Monday, December 31, 2007


Thoughts on News Years Eve...

| | View blog reactions


Is Hostility a sign of being incompetent?

Have you ever noticed whenever coworkers become aggressive, defensive or generally an impediment that this may be a sign of being incompetent? Many folks use hostility to cover up a lack of subject matter expertise. Being hostile has an effect of limiting communication which reduces the possibility of discovering the real issue...

| | View blog reactions


Software Vendors and Conference Sponsorship

I find it intriguing that many software vendors spend $10K or even more to have a booth at an industry analyst conference or for other events when there are ways to attract influencers for a lot cheaper...

Many folks will spend 15K or more to get an audience with leading CISOs, CTOs and Enterprise Architects in order to pitch their value proposition. The funny thing is that as an enterprise architect who knows hundreds of others, this feels wasteful at many levels.

I wonder why more vendors haven't already approached me sponsoring the local Hartford Chapter of OWASP who will have planned for the first meeting over 200 attendees.

In looking at the various promotional items, I realized that a budget of $500 can go pretty far. It can purchase 200 Cinnamon Mint Tins, 80 Multi-tools, 100 Coffee Mugs or even 80 Aromatherapy Candles in a mug.

Sponsoring local user groups feels like a better value proposition. What am I missing?

| | View blog reactions

Sunday, December 30, 2007


The 2008 Hartford BarCamp

Many folks know that I am organizing several OWASP meetings, but I decided that in 2008, the Northeast really needs a kick ass Barcamp...

If you aren't familar with a BarCamp, it is an unconference; it's open and free; it's organized bottoms-up instead of top-down; anybody can organize it and anybody can attend it. Folks on my side of town are so enterprisey where we to busy worrying about perception management that we don't actually talk to each other. I figured that it is long overdue for my industry peers to remove that stick shoved up their butt and learn what it feels like to have an honest conversation.

Unlike most unconferences though, we will not exclusively have newbie speakers and have lined up some pretty cool folks to speak on topics such as Smalltalk, Software Security, Web 2.0, Agile Software Development, SOA, and open source. You will recognize the names of many of the planned speakers. Of course, if you have a topic in which you would like to present, please don't hesitate to drop a suggestion.

Anyway, there are two things that still remain. I have many minor sponsors lined up and need one large software vendor to be the premier sponsor. I will also be pinging the folks at Rensselaer to see if they are willing to donate their facilities.

I am not sure if I am violating some unstated protocol, but I do plan on doing a mashup between the BarCamp, OWASP, COOUG, QAAC and whatever else happens to come to mind.

If you like this idea, please show your support by amplifying this blog entry. In the meantime, I need to get back to OWASP matters. Did I mention that the next OWASP meeting will have Gary McGraw of Cigital along with Chenxi Wang of Forrester? This event will be hot...

| | View blog reactions

Saturday, December 29, 2007


Enterprise Architecture and Jargon Proliferation

The often uncontrollable urge to coin a term (aka I think I am the first one to call it this) for a concept that doesn't need a new term to describe it...

One of the most painful things I struggle with in being an Enterprise Architect is in getting folks on the same page and the problem usually is when folks have abused a word and added their own meaning to an otherwise common term. Jargon proliferation will take place when others feel the uncontrollable urge to use the unneeded term for reasons which are not to clear. If enough acceptance and use accrues, the jargon may indeed become needed and perhaps preferred over the old term used to describe the concept. Use does seem to make the transition possible regardless of what some may feel or think about it.

The long term affect of folks within large enterprises allowing this behavior is that it confuses the living crap out of outsiders. Have you ever wondered why it takes so long for Indian outsourcing folks to understand your business? Get a clue and put an end to this insanity...

| | View blog reactions

Friday, December 28, 2007


Legitimate reasons to slack off...

| | View blog reactions

Thursday, December 27, 2007


Links for 2007-12-27

  • Gartner: Smell the Bacon
    Gartner discusses Impediments and Drivers of Application Security without realizing that the solution may be to get other Gartner analysts such as Nick to cover security aspects along with their specialization.

  • Full disclosure is dead
    Many software vendors will try to capitalize on the fact that less vulnerabilities will get reported and say it's result of "more secure software"

  • How to break through Checkpoint firewalls
    Interesting read.

  • Viruses for the Mac
    I really hate when Gunnar Peterson and other uber-smart security professionals show up with their fancy Apple laptops when I have to deal with the corporate issued locked-down Windows one. I see an opportunity for revenge.

  • Auditing open source software
    A model for finding vulnerabilities by google.

  • | | View blog reactions

    Wednesday, December 26, 2007


    Links for 2007-12-26

  • The Hartford CT Chapter of OWASP
    If you reside in the CT/MA/NY area and read this blog, you need to get your butt to this event.

  • 101 Things to Know about Single Signon
    Pretty decent list. Check it out...

  • IT Obsolescence Criteria
    Only if Enterprise Architects were as good retiring applications as they are in procuring new ones. No wonder business folks don't understand our value proposition.

  • The risks of open source focus
    Intriguing post by Alex Fletcher that others should think deeply about.

  • Are you experienced?
    Experienced people are not afraid to be wrong and are not easily flustered.

  • Size is the enemy
    We need to figure out how to write less code. More importantly, we need to figure out how to get commercial software vendors to write less code.

  • | | View blog reactions

    Tuesday, December 25, 2007


    The Gifts I didn't receive...

    This is the season to be giving...

    Listed below are the five gifts that I wanted but didn't receive...

    | | View blog reactions

    Monday, December 24, 2007


    Ways to fail at outsourcing...

    I suspect that most enterprise architects aren't savvy enough to lobby for the right clauses in outsourcing contracts...

    I am always amazed at how many folks complain about the low quality of code produced in India yet haven't done their part by specifying how to measure quality in terms of a deliverable. Likewise, many enterprises are paying for insecure software and aren't bright enough to ensure that their web applications are at least compliant to the OWASP top ten.

    One of the things that allows an enterprise to sustain competitive advantage is the savage protection of intellectual property. Did you know that IP rights enforcement is, for example, weak in China and Russia but strong in Ireland? Why do you find out what IP rights enforcement is like in the provider's country. Do you know what it is in India?

    | | View blog reactions


    Why do projects fail in large enterprises?

    I was thinking about a posting from Mike Kavis who talked about how communication is at the heart of failure of many projects. Nothing could be further from the truth...

    Have you heard of an operating system named Linux? Did you ever hear of the thousands of contributors piling into a large meeting room to hear the sage wisdom of a project manager? Is the grand Linux comprehensive documentation stored on a sharepoint? I bet if you ask yourself how come open source projects can deliver high quality on time when folks don't even talk to each other, then the problem may not be communication after all...

    The model used by Indian outsourcing firms is all about taking otherwise junior IT folks and making them usable regardless of their actual individual competencies. Outsourcing works because they have convinced others that process can become a substitute for competence while open source communities tend to prefer competence over process and hence can develop higher quality software.

    Maybe enterprises should stop thinking about open source as a way to acquire products cheaply and instead think of open source as a methodology for software development. If you look at approaches such as Extreme Programming, you may come to realize that notions such as pair programming were created to fix fundamental deficiences in enterprise behavior by encouraging at least one other person to look at code before moving into production. Reality says that more than one person needs to review code in order for it to be of high quality and if only one does, it is more ceremonial than not.

    Likewise, in an open source project, the architect is king and folks follow him not because of abstract authority but because of real leadership while enterprises tend to make project managers king whom manage but cannot lead. Architects via stewardship can ensure conceptual integrity while project managers with budgets and deadlines are handcuffed to delivery of perception management at the expense of high quality software.

    Maybe open source projects work better than outsourcing because they have better acceptance criteria. If you consider for a moment all of the wonderful standards I have at work, it is still fundamentally easier for me to put crap code into production at work than it is for me to do the same with almost any open source project such as Liferay Enterprise Portal.

    Ask yourself, what is the average years of experience for the offshore team working on your enterprisey software and then compare it to average years of experience for open source. I bet you will note that with experience and a desire to participate in a community comes quality...

    | | View blog reactions


    Links for 2007-12-24

  • Did You Accidently Outsource Your Enterprise Architecture?
    My take is if you use insulting firms you run this risk.

  • In Search of Patterns in the Enterprise
    Pankaj Arora believes that enterprises s need to define Architecture Policies, Standards, Best practices to abolish the pattern of re-inventing the solutions for the recurring problems at Enterprise level which is the essense of enterprise architecture. I suspect what he really is asking for is the notion of open source enterprise architecture as the same practices get reinvented across enterprises as well.

  • IT doesn't matter, EA does
    we have the privilege of living in the future and as such thinking wisely about the past.

  • India offers to help Trinidad's agriculture
    Good to see these two countries creating synergistic relationships.

  • | | View blog reactions

    Sunday, December 23, 2007


    Do Industry Analysts understand the importance of Software Security?

    Across the board, analyst firms are ignoring the importance of static analysis tools and aren't talking about how they may be used to write secure software. I know that vendors such as Ounce Labs, Fortify Software and Coverity are currently tiny in terms of revenue and therefore don't have huge budgets to spend on analysts, but that doesn't mean that coverage isn't warranted.

    Likewise, I also have attempted to find evidence that industry analysts are participating in security-oriented users groups such as The Open Web Application Security Project (OWASP) and have found folks from Forrester Research, The Burton Group, Yankee Group and The 451 Group but haven't found evidence saying that other analyst firms such as Gartner, RedMonk, ZapThink or Ostermann Research are participating.

    I would think that Barbara French of Tekrati and other analyst relations firms would appreciate the importance of not only their customers interacting with analysts, but their potential customers and them interacting together with attendees of these users groups who happen to actually procure the software.

    | | View blog reactions

    Saturday, December 22, 2007


    Why do we hate process so much anyways?

    A critical analysis of a blog entry by Mike Kavis is in order...

    Mike asked the question: why do we hate process so much anyways? which the answer is simple. No one hates process, everyone hates bad processes.

    Architecture always exist regardless of whether it was documented or even acknowledged. Likewise, I bet that while no standards where documented, you were alot more rigorous to the ones you held in your own head and didn't deviate creating standards that are defacto which isn't a bad thing.
    I wonder if it was a lack of process or a lack of either an architecture that worked across silos as well as no one who ensured conceptual integrity across them (aka Chief Architect)?
    Hybrid approaches are a sign of a mental disorder. If you allow everyone to heist their legs and add their own unique smell, then you will loose conceptual integrity and at best achieve mediocrity. You should encourage others to standard for principles over processes as well.
    I hope you realize that you made a massive mistake by having such long intervals. Have you ever heard of daily builds and the Agile Manifesto? 12 weeks is a very long time to get way off track.
    You should measure process based on quantity but also result. Many enterprises rollout processes without figuring out their ROI and more importantly if it does achieve an ROI, they don't attempt to make it lighterweight over time to make the ROI even higher.
    Yes, it is the job of every employee to have the vested interests of their employer in mind and you should make it your duty to ensure that outsourcing works. The key thing though is that failure sometimes is also the right answer.
    Agilists would consider communication as one of those people things and not through it into the tools category. In terms of tools though, I wonder if Mike Kavis is allowing his outsourcing firm to deliver insecure software or was he wise enough to ask them to write code securely by standards such as the OWASP Top Ten?

    | | View blog reactions

    Friday, December 21, 2007


    Enterprise Architecture and Extreme Frustration Patterns

    Enterprise architecture initiatives would be a whole lot more successful if we focused on what makes folks happy and not just blindly following processes...

    Nowadays, many enterprise architects aren't struggling with technical problems, but are struggling with social issues. One of the common patterns is the advent of Indian outsourcing. I run across lots of folks who deal with poorly written code so full of bugs that you can't even compile it. In jest, I do ask folks whether they asked for the code to be compilable as a requirement.

    Part of the modern career path for those within large enterprises is to find ways to escape heavyweight processes and the tedium of much of the work that is rote which pervades many projects. Nothing destroys morale more than etting off of a project that you didn't much care for to work on something fun, only to be repeatedly dragged back for firefighting problems caused by outsourcing firms.

    American IT workers likewise experience the other side of frustration in having to defend code that they didn't actually write. Getting blamed by users for crappy software when you are the single person in an IT department innocent of all blame because you have been advocating refactoring the damn mess for a year.

    Outsourcing has brought along some worst practices by allowing process weenies to make decisions they really have no business making. Imagine having all technical decisions made by the least technical person, then being force fed their incompetence, then getting blamed for the resulting poor quality...

    | | View blog reactions

    Thursday, December 20, 2007


    Enterprise Architecture and Giving Advice

    Many people seek out an informed opinion on many subject areas from me yet fail to acknowledge that sometimes advice doesn't work...

    The best advice in the world is there is no substitute for experience. The nature of humans is to experiment and experience - even if someone else has done it before and reported back. We want to know what it would be like for us, from our viewpoint. As a species we can not live vicariously. Why is looking at a view so much better when you are then than through a picture? Why does hearing the sound of a real bird feel so much better than listening to a recording? We have to experience to "be" and the more intense the experience the more real we feel.

    Within enterprise architecture, sometimes it is important for enterprises to repeat the same mistake of others such as outsourcing to india, focusing on processes such as CMMi instead of people and so on. Someone can tell you how to do something but until you have done it yourself you don't really understand why.

    When you are a newly minted developer, you start off with writing hello world. Experiencing the familiar in a strange environment. It helps us relate what has gone before to where we are now. Enterprise architects need to help others have more experiences with hello world...

    | | View blog reactions

    Wednesday, December 19, 2007


    Enterprise Budgeting Antipatterns

    Two years ago, James Governor of RedMonk and I had an interesting conversation on how much money large enterprises waste on software licenses. Sadly, there was no great way to understand waste when one purchases enterprise licenses. I have been thinking about what he said which made me think of many antipatterns though...

    Every year about this time, venture capitalists and software vendors alike ping me in order to gain insight into how large enterprises procure software. The intriguing thing is that this remains an enigma for even enterprisey insiders such as myself as there is much repeatable or disciplined about it as it relies heavily on the notion of influence. I wonder if influence is a best practice for enterprise architecture or will be its downfall?

    Anyway, here are three antipatterns in terms of enterprise budgeting and software procurement:

    If you know of other budgeting antipatterns, please share...

    | | View blog reactions


    Links for 2007-12-19

  • The ROI Analysis: Starbucks vs Espresso Machine at Home
    Alex Barnett improperly calculates the price of coffee and doesn't factor in labor to clean coffee pots and the soap used at home to wash his cup.

  • Colorado decertifies voting machines
    Voting machines in many states ignore good good voting practices

  • What is a CIO?
    Is there a clear role for a CIO or is it a bad collection of 'all things digital' that really needs rethinking? Are CIOs strategic, tactical or distractical?

  • Around and around...
    An interesting response to James Governor of Redmonk.

  • | | View blog reactions

    Tuesday, December 18, 2007


    Links for 2007-12-18

  • Enterprise Software Companies don't own their customers
    Software companies don’t “own” their customers. In the case of Alfresco, any company may already have Documentum, FileNet, Interwoven or Vignette. The reality is that there is only a 5% to 10% penetration of this software – either on a desktop or on the shelf. What is critical is to focus on people and users in companies and not companies as software fiefdoms.

  • Processes or Individuals?
    The next big challenge for the Agile community is to set aside some of its principles for the sake of making a much bigger difference in our development environment

  • The Need for Reference Material
    Todd Biske states Reference materials are a tool in the arsenal and the degree to which they are used is dependent on how you architects work with the end consumer of the reference material which is spot on.

  • LDAP: Liferay Enterprise Portal
    Liferay leads the portal marketplace in terms of innovation. Scott Lee discusses how portals should integrate with directory services and how Liferay makes it easy. Imagine if the BPM vendors such as Pega, Lombardi Software and Intalio took the same approach?

  • The Importance of Business IT alignment
    Managers of businesses need to understand the fundamental features of cooperation if they are to efficiently analyze and restructure their industrial relationship. One should ask if relationship equals alignment?

  • Executive Architect - Open Source
    It is good to see that there is appreciation for architects focusing on open source. I am curious though if this job pay is low or do architects in Europe generally make lower than their US counterparts taking into consideration exchange rates?

  • | | View blog reactions

    Monday, December 17, 2007


    Enterprise Architecture and Paradigm Potpourri

    Have you ever ran across folks when confronted with two distinct paradigms, attempt to combine them and glow that they are using a hybrid approach? Sometimes paradigm potpourri is a mental disorder...

    In the same way enterprise architects attempt to govern software development by limiting the piling on of features on top of enterprise applications, we sometimes need to govern ourselves when it comes to paradigm adoption as we diminish the benefits of a pure approach. In software development, each additional feature will give one more options that may simplify certain aspects of the code, but because the different ways to do it grows with each feature, it is increasingly less likely that any new feature will make a significant difference. The same thing can be said about enterprise architecture.

    When will we stand up and have enough courage to ask ourselves whether we should be pursuing SOA, BPM, ECM, CMMi, Six Sigma, IT outsourcing, Business Rules, ESB, etc strategies all at the same time? We are delusional to think that we are like the building trades where the focus is on enterprise architects creating building codes and handing out permits as part of governance. Of course, we never think about the fact that the building trade also has the notion of occupancy certificates which many of our systems fail miserably at.

    If we are to take on so many initiatives at the same time, don't we need to stop for a moment and consider the learning curve of both producers and consumers of our grand strategies? Like a carpenter or plumber, the bigger your toolbox, the more you have to lug around...

    | | View blog reactions


    Links for 2007-12-17

  • Leading in the Technical Environment
    Do Enterprise Architects that focus on the human aspects of technology have a more rich, rewarding career than those who focus strictly on process?

  • If I were President of the United States
    This blogger believes that the United States is plunging into a Human Katrina where we have Mexicans colonizing us and millions of the world's poorest immigrating to our shores illegally. Is outsourcing the answer?

  • Acknowledging Bloggers for their efforts
    It is easy to throw daggers at bloggers who take the time to share their thoughts with others on their own time and without compensation while very few take the time out to say thanks.

  • Single Sign-on, SAML, Authentication in Documentum
    Security, in order to be done correctly requires server APIs which run in the address space of Documentum itself

  • Report: Many U.S. Parents Outsourcing Child Care Overseas

    | | View blog reactions

    Sunday, December 16, 2007


    How come conference attendees aren't more appreciative?

    I spent the last several hours putting together my Powerpoint presentation for an upcoming conference in India when my kids reminded me that spending time with them is more important.

    Conference attendees spend lots of money to attend conferences but none of this goes to the folks who give presentations. We spend time sharing our knowledge with others traveling thousands of miles yet rarely receive positive public feedback that our efforts are acknowledged.

    What would it take for conference attendees to acknowledge the hard work put in by the speakers? Please note that I am not looking for acknowledgment of my contribution but most certainly would love to see my industry peers who make the effort get more appreciation for their efforts...

    | | View blog reactions


    Links for 2007-12-16

  • Ignore Gartner
    This blogger doesn't feel that Gartner has a great value proposition. I wonder how widely held this belief is?

  • How I gained 5lbs in one week
    Ramit Sethi loves making bets with delusional people

  • Hey Johannes Ernst Delivered
    I would like to declare that enterprises do care about user-centric approaches as they change the potential for third-parties to charge exorbitant rates for being an identity provider in a traditional federated approach.

  • ECM: Catch the Wave
    Alfresco is on Forrester's Wave but not Gartner's Magic Quadrant. Nuxeo didn't appear on either. I wonder what this means?

  • Open Source Economics: Money, metrics and those that work
    Gartner and IDC are predicting an increase in open source sales which is bad news as enterprises will continue to believe they can have their cake and eat it too when they need to figure out how to participate.

  • UK Airline Terror Plot Suspect Escapes from Jail
    Rashid Rauf, who was arrested on suspected links to plot to blow up airliners flying between the U.S. and Britain, escapes from Pakistani custody.

  • America's Death by a thousand cuts
    Today, America bleeds to death by a thousand cuts. We’re bleeding from every sector of our society. At some point, the United States of America cannot and will not survive the bleeding. Why? Take a look.

  • Are social networks in business a white elephant or is Gartner's report a red herring?
    Gartner have recently released a report, Three Potential Pitfalls of Corporate Social Networking by Brian Prentice, with the tagline "Investing in social networking solutions from enterprise vendors is no guarantee that users will embrace the technology". You will get the opportunity to pay $195 for a four page report. Sounds like great value to me.

  • Providing a clear point of reference
    I haven't heard about the need for reference architectures between discussed amongst enterprise architects in the blogosphere and wonder what the perspective on them are from noted individuals such as Todd Biske, Nick Malik, Scott Mark and Robert McIlree are? Anyway, here is a good article explaining the concept.

  • | | View blog reactions

    Saturday, December 15, 2007


    Student of the Month

    My older son came home from school yesterday with news that he is student of the month. He is currently in first grade and was previously student of the month in Kindergarten as well. So much for following in his dad's footsteps...

    | | View blog reactions

    Friday, December 14, 2007


    Links for 2007-12-14

  • New Principles of Governance: The Natural Laws of Federation
    With Enterprise Architecture on the rocks these days, organizations are looking for a fresh approach to governance. Most folks become frustrated or ambivalent after a few years of being squeezed between centralization and localization.

  • Caribbean: Poor but Mobile
    Technology has caught on a lot faster in the Caribbean than it has in India which by the way makes a better destination for outsourcing.

  • A tale of being employed by Accenture
    Joel Spolsky comments that typically a company like Accenture or IBM would charge $300 an hour for the services of some recent Yale PoliSci grad who took a 6 week course in dot net programming, and who is earning $47,000 a year and hoping that it’ll provide enough experience to get into business school—anyway, it costs so much to hire these programmers that you’re not going to allowed to build things with Ruby on Rails no matter how cool Ruby is and no matter how spiffy the Ajax is going to be. I wonder if there are other perspectives?

  • XACML - A standard that I wish I had known about earlier
    had created security components that handled the respective requirements adequately but were slightly different in each case. I knew that they all shared the same core idea of access control based on authentication and authorization but just didn’t get to the point of building a generic framework that handle all those cases with little customization. It is curious though why developers are concluding the need for a generic authorization framework but not software vendors such as Microsoft, EMC and others?

  • What does a Technical Architect do next?
    Becoming an Enterprise Architect is either really simple or really difficult depending on your background. Most Enterprise Architects have spend sufficient time understanding business challenges while also focusing on technology issues where a consulting background only usually leads to spot skills while missing out on the opportunity to see the big picture. My recommendation for anyone wanting to become an enterprise architect would be to actually join a technology firm such as Microsoft, EMC and Oracle as the need for having an Enterprise Architecture program that is internally focused is starting to appear on the radar as is a lot faster career path than the traditional enterprise.

  • Some Great Questions about PMP and Agile Development
    Several great perspectives about SCRUM, PMBOK and other PM considerations

  • Internal Audit and Enterprise Architecture
    Todd Biske comments on the role of internal audit. I bet if you had a deep conversation with them, they would you understand otherwise unstated business challenges that aren't being addressed by current enterprise architecture activities. You will also find that internal audit is generally supportive of improving enterprise security and could become a business sponsor for initiatives such as log management, entitlements management (XACML) and data masking. I wonder why Todd didn't mention that for perception management reasons it is also a good idea to network with them as they tend to have the ear of the CFO and CEO...

  • | | View blog reactions

    Thursday, December 13, 2007


    Links for 2007-12-13

  • Cardspace vs Phishers
    Eric Norman asks a great question regarding Cardspace and what happens when a relying party changes its public key? I would love for Mike Jones to provide his perspective.

  • XML Security Gateways as Policy Enforcement Points
    Anil John comments on the need to centralize authorization policies in a non-proprietary manner and references how Mark O'Neill and Vordel support this functionality. The IBM DataPower appliance also has equivalent functionality. The real question that I can't find an answer to is what does it take to get software vendors pay more attention to XACML in a bigger way?

  • CIO SOA Concerns
    Isn't it interesting that industry conferences still have panels regarding the concerns of CIOs but don't actually have a real-world CIO on it?

  • Adapt and Improvise
    I really hate when folks talk about how enterprise architecture as practiced in large enterprises in a negative way. Especially when they are right! First companies need to determine a strategy for keeping up with their vendors. Too often the attitude is why upgrade? You just want me to spend money… In some cases this is true but is also a trap for the company. Ignore the vendor upgrades for too long and you get a heck of a technology gap and no one to blame but yourself.

  • Creative expression with Boku
    The architecture of participation is something that needs to be discussed more widely and read by my fellow enterprise architects. When was the last time you had a meaningful conversation with someone outside your four walls?

  • | | View blog reactions

    Wednesday, December 12, 2007


    More Links for 2007-12-12

  • Speaking of authorization
    Jackson Shaw talks about the need for having an authorization czar at Microsoft. This question should be extended to Oracle, Sun and EMC as well. From what I can tell, Oracle has informally appointed Mark Wilcox, Sun has John Domeninchini while I have no clue about EMC.

  • Getting involved with JBI
    Serge Blais of Sun talks about how JBI could converge with XACML. I would if folks that are working on ServiceMix and MuleESB are also following this important step? Would be curious to understand if Sonic and BEA will take the same approach?

  • Identity Oracle: Does it make sense?
    Eric Norman comments that the examples for an identity oracle don't make much business sense and reacts to postings by Bob Blakely and Kim Cameron. Eric is spot on with his closing remarks.

  • Update from ConferenceLand
    It is intriguing that many folks in the identity community still don't appreciate the value of XACML while the ECM, BPM and CRM vendors continue to ignore the problem space because it is either too difficult to undo their suboptimal product designs and/or they aren't working on it because it isn't a new product offering. Luckily Gunnar Peterson and enterprises are starting to wakeup. For vendors that fell asleep and could have capitalized on it early, don't worry, the open source community will do your job for you.

  • | | View blog reactions


    Links for 2007-12-12

  • Conceptual Integrity
    It’s a well known fact that deciding what exactly to build is the hardest part of software development. So how does one deal with complexity and uncertainly? Sanity is retained and complexity managed by maintaining conceptual integrity in your solution. This goes beyond the conceptual integrity of the architecture, but the conceptual integrity of a solution.

  • AJAX: A new timing threat to web delivered applications
    Vulnerability to Timing Attacks = Increasing Function of Interactivity

  • Security and the Naked Emperor
    Is data leakage the norm and not the exception?

  • The Purpose of Security Programs
    At the end of the day, it is all about loss. If you don't like experiencing loss then you must do something to avoid, minimize, or control it. Welcome to the world of Security.

  • | | View blog reactions

    This page is powered by Blogger. Isn't yours?