The Identity Metasystem in Practice
    I always find folks from Sun intriguing as they do a great job of speaking at large conferences but don't do anything at the grassroots level like visiting all of their customers one-by-one and advocating more personal. Anyway, Robin has some great banners that are charitable...

  • What does OpenID mean to non-profits
    To date the conversation around identity has either been consumerish in nature or all about enterprises and their legacy issues. Good to see that folks are thinking about folks who also need to participate but may not have deep pockets

  • The Next Version of BizTalk
    Whenever you integrate two systems, you not only have to think about the semantics around message passing but also need to reconsile disparate security models. Good to see that folks at Microsoft are showing some leadership. I wonder if folks from ServiceMix, Sonic, Sun, MuleSource and Iona have thought about Identity Services within their ESB?

  • Perimeter Security in Historical Context
    Security folks know that the notion of a perimeter is fast disappearing. Now, this blogger shows that history also proved the same thing.

  • An Initiate of the Bayesian Conspiracy
    Reverend Bayes did more for IT architectures than folks realize

  • Spring Framework 2.1
    It would be intriguing for a developer savvy industry analyst to provide commentary on whether they believe that Struts is no longer relevant as a Java framework and that folks should migrate to Spring?

  • | | View blog reactions


    Is Bell Curve Compensation an Anti-Pattern?

    Problem: Distributing rewards fairly.

    Context: A community of developers, architects,etc meeting tight schedules in a high-payoff market.

    Forces: Managers love their employees, but some must be loved more than others. Everybody can't be excellent.

    Supposed Solution: The entire team (social unit) should be ranked for Quality, those rankings should be fitted to a bell curve, and compensation should be awarded according to percentile.

    Resulting Context: Managers who create uniformly excellent teams are punished, since some members must be rated as sub-par to maintain the bell curve. Developers seek out managers with sub-par teams, in order to ensure their place in the top percentile.

    Design Rationale: Somebody failed elementary statistics; while competence over a large corporation may indeed fit a bell curve, small sets (such as project teams) are very unlikely to do so. Indeed, in an organization that does not follow this Anti Pattern, a successful project team will tilt farther and farther toward the high end of the curve, as excellent developers are attracted by the opportunity to work with their peers. It is possible to have a uniformly excellent team; managers who build such teams should be rewarded, not punished...

    | | View blog reactions

    Sunday, April 29, 2007


    Inexperienced IT Executives cause IT Outsourcing Failure

    Lots of bloggers comment on enterprisey behavior so a body of knowledge does exist at some level as to stupid things done repeatedly. Why is this feedback process of bad management decisions not changing things?

    Of course, one needs to assume that those in enterprises understand enterprisey behavior and that such feedback exists, and works fast enough. How long does it take for such projects to fail (months? years?), and after how many such failures do upper management finally realize the problem exists and that they can't manage it because they are the problem?

    Is it really due to inexperience? Will more experienced managers understand that hiring an inexperienced team will lead to project failure instead of cost savings? Nowadays, it's rare (an impossible when you bring outsourcing into the equation) to have the luxury of an entire team with decades of experience each. And not always desirable - there's usually some work that can be better done by less experienced people. Experienced people don't like stuff that's mundane to them and you have the problem space of getting people to be experienced for future projects.

    While Outsourcing folks in India are dangerous to long-term health, inexperienced IT executives are more damaging. Acknowledge that IT executives have more authority than any outsourcing firm could ever hope for. Usually there is one IT executive for a given outsourcing relationship, while you will have a team of multiple developers in outsourcing and can only get an inexperienced team if every developer in the team is inexperienced (Of course there is a high probability of this occuring, but that is the subject of another blog entry).

    One can ask themselves how failure in outsourcing could actually be good for an enterprise. I have concluded that good decisions come from experience. Experience comes from making bad decisions. As long as folks make sure the 'bad decisions' are small ones - non fatal; work at managing smaller, lower pressure projects then regardless of whether outsourcing is successful or a big fat failure, the enterprise benefits...

    | | View blog reactions


    Links for 2007-04-29

  • Backsourcing: Why, When and How to Do It
    Backsourcing is the process of an enterprise retaking responsibility for previously outsourced IT functions, and bringing these functions back inhouse. Enterprise Architects should always plan for outsourcing failure.

  • Term Sheets
    If you have ever noodled starting your own software company and desire VC funding then start here

  • Cardspace Limitations
    I wonder if Kim Cameron and others have thoughts

  • The Rise of Alfresco: ECM that people will really use
    May I add that I believe folks will not only use it, but it will also in the near future align with IT security standards

  • Survey on Enterprise Development and Outsourcing
    I suspect folks like Akash Bhatia, Anita Ballaney or Mohan Babu K. will exercise their right to remain silent on this one as they are only capable to attack but not thoughtful analysis

  • A sustainable EA direction
    A thoughtful analysis of why government enterprise architecture is a big fat joke

  • The Making of an Enterprise Architect
    Folks always seem to forget the characteristic of strong technical leadership and being Keeper of the Flame

  • | | View blog reactions


    Heat Pumps and Energy Conservation

    I am one of a 100 customers of the local electrical utility taking part in a pilot of heat pumps. On Friday, I got a $10K heat pump installed absolutely free which is supposed to reduce energy usage by 40% or greater. Heat pumps unlike central air conditioning can be used for both heating and cooling.

    If the pilot is successful and our energy usage drops more than other participants, I will then be selected to participate in upcoming advertising campaigns. Imagine turning on the TV on Sunday morning and seeing James McGovern in living color...

    | | View blog reactions


    India Outsourcing and why Inexperienced Teams are Rampant

    Perhaps it would be useful to talk about what is meant by inexperience...

    People who are inexperienced in general have always been with us, in every field, and there is usually some kind of apprenticeship period (possibly academic) during which their skills are honed. I think the difference now is in how rapidly the entire software development landscape changes.

    There are four main classes of project in my experience:

  • those outsourcing firms that engage outside help from the start. This requires outsourcing firms to acknowledge their own limitations and declare that they aren't an expert at everything to their client.

  • those projects that are considered successful or low risk enough not to require outside help such as mundane tasks like Y2K

  • those projects that are in trouble and managers have the security, wisdom, humility, guts and budget to admit that they need help and bring in one or more outsiders whom may even be from the client themselves

  • those that are in trouble, often deep trouble, but one or more of the five necessary ingredients in previous bullet are missing.

  • It may be a hangover from the eighties, but corporations are very quick to expel perceived dissent and therefore if inexperience is discussed, it is usually quickly buried. Outsourcing firms have not only managed to shutdown perceived dissent but have matured this as a practice.

    One of the types of experience is working together. Seven new and four experienced developers plus a manager or two working on a project have just met each other on the first day of the project. The initial assignments will be wrong and given to the wrong people. The wrong people will be given the job of design, and so the design will not be good. Take those same dozen people a year or two later and put them on another project together. The initial, crucial decisions will be much better. The improvement will be much larger than the simple one or two years of experience would seem to indicate. The estimates will be more accurate. All this is very hard for corporations to do. People get promoted, quit and have babies. Teams with good self-knowledge can put the weaker members on jobs they can do usefully.

    | | View blog reactions

    Saturday, April 28, 2007


    Links for 2007-04-28

  • Speaking the Language of Business with SOA
    I suspect that most folks don't understand the fact that business folks don't really want to understand SOA. They do expect IT folks to understand the best way to build software

  • The Future is in Concurrency
    How come industry analysts aren't noodling the disconnect between hardware folks pumping out multi-core processors and software developers who don't understand either multithreading and/or concurrency?

  • Taking AIIM on Security
    Folks in the ECM world need to read multiple times the words of wisdom from John Newton

  • Claims, Assertions and Roles
    An incredibly thoughtful posting by Gunnar Peterson on User Centric Identity, CardSpace, OpenID and Enterprise Security

  • Senior Architect Job Opening
    Want to work in Hong Kong?

  • 10 Enterprise Software Companies to Watch
    Glad to see Alfresco in the Number One spot

  • Enterprise Architecture Tools
    Should Microsoft, IBM, HP, CA, Sun produce tools in this space? I believe not!

  • The Future of Active Directory
    Out of the Fortune 500, I suspect only Sun doesn't have a production instance so they can ignore. The rest of the world should read

  • Redmonk Unconference: Scripting Languages on the JVM
    I wonder if the topic of why enterprises prefer compiled languages over scripting languages will come up? More importantly, can folks conclude something more logical than we are simply enterprisey?

  • | | View blog reactions


    Secure Coding Standards

    If you are the CTO of an ECM, BPM, ESB, CRM, ERP or ABC software vendor, then please check out CERT Secure Coding Standards web site. You may notice industry analysts asking lots of questions in upcoming briefings in this regard and if you have the wrong answer, you may no longer appear in the Gartner leaders quadrant and/or the Forrester wave...

    | | View blog reactions

    Friday, April 27, 2007


    Why Linux is better than Solaris...

    Ever been to Linux ISO? Notice how you can download both CD and DVD versions? Notice how you don't have to register in advance nor login? With Solaris you do...

    | | View blog reactions


    Yet another outsourcing failure...

    Infosys has a blogging site where only carefully picked employees can provide commentary to the outside world. I wonder what it would take for outsourcing firms to create a platform similar to Sun?

    Vinne Michandani appropriately commented on TCS, the largest Indian vendor who plans on hiring 30,000 associates a year and refers to this as the Day Care Model that everyone should consider.

    Likewise, many India based bloggers have been notoriously silent on the notion of backsourcing which is when IT functions are brought back in-house after they have been outsourced. Many folks should consider the fact that the best time to backsource an IT function is before you outsource it. Are there any folks in India that would be willing to blog their thoughts on best practices or will they simply resort to keeping their head in the sand and not acknowledge any form of failure rate?

    I know they will attack my thought process without actually answering the question. I am willing to contribute $500 to a mutually agreeable charity if any Infosys blogger posts metrics on as to how they practice diversity using EEOC definitions...

    | | View blog reactions


    Links for 2007-04-27

  • It's Never About the Process
    While Process is important, many process weenies IT Executives sometimes forget its all about the people...

  • People Still Don't Get It
    Agilists aren't trying to change folks minds but are trying to get folks to think about what they are doing and not just blindly accept what the latest consultant or industry analyst is saying

  • Life's Little Hurdles
    One person still attempting to understand enterprise architecture. Tell's me that us authors are failing

  • Snake Oil Sales and Agile Methods
    Are there lots of folks in the blogosphere attempting to sell methodologies without knowing what they are talking about?

  • ECM Product Evaluation
    On one hand this individual talks about risks but somehow AIIM doesn't think that security or lack of within ECM products is one of them

  • Google Adds Security to Hosted Applications
    Folks should be fearful of adding in security after the fact. I wonder if folks understand that security features may not be security

  • Doing Business in India: 20 Cultural Norms You Need to Know
    Great guidance that folks should read. Of course they left off the abuse of words such as diversity which doesn't align to EEOC

  • Enterprise Architecture Trends 2007
    Freely available report by several industry thought leaders

  • What is the Role of ECM in Enterprise 2.0
    Folks refuse to ask the hard questions

  • How to Mediate Semantics in an EDA
    I bet the vast majority of enterprise architects have no notion of canonical form in their thinking

  • | | View blog reactions

    Thursday, April 26, 2007


    Enterprise Architecture and the legalization of Marijuana

    Many folks are advocates of the legalization of marijuana for medicinal purposes. I wonder what the conversation would sound like in the workplace if folks started smoking...

    It would be interesting to understand HR policies around firing someone for doing something that became legal and otherwise is deemed an medical event. While safety is always a consideration, especially in manufacturing, it probably matters much less since much of this doesn't occur within the United States anymore.

    I bet lots of folks would argue about decreased productivity without figuring out whether it may actually increase productivity. Imagine all the time savings that enterprise folks spend in useless meetings getting on the same page where they are asked to keep their presentations at a high-level and instead could share deeper details on IT solutions and it would be better received.

    The one question I have always asked myself is who are the buyers of drugs? Economics would indicate that it isn't folks who work at McDonalds flipping burgers. I suspect there is a lot more drug usage in large enterprises (off premises) than folks would want to talk about publicly. Maybe legalization will be a form of emanicipation?

    | | View blog reactions


    Links for 2007-04-26

  • Wake up IT Managers, you're mediocre
    Good to see that Gartner is calling out the current state of IT leadership and how we should all avoid stepping in it

  • New and Old Players target AP opportunity
    Good to see analyst firms pursuing the Asian market. I suspect that they will make more money servicing China than India as once outsourcing finally fails, India's economic model is less sustainable

  • Two Views of Agile Enterprise Architecture
    Glad to see others acknowledging how folks in enterprise spend way too much time on current state analysis

  • Securing Site Access with CardSpace and OpenSSO
    I wonder when Industry Analysts such as Gartner will not only start talking about CardSpace within their research but more importantly compare/contrast OpenSSO to offerings from Oracle, IBM and CA

  • Identity and Authority
    Good to see others talk about the greater Internet Fuckwad Theory

  • | | View blog reactions

    Wednesday, April 25, 2007


    CardSpace and Enablement of an existing Site

    I have been busy coming up to speed on CardSpace and Enablement of an existing site and have ran into the following issues:

    1. As I understand, it is up to the relying party to determine which claims they require from a card and will use this to match an internal user store. If the card contained an email address, one could write code to match as follows:
    This code tells me that you first have to trust that Cardspace software from MS or Java equivalents such as WSO2 have first validated the token's signature and validated it from a cryptographic perspective. What I don't understand is how many fields one should match on as a practical consideration?

    2. It seems as if CardSpace can support claims-based security checks which is a little different than role-based security checks. Are there thoughts from the security community such as Gunnar Peterson on this?

    3. Should Cardspace support roaming scenarios? For example I may want to take my card and use it at an upcoming conference in a one-time usage scenario at the conference provided computers.

    4. Should Cardspace 2.0 somehow support the notion of a Turing test to prove that a user is a human? Was thinking about Dick Hardt example of going to a bar and knowing whether the person on the other end is really a person?

    5. I would like to request Multivalued Attributes from my site as a claim where I specify specific values in terms of a list but can't figure out how to do this.

    | | View blog reactions

    Tuesday, April 24, 2007


    Industry Analysts and Storage Area Networks

    How come industry analysts aren't asking storage area network (SAN) vendors why they aren't building compression functionality into their products?

    Yes, I understand it is not in the best interest for storage area network vendors to help enterprises efficiently utilize their technology and that by building in support for compression, it may result in either cutting potential sales by half or even may cause enterprises to buy even more storage since they can use it even more inefficiently.

    I also understand that there are third party products such as StoreWiz that will do this independent of the SAN vendor but that doesn't change the fact that it really should be built in and not a separate product.

    I understand that many vendors have done file-level deduplication but in all reality, we need more capability than simply calculating a hash to determine duplicates. What would it take to deduplicate within a file or across files. For example, if you consider the average utility who stores statements they send to their customers using various ECM products where much of the information contained on the statement is unique to all folks who receive them feels like a big opportunity to add value.

    Maybe I got it twisted and industry analysts don't believe that storage vendors should play a part here and this particular example is more of a thing that should be solved by ECM vendors. It would be interesting to hear the perspective of both parties.

    I know folks from Sun may have even different perspectives as Solaris supports compression at the file system level. Actually Windows NTFS does the same thing. Does anyone know which is more efficient in terms of compression?

    | | View blog reactions


    Voluntary Human Extinction Movement

    Have you heard of the Voluntary Human Extinction Movement? They are seeking volunteers from the following demographics:
  • Enterprise Architects who are afraid to champion open source

  • Those who program in Smalltalk and other second-class languages

  • CTO's of BPM, ECM, ERP, CRM and ESB vendors who haven't yet stepped up to incorporating SAML and XACML support in their product

  • Six Sigma folks who believe that process is a substitute for competence

  • Enterprises who allow non-technical IT folks to become CIOs

  • Those who practice management by magazine but are afraid to admit it

  • Those who supported Kathy Sierra but didn't call her out on the fact that convicting folks in the court of public opinion is wrong

  • Those who can't understand the difference between management and leadership

  • Folks who think agile is a word they should use to describe their otherwise monolithic architectures

  • Industry analysts who won't put open source projects in the same research reports as commercial closed source offerings

  • Those who think that innovation is happening within their shop when status quo is pervasive

  • Folks who voted for George Bush

  • | | View blog reactions

    Monday, April 23, 2007


    Outsourcing and the Emancipation of the Enterprise Architect

    I have surveyed six different enterprise architects in my local area and even one I met while on vacation at the Culinary Institute on the topic of outsourcing and they all had a lot to say...

    I asked each of these individuals whether their employer was currently outsourcing work to India. I then asked them do they believe that outsourcing will fail in their enterprise within the next three to five years with the response being varied from an emphatic yes to a more tempered response indicating failure but otherwise putting a spin on it in terms of achieving mediocrity.

    My last question to these individuals was once outsourcing to India fails, would you within your own mind, smile? I suspect that the masses already know the answer to this question which is intriguing at some level. This is the first time in history where folks genuinely desire an initiative that their employer is undertaking to either fail or at least be marginal. I wonder if the masses within large enterprises want an initiative to fail, will it happen no matter how diligent folks in India are or will it fail simply because of junior skillsets that India currently has so much of?

    The interesting thing is that wise enterprises such as Google have already figured out that outsourcing in terms of cost savings and rate arbitrage is doomed to mediocrity and have established a model that CIOs should stand up and pay attention to. If you aren't familiar with Google's Summer of Code, they offered $4500 to folks worldwide. The key thing to pay attention to is that there wasn't a different rate for folks in the United States vs Brazil vs India as the focus moved away from rate arbitrage towards something more important which is the relentless pursuit of top talent no matter where they may reside.

    If employers in the United States where to borrow this same concept from the Google playbook, would they be more successful? I believe so and here are the reasons why! Much of the rants regarding outsourcing in the blogosphere are all about folks who have lost their jobs to junior folks in India but these rants disappear over time when they find that they were able to not only get a better job but one that pays much more than they were making. I have two theories on why outsourcing fails which isn't really talked about.

    My first theory is that outsourcing will always fail even in situations where no one loses their job. American's, at least those who were born here tend to be very patriotic and outsourcing doesn't really address this deeper emotion. It is human nature to care more for your neighbor than someone down the street and even more for the person down the street than someone in another country. Getting the masses to ignore engrained feelings is difficult at best.

    Of course, part of the strategy is to leverage folks who may be American in terms of citizenship but otherwise don't have a single iota of patriotism in their bodies to rollout outsourcing initiatives. This will bring failure to the level of mediocrity. The second theory I have is that outsourcing fails because folks really have no interest in working with junior folks. Let's pretend that Martin Fowler, Kent Beck, Brenda Michelson, Grady Booch, Joel Spolsky, James Robertson, James Tarbell, Robert McIlree and other top talent in the blogosphere were all offshore working in Bangladesh. I believe folks would not only be more participatory in terms of making outsourcing a success, they would actually volunteer to make it happen so as to work with these individuals. If there is a way to eliminate all the lower-talent folks in India (approx 97.4% of the IT population) then outsourcing would not only have a better chance of success but enterprise architects would be emancipated...

    | | View blog reactions

    Sunday, April 22, 2007


    Enterprise Portal Smackdown

    If you haven't already heard the news, The annual AIIM Expo held an Enterprise Portal Smackdown where BEA, IBM and Liferay all competed toe-to-toe. Liferay Enterprise Portal which is 100% unrestricted open source won hands down over its commercial competition...

    | | View blog reactions


    Lies told by BPM Vendors

    Enterprises embarking on the path of BPM need to figure out what BPM vendors aren't telling you...

    There are a variety of bloggers discussing how their products are standards compliant with BPMN, BPEL and BPEL4People where others are discussing Do BPM before BAM yet there is not a single conversation around the need to think about security upfront.

    Wouldn't it be intriguing if your BPM vendor told you how their product could participate in single signon (SSO) via industry standards such as SAML and/or WS-Federation? Wouldn't it be equally interesting to hear from your vendor regarding support for identity standards such as OpenID and/or CardSpace? I bet if you asked your favorite BPM vendor about adding in support for XACML they will avoid the question as the architecture of many of these BPM products would require rewriting from scratch, the ability to externalize entitlements.

    I wonder if Ishmael Ghalimi, Phil Gilbert, Bruce Silver and others in this space would entertain a public conversation on the notion of the weaknesses of BPMN. For example, it is intriguing that we can have a decision shape that looks pretty on the diagram but no one ever really talks about the behavior of a decision and how each and every single product implements it differently. I bet a deeper look into this space would uncover that 95% of all the work in BPMN is not portable between one vendor and another.

    I can take a J2EE application originally targeted to run on JBoss and easily move it to BEA Weblogic but I can't take an application written for Intalio and move it easily to Lombardi. Do BPM vendors care about this type of portability to the level where they will take actions to actually have conversations across companies?

    | | View blog reactions


    eDiscovery, Industry Analysts and IT Security Professionals

    Industry analysts and IT security professionals have been notoriously silent on the latest changes to the Federal Rules of Civil Procedure (FRCP) that deman an exhaustive search of all electronically stored information including email, voice and video content for disclosure within 99 days. Most enterprises will struggle to make this happen...

    This would be an interesting space for James Governor and Michael Cote of Redmonk to cover as this pretty much demands a different architecture than what enterprises have been doing for the last 30 or so years.

    Minimally, I see the need for Enterprise Architects who understand that IT alignment with the business is important that they have an equal fidicuary need to serve their invisible customer known as lawyers who want to rape your enterprise when it comes to data leakage and other IT-oriented threats that the business doesn't yet understand. Some of the components that enterprise architects will need to ponder include:
  • Convergence of Voice/Video with traditional IT technologies

  • Pattern Matching of Data within IT data stores

  • Search technologies so that you can find it all

  • Terabyte scalability

  • Automated compliance to retention policies

  • Meta-Data: An abused but otherwise important concept

  • Language Independence: Doesn't matter if your architecture is based on Java or a second-class language such as SmallTalk

  • The funny thing is that I suspect those industries who have been affected by Eliot Spitzer, NY Attorney General and now Governor have the hindsight to have retrofitted many of their IT systems to make them more subpeona-oriented. Generally speaking though, the learning of folks in NY especially the ones on Wall Street haven't yet been codified into something consumable by other industry verticals...

    | | View blog reactions


    Take AIIM on Security

    Out of all the ECM vendors in existence, Alfresco seems to not only have the most integrity but are most tuned into the needs of their customers...

    John Newton appropriately noted that the folks at AIIM are negligent in that they haven't figured out how enterprise security concerns should converge with ECM standards. He also noted that ECM vendors consider security as a second-class consideration. Hopefully, over time when industry analysts such as Alan Pelz-Sharpe of CMSWatch, Barry Murphy of Forrester, Nick Patience of the 451 Group and Karen Shegda of Gartner start covering security standards that are applicable to the ECM space within upcoming research reports.

    Anyway, I figured I would comment on some wonderful things said by John:

    Interoperability is key which includes thinking about security considerations. ECM is no longer a standalone play and is starting to become integrated into enterprise applications. I suspect that will deeply integrate ECM into CRM such that the user believes they are working with one tool and not two.

    In terms of politics, I would love to understand whether this can be solved by having more enterprises participate in standards creation? Is it that the agenda is too driven by software vendors who have their own insular issues to deal with? Maybe instead of complaining, I should actively participate? John, could you put me in contact with the speaker coordinator for this event so I can personally address this issue?

    In terms of whether it should be ACL, role-based or policy-based, I have the following thoughts. First, I believe that customers should think of which model best suites them by having the ability to configure which model works best. Second, I would also say that the better model supports an open SDK where customers if they aren't happy, can write their own.

    It seems as if many vendors in this space can leverage external authentication services but yet require their own identity services which is interesting at some level and flawed at another. Whether you choose OpenID because you want a vendor-neutral way of identifying users or something more proprietary such as CardSpace doesn't really matter much to me as long as you choose one and solve for this problem-space quickly. In terms of difficulty in implementation, it isn't that much code to actually support both at the same time.

    If the industry embraces XACML, the enforcement could occur based on inspecting meta-data which does require enterprises to pay attention to controls on the content. I suspect that you are fearful in proposing this since many customers don't really have a sound, thoughtful metadata strategy and therefore it may fail for other reasons.

    May I say that pass-through authentication approaches are also inadequate in that it sometimes becomes important to understand the credentials especially once we move away from username/password like constructs?

    Should search leverage the same entitlements model? If search engines also supported XACML then having a layer that externalizes so as to make consistent would be a good thing.

    John, I can tell you that enterprises such as AIG, Home Depot, Merck, J&J, Boeing, Washington Mutual, Bank of America, GE, Schwab and Merrill Lynch have all started to have this conversation in a public way and have started to engage the discussion at many industry analyst driven conferences as a first step. I can also say that if vendors would like for me to share additional insights, all they have to do is ask...

    | | View blog reactions


    Links for 2007-04-22

    No love from the A-List bloggers...

  • What are disadvantages/challenges in web services
    I would argue that if you have a web service management platform that transaction support is a bigger challenge than security as many of these vendors in their next release will support SAML and XACML

  • Identity Predictions for 2007
    I wonder if this author is brilliant or got it twisted?

  • WSO2 Commons Admin UI Framework
    User Interfaces for administration of applications isn't talked about much.

  • DirectBuy
    If you heard about DirectBuy on TV or Radio advertising, please check out this site first

  • The MIT License
    Thoughtful analysis by Raven Zachary

  • Paradigm Shift: Busyness to Burstyness
    Former RedNun Anne 2.0 describes how I feel on a daily basis

  • Hackers invited to crack Internet voting
    I wonder if this should be the norm for all voting machine software? Maybe folks from Diebold could comment?

  • Identity Zeitgeist
    How do you know when you have been in the Identity community too long?

  • An architects natural mode of thinking is lateral
    A good architect will engage in a thinking process that generates creative synergies, brilliant shortcuts and identifies the serious issues well ahead of time.

  • Take AIIM on Security
    Will AIIM start paying attention to security or simply bury the issue?

  • | | View blog reactions

    Saturday, April 21, 2007


    Achieving Dominance in the Blogosphere...

    I have taken the best practices of enterprise architecture as practiced in non-agile organizations, combined with modern process-orientation and spiced it up with pinch of buzzwords to create the ultimate strategy to be the number one blogger in the blogosphere...

    I will first synergize my blog reader's core competencies through reimplementing and repurposing mission-critical proactive benchmarks for improved TCO combined with our best-in-class knowledge base of best practices that aligns outside the box empowered win-win scenarios that touch based while providing increased optimization.

    To operationalize this strategy, I will need for you to:

    | | View blog reactions

    Friday, April 20, 2007


    Identity Predictions for 2007

    The notion of identity as the next killer application has some merit and is worthy of exploration. The problem is that folks within enterprises have very different perspectives than those in the software vendor and venture capital community...

    Here are my ten predictions for the remainder of 2007:

    1. The ability to externalize identity away from enterprise applications in the BPM, ESB, CRM, ERP, ECM and SOA space will start to take hold. Vendors such as Alfresco, Intalio, ServiceMix, PingIdentity, SXIP and Microsoft will start having more open conversations about its merits and additional standards will emerge.

    2. Venture capital will continue to fund federated identity players while funding will slow for more traditional identity management vendors. Venture capitalists likewise will encourage their software vendors to create opportunities by unifiying those within high-profile industry verticals and not simply sitting on the sidelines waiting for it to happen.

    3. URL-based identity will move past consumerish web sites and in the Q4 timeframe start to show up in production on investment-oriented sites and even several B2B-oriented sites as well.

    4. Either EMC, Sun or Oracle will make attempts to acquire PingIdentity because of the unique value proposition they provide.

    5. The enterprise will begin exploring how to use CardSpace in enterprise deployments.

    6. Kim Cameron will realize that CardSpace is not only bigger than Microsoft and applications written using Microsoft languages and will step up and help other software vendors who don't write in Microsoft to Cardspace enable their applications.

    7. Pat Patterson will lead an internal charge to Cardspace enable J2EE PetStore.

    8. Liberty Alliance will become relevant again by focusing on the need to move past discussions on basic identity and start a conversation regarding the need to also talk about authorization.

    9. Web Access Management vendors will provide support for both OpenID and Cardspace as a free Service Pack to their offerings before year end.

    10. The vast majority of enterprises will remain confused about user-centric approaches to identity and will stick to what they know best, building site-centric identity providers. This trend will occur for at least another five years...

    | | View blog reactions


    Open Source Needs Lobbyists

    Another example of how folks in the media refuse to step up...

    Dana Blankenhorn talks about how Open Source Needs Lobbyists yet doesn't acknowledge how he is part of the problem. If he works for a publication such as Ziff-Davis yet doesn't ask himself why they can't simply provide more coverage, then his comments aren't sincere. Maybe what he is asking for is to get some other body to spend lots of advertising dollars while not acknowledging that open source doesn't really need traditional media to be successful.

    Throughout his column he always talks about open source but never seems to segment thoughts on commercial open source such as Alfresco, Intalio, MySQL, etc from non-commercial open source such as Apache. Why not ask the question of media and its ability to simply be charitable in terms of advertising space?

    He is also overly cordial to industry analysts in this space who have an equal fidicuary duty to provide unbiased coverage to the clients who pay for their services (end-customers not software vendors) yet he refuses to acknowledge this aspect as a problem that also needs to be worked. I am one who puts my money where my mouth is and would donate sums to a worthy charity if anyone from Ziff Davis has the courage to dedicate an entire issue to non-commercial open source. The ball is in Dana's court to make it happen...

    | | View blog reactions

    Thursday, April 19, 2007


    PingIdentity, OpenID, Cardspace and Usability

    I smiled when I saw a comment in my blog from Ashish Jain acknowledging that CardSpace is not only more secure but also does better in terms of usability when compared to OpenID. Hopefully other bloggers will start making similar comments...

    Don't get it twisted as I am not attacking OpenID. On the contrary, I would love to see OpenID become wildly successful. The issue at hand is that Kim Cameron has set a pretty high bar and the only way OpenID could take the lead is if they incorporate the notion of relationship, attestation and authorization into the protocol before the next release.

    One of the things that I am struggling with in this space is the lack of industry analyst coverage. I would have expected folks such as Michael Cote, James Governor, Gerry Gebel and others to have asked the question regarding how current web access management products such as Netegrity Siteminder, Oblix CoreID, Tivoli Access Manager , Yale CAS and others will support (or not) both Cardspace and OpenID. Hopefully they are aware that not all folks develop web sites where authentication is built into the application like all those web 2.0 Ruby on Rails sites.

    I have noticed that PingIdentity has managed to bridge all of these protocols via their solutions but the usability question still remains. If I currently have a web access managment product, for example Siteminder and I have a current login page (fcc) how do I put a standard login, a Cardspace login as well as an OpenID login all on the same page? Surely, it would result in less usability if folks had to chase down where to login...

    | | View blog reactions

    Wednesday, April 18, 2007


    Management Should Push Folks Until They Push Back

    Pushing folks until they push back is a technique used by managers in an attempt to maximize the productivity of their subordinates. A manager intentionally assigns too much work or moves up deadlines until a subordinate either (a) refuses to accept the assignment, or (b) fails to complete the assignment on time...

    Using this technique, a manager hopes to discover the following:

    Subordinates generally don't like this technique, especially when they learn that it is a technique. Many people, especially inexperienced people, feel a duty to accept whatever a manager dishes out. But managers respect those who know their limits and are willing to admit them.

    As a subordinate, the best way to deal with a manager who uses this technique is to keep careful track of all the commitments being made, and when they approach the "undoability" level, talk about them with the manager. Don't get upset, don't try to do everything being asked, and don't quit without first trying to negotiate a reasonable amount of work.

    Whether this technique is a good one is debatable. It is tough on subordinates who don't know how to deal with it. It is manipulative. But it can help managers determine what their subordinates are capable of, and to what extent they can manage themselves.

    | | View blog reactions

    Tuesday, April 17, 2007


    Open Letter to A-List Bloggers

    Dear A-List Bloggers (including, but not limited to, Atrios, Joshua Micah Marshall, Jane Hamsher, Arianna Huffington, John Amato, Glenn Greenwald and John Aravosis please let me know why you will feel sympathy for Kathy Sierra but yet won't talk publicly about the need for charity to prevent abuse of women within your blogs?

    The A-List bloggers also didn't have enough courage to talk about how wrong it is to convict folks in the court of public opinion. Maybe I could get you to dedicate just one day to talk about philanthopy instead mindless idiots such as Paris Hilton, Anna Nichole Smith or Don Imus.

    Maybe you could consider amplifying an interesting article that appeared in the Wall Street Journal entitled: The Charity Gap (April 4th, 2007) where Sheryl Sandberg findings stood over against what most of us believe about American charitable commitments and concerns. Sandberg's report cites a study underwritten by that reveals less than one-third of the money individuals gave to nonprofits in 2005 went to help the economically disadvantaged.

    The analysis, carried out by the Center on Philanthropy at Indiana University, concluded that only 8% of donations provide food, shelter or other basic necessities. At most, an additional 23% is directed to the poor -- either providing other direct benefits (such as medical treatment and scholarships) or through initiatives creating opportunity and empowerment (such as literacy and job training programs).

    When folks drop big checks into the offering plate on Sunday morning, I bet they have in mind my congregation's outreach to the homeless, but the fact is less than 20% (in most churches far less) of every dollar given in church benefits the poor in the United States or anywhere in the world. For individuals and families earning below $100,000, church giving accounts for the majority of gifts offered up.

    Really wealthy donors target education and health care in their giving. Sadly, less than 9% of these dollars go for scholarships to low-income students and only about 10% supports health care initiatives for the poor. If you truly care about not only Kathy Sierra but those unknown abused women who will never have a platform where their pain and sorrows will be heard, you will make a honest, swift, deliberate effort to get others to talk about charity. Maybe you may even consider making a small donation to Rainn which is a charity that aligns nicely with fighting abuse. I am sure that the first contributors will be folks such as James Robertson and Tim O'Reilly...

    | | View blog reactions

    This page is powered by Blogger. Isn't yours?