Thursday, July 19, 2007


Round Two on ECM and Industry Standards

Have you seen the postings by Bex Huff and Laurence Hart? If you are in the ECM domain, you should definetely add them to your blogroll...

Bex Huff made an interesting comment:

Sadly, other ECM vendors haven't yet figured out these words of wisdom and make it mandatory for you to duplicate user repository information. So, I guess one takeaway is that Oracle Fusion ECM seems to have a better architecture approach in many regards than their competitors. I will have to check with Alan Pelz-Sharpe and Nick Patience of the The 451 Group to see if they have uncovered this particular dimension in their research. This feels like something customers should be paying attention to and should be on the list of questions to ask as part of an ECM RFP.

I think I am in love. The notion of not duplicating functionality within an ECM product also makes sense. If the core operating system can provide an LDAP mechanism then why are ECM vendors continuing to duplicate OS functionality?

I am only going to partially agree with your statement. If ECM vendors simply leveraged Active Directory not solely for authentication but also as a user store and mapped to it at runtime then the need for SAML disappears within most scenarios within the enterprise. It still ignores a potential scenario where your users aren't stored in any repository that the enterprise owns.

Consider a scenario where say Pfizer wants to collaborate on development of a new drug with Novartis, Merck and Roche. It would be silly for Pfizer to create an ADAM instance of all Novartis employees and vice versa as these two things would get out of sync pretty quickly. Likewise, exposing the domain controllers so that there is a trust across forests over the Internet would weaken security beyond imagination. The best architecture answer from the security standpoint would be to support an industry standard protocol that could leverage a federated model in which SAML is one method.

Of course, one could argue that if you are truly leveraging Active Directory then you may have a preference for the better protocol which is WS-Federation as it is built into the operating system and doesn't require additional software on the part of every enterprise. Awhile back, Pat Patterson and I had a debate on whether support for SAML and WS-Federation should be a standalone product or should it be built into the operating system and I suspect that this may be evidence that others also prefer it to be in the operating system.

SXIP is a company who has taken their IP and are busy merging it with other existing specifications. OpenID holds promise but really needs to get its act together when it comes to closing security gaps. I would bet that more people would be willing to pay for an integration with CardSpace in ECM products than OpenID. Likewise, the need to manage content between users of is huge but those guys also need to start paying better attention to directly supporting industry standards as well and not require proprietary implementations nor third-party software...

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?