Friday, November 30, 2007
Links for 2007-11-30
InformationWeek notes that the role of CIO is devolving while the role of the Chief Architect is gaining importance. One trend is that the process-oriented CIO's are being displaced by business leaders on one side while the enterprise is starting to appreciate that communication skills are the table stakes and that a strong technology savvy chief architect is what sustains competitive advantage.
Taran Rampersad discusses myths regarding race and intelligence. I wonder why he didn't define race as the mental handcuff that individuals place on themselves.
David Linthicum does a good job at describing orchestration but twists one small thing in that he mixed orchestration with choreography in terms of acknowledging organization boundaries.
Here are some great links to noodle.
Why are resumes of IT employees so uniformly horrific? It gets even worse when you read the resumes from Indian Outsourcing firms.
Dave Oliver acknowledges Enterprise Architecture roles can't really be seen as process driven and will depend on a high degree of specialised skills so we are talking about a high degree of practice.
I wonder if there is any industry models to calculate ROI on paying industry analyst firms to write reports?
I wonder if Sun realizes that in order to become an open source company, you have to do a lot better at retaining top talent. This does explain why Don Bowen moved his blog here. I would hope that the folks at Microsoft would sieze this opportunity by hiring them to work on ADAM.
Enterprise Architects should be encouraged to move beyond traditional analyst firms and have conversations with those who have an open source business model, especially if you are seeking advice on open source.
Thursday, November 29, 2007
Job Opportunity: Senior Java Engineer
How would you like a starting salary of $125K plus bonus plus package along with the opportunity to work with other really smart individuals in the role of Senior Java Engineer?
The position is with the New York Stock Exchange so you know that their bonuses won't be tiny. They provide four weeks vacation and don't do bell curve compensation. If interested, contact Ashwin Bhandari of the Tardis Group (www.tardis-group.com) and he will hook you up...
| | View blog reactionsThe position is with the New York Stock Exchange so you know that their bonuses won't be tiny. They provide four weeks vacation and don't do bell curve compensation. If interested, contact Ashwin Bhandari of the Tardis Group (www.tardis-group.com) and he will hook you up...
Links for 2007-11-29
Todd Biske has a great post on the notion of continual learning. I surely would hate to interview with him.
Good to see that UI folks also are embracing the pattern metaphor. Still awaiting the ECM crowd to step up though.
Great to see that OpenSSO is starting to acknowledge the importance of coarse-grained authorization. The one thing that I would love to see show up in all of the Web Access Management products is CAPTCHA support in that sometimes you need to understand more than just if a user is a directory entry (aka fake authentication) but whether the user is a human.
Andrew Savory will be discussing this important topic tonight with Microsoft Research and their legal folks. Let's arm him to be successful
But have you ever thought about how much a bathroom influences our perception of a place? Instead of focusing on size of cubicle, maybe we need to understand the orientation of stalls?
Mike Kavis has been busy researching enterprise initiatives and has some interesting conclusions to share.
Enterprise Architecture: Ten Reasons why Outsourcing tends to fail...
Figured I would outline ten reasons why I believe outsourcing fails in hopes that others won't repeat the mistakes of others...
| | View blog reactions- Cost-reduction expectations
The notion of rate arbitrage where the sole reason you outsourcing is to gain cost savings simply isn't sustainable. As the US Dollar declines while currencies such as the Rupee increase, this will most certainly wipe away any strategy based on rate exchange. - Data security/protection
The ability to apply a thoughtful security architecture within any large enterprise is challenging where all the data is in the data center as well as all employees are physically in the same building. If your protection mechanisms are based on a firewall alone and you are required to poke holes in it, then you will probably leak data in an outsourcing context. Likewise, if you are doing software development and aren't mandating code review (distinct from code acceptance) then the ability for someone offshore to interject insecure code rises exponentially. - Process discipline (CMM)
Let's admit that the processes needed to utilize hundreds of new resources who have only a handful of years in IT at best are wildly different than processes required to make an organization successful where every two minutes you can bump into someone with twenty years of experience. The right answer isn't necessarily to force CMM-like heavyweight processes on folks who don't require it as this will result in frustration, additional unnecessary costs and almost always guarantee mediocrity. - Loss of business Knowledge
I had a conversation with an Architect at one of the Healthcare Insurers in the area. In the same conversation, they talked about the notion of Business/IT alignment while in the same breadth acknowledged that IT knows more about how the business works than the business. Consider the simple fact that in most enterprises, there is no one that could write a specification to reconstruct a system with all the complex business rules and come up with the same output. - Vendor failure to deliver
Sad to say but vendors do periodically not deliver. You have to ask yourself why does this occur? If your business model is based upon growing headcount where it is not necessary about productivity but all about increasing billable hours then you may run into lots of problems. Sometimes customers need to ignore the sales pitch and acknowledge that experience does matter. A politically incorrect analogy to the way most but not all outsourcing works is attempting to get nine women in a room to make a baby in one month. - Scope creep
The problem here is from the lens of the vendor, scope creep is rampant. From the eyes of the enterprise, we need to acknowledge that it is impossible to write a specification for every possible scenario upfront. In some sick sense, we call this behavior scope creep while in reality the solution may be for us to truly figure out agile software development and how to iterate better. - Government oversight/regulation
Want your intellectual property stolen? Consider the simple fact that you need to know what is IP and what is not. The laws in the US afford enterprises lots of protection where as laws in countries such as India and China aren't quite the same. - Culture
When us American's speak to folks across the pond in the UK, we sometimes have misunderstandings even though we all speak English. Many folks tell me that even though they understand every word I say, they don't understand anything that I have said. Consider that specification alone does not make an IT project successful. Are you of the belief that if someone understands the problem from a consumer perspective that they may be able to deliver better results? For example, imagine the business need to sell Rum over the Internet where having the right experience for the consumer is vital. Could you predict that even with bad requirements, the odds are improved by having someone in Trinidad or Jamaica develop it over someone in say Saudi Arabia? - Turnover of key personnel
Good people want to work with other good people and outsourcing removes this as a possibility. Imagine if I had the opportunity to work with individuals such as Scott Mark, Todd Biske, James Robertson, James Tarbell, Daniel Bernier and others, then along comes outsourcing where we don't get the opportunity to sit face-to-face but instead get replaced by conversations that are a whole lot more one-way, introductory in nature and less rewarding. Would you expect good people to hang around? - Knowledge transfer
I can do lots of knowledge transfer on many things that I know, but none of it will make up for actual hands on experience...
Wednesday, November 28, 2007
Thinking about my New Years Resolutions...
The end of year is fast approaching which makes it a good time to reflect not only on accomplishments but on areas in which one can improve...
So, how do I become a better blogger? Do I succumb to the pressure of the few by removing otherwise annoying photos from my blog at the expense of removing my own creativity? Do I become more sensitive to others and attempt to mediate disputes between other bloggers and encourage consensus driven thinking or instead throw out ideas no matter how untested or time proven in hopes that others will make them better?
Do I stop attacking industry analysts and admit defeat in that the odds are better for me becoming President than in industry analysts at the large firms truly presenting open source on the same playing field across the board as commercial proprietary closed source offerings?
Should I stop throwing daggers at the ECM community for being the only community without any notion of a reference implementation, the inability to interoperate, for not participating in modern user-centric identity, not understanding the importance of externalizing authorization or even having any published patterns?
The challenge of moving from good to great within the blogosphere is in having a keen sense of what others what to hear. To date, I have used this time to share my own thoughts and things that were of interest to me. Maybe in 2008, I should remix my blog and instead focus on providing insight into areas that others want to understand where software vendors, industry analysts and even other enterprise architects can ask open questions where I will attempt to provide transparent answers.
The problem with this approach is that it would require others to start asking questions? I see no reason to wait till next year, so let's get started...
| | View blog reactionsSo, how do I become a better blogger? Do I succumb to the pressure of the few by removing otherwise annoying photos from my blog at the expense of removing my own creativity? Do I become more sensitive to others and attempt to mediate disputes between other bloggers and encourage consensus driven thinking or instead throw out ideas no matter how untested or time proven in hopes that others will make them better?
Do I stop attacking industry analysts and admit defeat in that the odds are better for me becoming President than in industry analysts at the large firms truly presenting open source on the same playing field across the board as commercial proprietary closed source offerings?
Should I stop throwing daggers at the ECM community for being the only community without any notion of a reference implementation, the inability to interoperate, for not participating in modern user-centric identity, not understanding the importance of externalizing authorization or even having any published patterns?
The challenge of moving from good to great within the blogosphere is in having a keen sense of what others what to hear. To date, I have used this time to share my own thoughts and things that were of interest to me. Maybe in 2008, I should remix my blog and instead focus on providing insight into areas that others want to understand where software vendors, industry analysts and even other enterprise architects can ask open questions where I will attempt to provide transparent answers.
The problem with this approach is that it would require others to start asking questions? I see no reason to wait till next year, so let's get started...
Links for 2007-11-28
Alex Fletcher of Entiva yet again posts brilliant insights into how enterprises need to focus on the creation of transparent ecosystems and how our enterprise architect needs to intersect with the open source model as part of a long range strategy. IT shouldn't solely focus on costs, but should always focus on supporting core business objectives better. Absolutely brilliant.
Bex Huff shares info on an Oracle skunk works project to help Oracle customers submit ideas, make requests and vote on which changes they prefer. For the record, I think this is brilliant and the transparency it brings to otherwise insular decision making is huge. Consider for a moment whether Craig Randall would ever actually allow customers to provide feedback on enhancements where he doesn't mediate and filter but instead actually allows customers to even engage each other. One of the things that I tend to be inciteful about is the lack of security within many enterprise products. The problem space of XACML is well known within many vendors but they have a vested interest in not allowing their customers to mount any form of campaign. By bringing democracy to the process, Oracle is doing the right thing in temrs of vendor relationship management. I wonder when EMC, BMC, CA and others will start following Oracle's lead?
In an interview, a former Google employee, who also happened to work for Microsoft, shares his views of Google and Microsoft's work environments. He discusses areas that Microsoft should improve to be more competitive in recruiting talent, including providing free cafe food, increasing the salary, offering more continuing ed and providing private offices. My take says that large enterprises may do well to observe the lessons learned here especially when you have the need to hire thousands of IT employees as you attempt to recover from failed outsourcing efforts while bringing it back inhouse.
Society is getting way to inclusive...
The customer can have any colour he wants, as long as it's black. Customers can also ask for better security models as long as they don't require the software to actually change.
Google has announced a contest open to high school students during the Open Source Developers' Conference in Brisbane, Australia. The Google Highly Open Participation Contest was created to help introduce high school students to open source software development. What a great way to introduce our future to technology.
Japanese automaker Nissan is suing Software AG because it objects to the hefty fees charged by the German vendor to make its applications available to Nissan’s outsourcing partners. It sounds as if closed source software vendors are starting an interesting trend of penalizing large enterprises for outsourcing by charging them additional licensing fees. To date, this phenomena hasn't been well discussed but otherwise occurs very frequently. I wonder which industry analyst firm has the best advice for their clients in this regard?
Many of the advancements that were leading to better employee placement, better working conditions, and the balance that was building between employee care and economics were virtually destroyed. And it felt, at least to me, that we’d almost dropped back into the Middle Ages.
Tuesday, November 27, 2007
Links for 2007-11-27
In many professional businesses, high technical excellence is taken for granted - we assume that having it is "table stakes" for competing. However, it's not a trivial issue to ask whether and how an enterprise goes about ensuring that its employees in fact meet high standards of technical expertise.
We shouldn't throw daggers at software vendors but instead should focus on enterprise architects who exercise their right to remain silent.
So, what are your thoughts on Business Process Management and Security?
Many IT projects fail because participants don’t take steps to fix seemingly-obvious problems. This statistic, if true, means a significant number of companies will experience serious IT failure because they didn’t follow simple, common sense policies.
I sure would love to get my hands on the same statistics for GE, Oracle and Intel
When you were just learning to write the alphabets, all you had to do to get an applause from people around you was to write the alphabets correctly. Those were the rules of the game. When you moved to school, the rules changed almost without notice. You could not get an applause just by reciting or writing the alphabets. The same phenomema is also occuring in corporate America.
Something that practitioners of enterprise architecture need to noodle.
Given a list of performance objectives for a task, the training objectives for the task can be developed. The training objective states the expected performance of the individual at the end of training.
I wonder how Security Monkey, Shawn Rohrbach, Tom Olzak, Dave Keays, Abhishek Singh, Mark Tordoff, Brock Frary, Vic Bhatia, Lou Bolanis and Lee Whitfield would classify themselves using this definition?
Certified Architect
Todd Biske shares his thoughts on becoming a Certified Architect which I figured I should add my two cents...
Todd states that personally, I've never been a huge fan of certifications which if it were pretty much anyone else saying this, I would suspect that something else is at play. Todd, could with little effort pass any certification exam who chose to pursue while others would struggle.
Have you ever observed the pattern where those who talk about the value of a Masters Degree are the ones who have them? Likewise, the one's that don't feel they are important are the ones who don't. The same thing occurs with certification and the only perspectives where insight truly emerges are the ones who have certifications and still think they are not valuable.
The first two certifications I achieved in my own career happened in 1994, when on the same day I took the final exams for both PowerBuilder making me a Certified PowerBuilder Developer as well as the last exam for Microsoft making me an MCSE. Note: my number is 9079. The reason for taking the exams at the time was the fact that I was employed not only by a consulting firm but they provided monetary incentive for me to pass. One can focus on the marketability aspects of certification, but a good Enterprise Architect would also acknowledge that any incentive that causes the staff to learn on their own time and make extra effort in studying can't be all bad.
Both of these certifications led to something good. For the PowerBuilder certification, I had the opportunity to participate in writing a sample application that actually shipped with version 4.0 of PowerBuilder and wrote the coolest about box you have even seen. For PowerBuilder developers, I would love to know if the Skills Sample Application still exists. As far as Microsoft is concerned, at the time one of the components was Microsoft Mail. Around that same time, Microsoft flew individuals out to Redmond to help them shape Microsoft Exchange. Knowing that I was an early participant helped my career immensely. In 1996, I actually one the Microsoft Solutions in Action Award for an enterprise rollout of Exchange.
So, now that I have talked about the positive aspects of certification, I figured I should also talk about the more BS aspects. To date, I have over twenty different certifications. I have my Cisco CCNP which I not only know but still use my knowledge. The issue here is that I periodically do outside of work projects to keep my knowledge up to snuff as the folks in the data center won't let me tamper with BGP routes on the border routers with good reason. So this aspect exists in terms of a bullet on my resume but won't necessarily be reflected in the work bio aspects of my resume. I am certified by two different firewall vendors, one of which I used successfully for an Internet startup but haven't used since where the other I have the certification but have never even used the product. The funny thing about the second vendor is that I am not sure I even deserve the certification in that when I was taking the four hour exam, the testing engine crashed in the last fifteen minutes and was awarded it out of good customer service. Of course, one could hire me in a consulting context where I can make a mess out of your security, but self-discipline here is fully practiced.
In terms of Microsoft, I also achieved my MCT which helped me become comfortable interacting with others in a training context. I achieved my MCSD which I haven't done much to stay current in terms of all of the wonderful .NET things but can still do COM with the best of them. I even have a sales certification from good ole Sun which was more about indoctrination that anything else.
I guess the point that I am attempting to make is that certifications are neither good nor bad, and it is important to look at each within the context of the role you expect this individual to play. It is my belief that certifications don't prove hands on skills at all, but having multiple at least says that there is evidence as an Enterprise Architect that you have the ability to learn as well as the desire...
| | View blog reactionsTodd states that personally, I've never been a huge fan of certifications which if it were pretty much anyone else saying this, I would suspect that something else is at play. Todd, could with little effort pass any certification exam who chose to pursue while others would struggle.
Have you ever observed the pattern where those who talk about the value of a Masters Degree are the ones who have them? Likewise, the one's that don't feel they are important are the ones who don't. The same thing occurs with certification and the only perspectives where insight truly emerges are the ones who have certifications and still think they are not valuable.
The first two certifications I achieved in my own career happened in 1994, when on the same day I took the final exams for both PowerBuilder making me a Certified PowerBuilder Developer as well as the last exam for Microsoft making me an MCSE. Note: my number is 9079. The reason for taking the exams at the time was the fact that I was employed not only by a consulting firm but they provided monetary incentive for me to pass. One can focus on the marketability aspects of certification, but a good Enterprise Architect would also acknowledge that any incentive that causes the staff to learn on their own time and make extra effort in studying can't be all bad.
Both of these certifications led to something good. For the PowerBuilder certification, I had the opportunity to participate in writing a sample application that actually shipped with version 4.0 of PowerBuilder and wrote the coolest about box you have even seen. For PowerBuilder developers, I would love to know if the Skills Sample Application still exists. As far as Microsoft is concerned, at the time one of the components was Microsoft Mail. Around that same time, Microsoft flew individuals out to Redmond to help them shape Microsoft Exchange. Knowing that I was an early participant helped my career immensely. In 1996, I actually one the Microsoft Solutions in Action Award for an enterprise rollout of Exchange.
So, now that I have talked about the positive aspects of certification, I figured I should also talk about the more BS aspects. To date, I have over twenty different certifications. I have my Cisco CCNP which I not only know but still use my knowledge. The issue here is that I periodically do outside of work projects to keep my knowledge up to snuff as the folks in the data center won't let me tamper with BGP routes on the border routers with good reason. So this aspect exists in terms of a bullet on my resume but won't necessarily be reflected in the work bio aspects of my resume. I am certified by two different firewall vendors, one of which I used successfully for an Internet startup but haven't used since where the other I have the certification but have never even used the product. The funny thing about the second vendor is that I am not sure I even deserve the certification in that when I was taking the four hour exam, the testing engine crashed in the last fifteen minutes and was awarded it out of good customer service. Of course, one could hire me in a consulting context where I can make a mess out of your security, but self-discipline here is fully practiced.
In terms of Microsoft, I also achieved my MCT which helped me become comfortable interacting with others in a training context. I achieved my MCSD which I haven't done much to stay current in terms of all of the wonderful .NET things but can still do COM with the best of them. I even have a sales certification from good ole Sun which was more about indoctrination that anything else.
I guess the point that I am attempting to make is that certifications are neither good nor bad, and it is important to look at each within the context of the role you expect this individual to play. It is my belief that certifications don't prove hands on skills at all, but having multiple at least says that there is evidence as an Enterprise Architect that you have the ability to learn as well as the desire...
Monday, November 26, 2007
Even More Links for 2007-11-26
Security within a virtualized environment hasn't been deeply discussed in the blogosphere. It is not possible to implement effective kernel protection on any general purpose OS based on monolithic kernel design and requires fundamental changes in approach.
UWM's Paul Barford has developed technology (called "Nemean") to automatically identify botnet traffic. This could be immensely useful and I encourage security folks to pay attention to this.
ESPN ttempts to block subscribers arriving from an ISP who is not a subscriber. Essentially, they are trying to replicate the cable subscription model (get your ISP to pony up money so that you can see this stuff) only on the web. ontent providers (Google, Yahoo, BBC, and evidently ESPN) believe that users want their content more than their content wants the users. And so, a new battle is begun. Who has more leverage: the pretty pictures or the glassy eyeballs?
The all wise James Taylor believes that this is a bad idea. BPM tools traditionally focus on state management, allowing long-running processes to be safely persisted and “rehydrated” based on some system event. Most rule-based products offer relatively little in the way of long-lived state and transaction management, concentrating instead on the automation of “point in time” decisions.Some vendors combine them while others tend to stay pure play. I bet your favorite neighborhood industry analyst won't be able to provide consistent guidance on which is more important.
Industry guru Gunnar Peterson talks about why everyone is so amped on identity. I would appreciate his insights on whether CRM, ECM and BPM vendors equally also don't care about SPML since it is closer in nature to the current identity hype cycle.
The PhishTank annual report presents some interesting statistics including the most spoofed brands, phishes by Country and top domains.
Many will lament on the decline of corporate giving but few will actually speak up about it.
t is possible to arrive at true conclusions based on flawed premises and inferences. However, such arguments are inherently flawed because, for an argument to be logical and rational, the premises and inferences must deduce to the conclusion.
Derrick Harcey discusses the OpenPTK provisioning tag library as a way to add user provisioning services to a java application. I wonder if this would make a good addition to Liferay Enterprise Portal? I will ping Brian Chan and get his thoughts.
Another blogger that is doing her part to make poverty history...
More Links for 2007-11-26
Logs and overall security of PoS devices are often "in-scope for PCI, but out of scope for a typical PCI audit. I guess us consumers can expect even more T.J.Max type data loss events
At least folks are starting to acknowledge that doing the bare minimum is part of their strategy
Dibyendu Choudhury provides insight into economic factors of outsourcing and the global economy. Because everything and anything we get in US or abroad are now available in India within reach, except the quality of life and broad disparity in between rich and poor is something that needs to be deeply noodled.
When it comes to innovation, the myth of the lone genius dies hard. Most companies continue to assume that innovation comes from that individual genius, or, at best, small, sequestered teams that vanish from sight and then return with big ideas. But the truth is most innovations are created through networks — groups of people working in concert. What would happen if Enterprise Architects figured out that innovation requires a strategy around blogging and participation in the open source community as an introductory step?
The ethical and political principle of equality of all individuals of the human species is now acknowledged by nearly all. It is almost universally accepted that any discrimination between human individuals based on an arbitrary criterion is unjust and must be abolished.
Todd Biske wants to eliminate the term "application" as it implies a monolith. I would like to point out to Todd that there is another usage of the word that still remains important which primarily indicates a funding model. It is possible and viable to build a great SOA while still letting the finance folks think in terms of applications. Removing the term from architects is a great thing but very disruptive for other parts of the enterprise.
A Wikipedian Protester...
Have you hugged an Enterprise Architect lately?
What does it take for an Enterprise Architect to get a little respect?
I am known for attacking software vendors whom prefer to shove software out the door while not thinking about security, throwing daggers at industry analysts who continue to treat open source as a second class citizen by not putting it in the same Quadrants and Waves as expensive, proprietary closed source offerings which results in no love for this Enterprise Architect. If you are from this demographic, you may find my postings annoying, but if you happen to be from a large enterprise, you may find them insightful. Beauty is in the eye of the beholder.
Today, I have hit a new low in that James Robertson put me in the same category as Robert McIlree whom I have decided to exersise my right to remain silent based on his inability to engage in a meaningful conversation. Robert only talks about processes and ways to make it heavier where at least I tend to talk about practices and ways to make processes lighter. Of course, I am willing to engage in a dialog with anyone who not only wants to make enterprise architecture better but also improve the human condition.
James and I of course disagree on the value on Smalltalk within today's enterprise, but does this disagreement automatically make me enterprisey? Other than Smalltalk, I find many of James Robertson's posts on the money where as I can't say the same about Robert. Can I get a little bit of love?
| | View blog reactionsI am known for attacking software vendors whom prefer to shove software out the door while not thinking about security, throwing daggers at industry analysts who continue to treat open source as a second class citizen by not putting it in the same Quadrants and Waves as expensive, proprietary closed source offerings which results in no love for this Enterprise Architect. If you are from this demographic, you may find my postings annoying, but if you happen to be from a large enterprise, you may find them insightful. Beauty is in the eye of the beholder.
Today, I have hit a new low in that James Robertson put me in the same category as Robert McIlree whom I have decided to exersise my right to remain silent based on his inability to engage in a meaningful conversation. Robert only talks about processes and ways to make it heavier where at least I tend to talk about practices and ways to make processes lighter. Of course, I am willing to engage in a dialog with anyone who not only wants to make enterprise architecture better but also improve the human condition.
James and I of course disagree on the value on Smalltalk within today's enterprise, but does this disagreement automatically make me enterprisey? Other than Smalltalk, I find many of James Robertson's posts on the money where as I can't say the same about Robert. Can I get a little bit of love?
Links for 2007-11-26
Visa will implement a series of mandates, beginning January 1, 2008, to eliminate the use of vulnerable payment applications from the Visa payment system. … These mandates are intended to prevent cardholder data compromises and thereby help mitigate the risk of associated financial losses such as liability from the Account Data Compromise Recovery (“ADCR”) program. Now imagine if they also included a blurb stating that these protections are their to protect the brand and not the consumer...
Business forces may be driving up demand for CIOs, but few concomitant forces are driving up the current supply. In fact, a mounting shortage of qualified candidates for top IT positions has caused companies to increase their focus on pipelining contenders for leadership roles ahead. Today's Enterprise Architects are tomorrow's CIOs
I first started following Log Management when James Governor of RedMonk started to talk about Splunk and LogLogic as part of a compliance oriented architecture. He is way ahead of his time.
While 70.9 percent of all U.S. mothers, married and unmarried, now work, the participation rate is down from its peak of 72.3 percent in 2000. American workers realize the abilities working moms possess, but our survey findings show that employers have some work to do to manage the perceptions and attitudes many employees have toward the special arrangements provided to working moms.
Security's days as just a technical issue are done. It is becoming a central concern for leaders at the highest level of many organizations and governments, transcending national borders. Customers are demanding it as worries about privacy and identity theft grow. Business partners, suppliers, and vendors are requiring it from one another, particularly when providing mutual network and information access. Networked efforts to steal competitive intelligence and engage in extortion are becoming more prevalent. Security breaches are increasingly motivated by financial gain. Now only if we could get software vendors to see security through the same lens as their customers.
Sunday, November 25, 2007
Have you heard of the free rice program?
I learned about this program via LinkedIn. I encourage you to check it out. When you pull up the website you will find a word in which you have to pick the answer that best defines it. If you get it right you get a harder word. If you get it wrong you get an easier word.
For each word you get right, 10 grains of rice is donated to the United Nations World Food Program. This is for those of you who want to make a difference in the world as well as increase your vocabulary :)!
Click here to participate...
| | View blog reactionsFor each word you get right, 10 grains of rice is donated to the United Nations World Food Program. This is for those of you who want to make a difference in the world as well as increase your vocabulary :)!
Click here to participate...
Thoughts on Chennai, Cognizant and Thanksgiving...
Many get it twisted and think that Thanksgiving is about being glutenous by overeating, watching football and a four day weekend...
The last conversation I had on Wednesday before starting the long holiday was with an individual who provided insight that I didn't previously know (Hi Kesavan) and guidance on better ways of being charitable.
He indicated that charities in India appreciate seeing donors in person and that I should make the effort to appear in person instead of simply sending money. I guess I have been too indoctrinated into the notion of privacy policies and at some level they help dehumanize the giver's responsibility for being human to others.
His tactic of modesty normally would be irritating but in this particular situation, it worked like a charm. He mentioned abstractly that my money would go far, but didn't provide any concrete examples. Of course, curiosity caused me to do lots of research and oh how I realized that is wisdom was an understatement!
I learned that I could feed 100 school children for only $25! The notion that if every person that reads my blog were to donate $25 to a charity such as Udavum Karangal we could actually make poverty history disappear in India. Sadly, though many will read my blog and become annoyed with me because I want to not only make the discipline of enterprise architecture better, but I am equally passionate about changing the human condition. For those who get are disturbed by the pictures in my blog, I suspect that they are even more disturbed every time they look in the mirror.
My two children were curious why their dad was so emotional while on the computer. When they saw the children and wondered about them and me having to explain how fortunate we are, they both decided to forgo their trip to Chuck E. Cheese and asked to have their monies sent there instead.
I guess, Kesavan and other employees of Cognizant are responsible for teaching my kids the real meaning of Thanksgiving...
| | View blog reactionsThe last conversation I had on Wednesday before starting the long holiday was with an individual who provided insight that I didn't previously know (Hi Kesavan) and guidance on better ways of being charitable.
He indicated that charities in India appreciate seeing donors in person and that I should make the effort to appear in person instead of simply sending money. I guess I have been too indoctrinated into the notion of privacy policies and at some level they help dehumanize the giver's responsibility for being human to others.
His tactic of modesty normally would be irritating but in this particular situation, it worked like a charm. He mentioned abstractly that my money would go far, but didn't provide any concrete examples. Of course, curiosity caused me to do lots of research and oh how I realized that is wisdom was an understatement!
I learned that I could feed 100 school children for only $25! The notion that if every person that reads my blog were to donate $25 to a charity such as Udavum Karangal we could actually make poverty history disappear in India. Sadly, though many will read my blog and become annoyed with me because I want to not only make the discipline of enterprise architecture better, but I am equally passionate about changing the human condition. For those who get are disturbed by the pictures in my blog, I suspect that they are even more disturbed every time they look in the mirror.
My two children were curious why their dad was so emotional while on the computer. When they saw the children and wondered about them and me having to explain how fortunate we are, they both decided to forgo their trip to Chuck E. Cheese and asked to have their monies sent there instead.
I guess, Kesavan and other employees of Cognizant are responsible for teaching my kids the real meaning of Thanksgiving...
Implementing External Authorization in BPM and ECM Products (Part One)
Phil Gilbert, CTO of Lombardi Software, John Newton, CTO of Alfresco, Craig Randall, Bex Huff and others have let me get away with ranting about XACML without stepping up to prove how easy it is...
This will be first in a three part post on techniques that enterprise software vendors can use to externalize authorization from their products. If you aren't familiar with XACML, please visit the XACML specification.
For this example, I will use Liferay Enterprise Portal since the source code is 100% freely available. I am willing to do the same within a BPM context against Intalio, but I couldn't locate the source code for the BPM engine.
It is important to acknowledge that Brian Chan and others from Liferay acknowledged the importance of the ability to externalize security as part of the 4.0 version. Versions prior to this didn't have this capability and I will leave it to Brian and others to talk about design considerations. Anyway, there is a good document on what needs to occur in order to externalize security from liferay here. You will notice that there is a single Java interface named PermissionChecker that you need to extend with your own custom implementation. Here is where XACML can be nicely integrated. In the next posting, I will show you exactly what code needs to go here.
The thing that we should focus on first is in how to get the metadata describing what an application and roles are externalized. If your particular product stores it within a relational database, then the task is relatively straightforward in that you can create a routine that creates a file that can be exported to an XACML PAP. It should look something like this:
<organization>
<applicationgroups>
<applicationgroup>
<applicationgroup_name>Liferay</applicationgroup_name>
<applicationgroup_desc>Liferay</applicationgroup_desc>
<applications>
<application>
<application_name>portlets</application_name>
<application_desc>portlets</application_desc>
<application_contact_info>James McGovern</application_contact_info>
<application_server>Weblogic</application_server>
<ispepconfigured>YES</ispepconfigured>
<policycmbalg>1</policycmbalg>
<obligationid>3</obligationid>
<resources>
<resource>
<resource_name>search</resource_name>
<resource_desc>search</resource_desc>
<application_id>portlets</application_id>
<resourcetype>
<name>UNTYPE</name>
<belongsto>Global</belongsto>
<attributes></attributes>
<actions></actions>
</resourcetype>
<policycmbalg>1</policycmbalg>
<obligationid>3</obligationid>
<parent_resource>
Liferay:portlets
</parent_resource>
</resource>
<resource>
<resource_name>VIEW</resource_name>
<resource_desc>VIEW</resource_desc>
<application_id>portlets</application_id>
<resourcetype>
<name>ACTION</name>
<belongsto>Global</belongsto>
<attributes></attributes>
<actions></actions>
</resourcetype>
<policycmbalg>1</policycmbalg>
<obligationid>3</obligationid>
<parent_resource>
Liferay:portlets:search
</parent_resource>
</resource>
</resources>
</application>
</applications>
</applicationgroup>
</applicationgroups>
<roles>
<role>
<rolename>All Users</rolename>
<roledes>All Users</roledes>
<rolestatus>STATIC</rolestatus>
<parentrole_name>All Users</parentrole_name>
<roleagaptype>AG</roleagaptype>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
<rules></rules>
<rules-conjunction>
<rule-conjunction></rule-conjunction>
</rules-conjunction>
</role>
<role>
<rolename>UnKnown Users</rolename>
<roledes>
UnKnown Users for users,who are not mapped
</roledes>
<rolestatus>STATIC</rolestatus>
<parentrole_name>Liferay</parentrole_name>
<roleagaptype>AG</roleagaptype>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
<rules></rules>
<rules-conjunction>
<rule-conjunction></rule-conjunction>
</rules-conjunction>
</role>
<role>
<rolename>User</rolename>
<roledes>User</roledes>
<rolestatus>STATIC</rolestatus>
<parentrole_name>Liferay:portlets</parentrole_name>
<roleagaptype>AP</roleagaptype>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
<rules></rules>
<rules-conjunction>
<rule-conjunction></rule-conjunction>
</rules-conjunction>
</role>
</roles>
<users>
<user>
<username>Test HKG 1</username>
<useremail>null</useremail>
<userbelongsto>Liferay:portlets</userbelongsto>
<usertype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</usertype>
</user>
</users>
<userrolemaps>
<userrolemap>
<rolename>User</rolename>
<username>Liferay:portlets:Test HKG 1</username>
<parentrolename>Liferay:portlets</parentrolename>
<usertype>AP</usertype>
<contextfqn>Global Context:Global Context</contextfqn>
<bundlefqn>Global:Default</bundlefqn>
</userrolemap>
</userrolemaps>
<contexts></contexts>
<rolebundles>
<rolebundle>
<rolebundletname>Default</rolebundletname>
<rolebundletdesc>DEFAULT ROLE BUNDLE</rolebundletdesc>
<rolebundleparent>Global</rolebundleparent>
</rolebundle>
<rolebundle>
<rolebundletname>Default</rolebundletname>
<rolebundletdesc>DEFAULT ROLE BUNDLE</rolebundletdesc>
<rolebundleparent>Global</rolebundleparent>
</rolebundle>
</rolebundles>
<usertypes>
<usertype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</usertype>
</usertypes>
<roletypes>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
</roletypes>
<grouptypes>
<grouptype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</grouptype>
</grouptypes>
</organization>
If you want to generate it directly from the database, Liferay provides the data model here. If you have questions on what I posted to date, please either leave a comment and/or trackback as I want to make sure that my examples are clear enough for others to leverage...
| | View blog reactionsThis will be first in a three part post on techniques that enterprise software vendors can use to externalize authorization from their products. If you aren't familiar with XACML, please visit the XACML specification.
For this example, I will use Liferay Enterprise Portal since the source code is 100% freely available. I am willing to do the same within a BPM context against Intalio, but I couldn't locate the source code for the BPM engine.
It is important to acknowledge that Brian Chan and others from Liferay acknowledged the importance of the ability to externalize security as part of the 4.0 version. Versions prior to this didn't have this capability and I will leave it to Brian and others to talk about design considerations. Anyway, there is a good document on what needs to occur in order to externalize security from liferay here. You will notice that there is a single Java interface named PermissionChecker that you need to extend with your own custom implementation. Here is where XACML can be nicely integrated. In the next posting, I will show you exactly what code needs to go here.
The thing that we should focus on first is in how to get the metadata describing what an application and roles are externalized. If your particular product stores it within a relational database, then the task is relatively straightforward in that you can create a routine that creates a file that can be exported to an XACML PAP. It should look something like this:
<organization>
<applicationgroups>
<applicationgroup>
<applicationgroup_name>Liferay</applicationgroup_name>
<applicationgroup_desc>Liferay</applicationgroup_desc>
<applications>
<application>
<application_name>portlets</application_name>
<application_desc>portlets</application_desc>
<application_contact_info>James McGovern</application_contact_info>
<application_server>Weblogic</application_server>
<ispepconfigured>YES</ispepconfigured>
<policycmbalg>1</policycmbalg>
<obligationid>3</obligationid>
<resources>
<resource>
<resource_name>search</resource_name>
<resource_desc>search</resource_desc>
<application_id>portlets</application_id>
<resourcetype>
<name>UNTYPE</name>
<belongsto>Global</belongsto>
<attributes></attributes>
<actions></actions>
</resourcetype>
<policycmbalg>1</policycmbalg>
<obligationid>3</obligationid>
<parent_resource>
Liferay:portlets
</parent_resource>
</resource>
<resource>
<resource_name>VIEW</resource_name>
<resource_desc>VIEW</resource_desc>
<application_id>portlets</application_id>
<resourcetype>
<name>ACTION</name>
<belongsto>Global</belongsto>
<attributes></attributes>
<actions></actions>
</resourcetype>
<policycmbalg>1</policycmbalg>
<obligationid>3</obligationid>
<parent_resource>
Liferay:portlets:search
</parent_resource>
</resource>
</resources>
</application>
</applications>
</applicationgroup>
</applicationgroups>
<roles>
<role>
<rolename>All Users</rolename>
<roledes>All Users</roledes>
<rolestatus>STATIC</rolestatus>
<parentrole_name>All Users</parentrole_name>
<roleagaptype>AG</roleagaptype>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
<rules></rules>
<rules-conjunction>
<rule-conjunction></rule-conjunction>
</rules-conjunction>
</role>
<role>
<rolename>UnKnown Users</rolename>
<roledes>
UnKnown Users for users,who are not mapped
</roledes>
<rolestatus>STATIC</rolestatus>
<parentrole_name>Liferay</parentrole_name>
<roleagaptype>AG</roleagaptype>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
<rules></rules>
<rules-conjunction>
<rule-conjunction></rule-conjunction>
</rules-conjunction>
</role>
<role>
<rolename>User</rolename>
<roledes>User</roledes>
<rolestatus>STATIC</rolestatus>
<parentrole_name>Liferay:portlets</parentrole_name>
<roleagaptype>AP</roleagaptype>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
<rules></rules>
<rules-conjunction>
<rule-conjunction></rule-conjunction>
</rules-conjunction>
</role>
</roles>
<users>
<user>
<username>Test HKG 1</username>
<useremail>null</useremail>
<userbelongsto>Liferay:portlets</userbelongsto>
<usertype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</usertype>
</user>
</users>
<userrolemaps>
<userrolemap>
<rolename>User</rolename>
<username>Liferay:portlets:Test HKG 1</username>
<parentrolename>Liferay:portlets</parentrolename>
<usertype>AP</usertype>
<contextfqn>Global Context:Global Context</contextfqn>
<bundlefqn>Global:Default</bundlefqn>
</userrolemap>
</userrolemaps>
<contexts></contexts>
<rolebundles>
<rolebundle>
<rolebundletname>Default</rolebundletname>
<rolebundletdesc>DEFAULT ROLE BUNDLE</rolebundletdesc>
<rolebundleparent>Global</rolebundleparent>
</rolebundle>
<rolebundle>
<rolebundletname>Default</rolebundletname>
<rolebundletdesc>DEFAULT ROLE BUNDLE</rolebundletdesc>
<rolebundleparent>Global</rolebundleparent>
</rolebundle>
</rolebundles>
<usertypes>
<usertype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</usertype>
</usertypes>
<roletypes>
<roletype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</roletype>
</roletypes>
<grouptypes>
<grouptype>
<name>Default</name>
<belongsto>Global</belongsto>
<attributes></attributes>
</grouptype>
</grouptypes>
</organization>
If you want to generate it directly from the database, Liferay provides the data model here. If you have questions on what I posted to date, please either leave a comment and/or trackback as I want to make sure that my examples are clear enough for others to leverage...
Even More Links for 2007-11-25
Gunnar Peterson provides an interesting perspective of how Enterprise Architects need to think about authorization, even when many vendors have no incentive of helping them fix the problem. Maybe Gunnar has some thoughts on how the identity crowd could start conversations with the ECM and BPM crowds since this conversation has yet to happen as well.
Max provides insights into the essence of enterprise architecture.
Seems counterintuitive. Doesn't it?
Yakov Fain provides interesting insight into the American mindset of home ownership. For the record, I have owned my own home (paid in full) for the last five years. The same thing can be said of my car. Interest is evil.
Gary Short shares his wonderful insights on patterns. I would love to hear him do a podcast with the folks at Redmonk
OK, for the record I am jealous of David Heinemier Hansson as he gets to use bad words at work, while I must focus on perception management and political correctness.
More Links for 2007-11-25
Making things usable is an often concept. We have to figure out better ways to participate!
A fellow Enterprise Architect needs assistance in creating a job description. Could you lend a hand?
From a social viewpoint, the Enterprise Architect should be able to communicate, influence, negotiate, motivate, facilitate and inspire, in other words, get the human interaction right which requires more than a process focus.
What do you think the next generation data center should look like? This blogger has an interesting perspective.
The hardware seems fine for anyone but a hardcore gamer, but the pre-installed gOS flavor of Ubuntu has a lot of rough edges
All the wonders of architecture, elegant structure, proper provision for security and scalability amount to nothing if the user cannot make use of the application to accomplish the goal.
Links for 2007-11-25
I hope others chime in as to ways to reduce volatile SOAs
Interesting to see that there are many definitions of what ECM is? I wonder how Craig Randall, Bex Huff, Laurence Hart and Jesse Wilkins would alter it?
When IT concepts transcends...
The most amazing part is not that the commercial software is so bad, but that so many people don’t appreciate just how bad it is. Then again, few people know that not only is free and open-source software often much better than the commercial counterparts, it can be had at no cost.
I have zero clue as to who this guy is but the pictures in his blog are similar to mines.
Should large enterprises continue to use open source without figuring out ways to contribute? The notion of financial donations is interesting at some level but would be a challenge in that no check gets cut unless it is attached to a purchase order.
If you haven't read the blog of Alex Fletcher of Entiva, you should. His statement: For commercial open source vendors, this fact changes the dynamics of what it means to meet the needs of stakeholders. Since customers often begin their open source experience as community members, or at least users, ensuring that the community's needs are being considered is paramount. Many Enterprise Architects don't blog themselves but otherwise are savage in lurking. They sit back in stealth mode and observe the conversations (or lack of). Before they are willing to make an investment in open source, they need to understand how the community will either support them or ignore them. Don't just listen to your customers especially if you are an open source vendor, listen to those who could become customers as well...
Celebrating my 1,500 Blog Posting...
It seems as if I have been blogging for two years straight and have yet to miss a day of posting. When I first started to blog, I found it fascinating that someone actually cared to read what I had to say. Nowadays, I have lots of readers and even more critics all complaining about some little thing I said or didn't say. Others are easily thrown off track by random images I include in my blog while others focus strictly on the words. Humans are fascinating...
| | View blog reactionsSaturday, November 24, 2007
Bangalore: Thoughts on Tamil Movies
I normally watch Hindi movies as I am big fan of Shahrukh Khan. Having been married for ten years, I remember watching Indian movies on my Honeymoon in Trinidad. Some of my favorites are: 1942 Love Story, Lagaan, Major Saab and Biwi No 1.
My mother-in-law used to sing Hindi songs long distance to my two sons, but since she passed away, they haven't heard these sweet melodies. I called my sister-in-law today, inquiring if anyone in Trinidad speaks other than Hindi and she could think of anyone.
In my travels, it has been a long time since I have had interactions with folks who speak Hindi as it seems as if Tamil is the official language of outsourcing. To date, all of the movies I have seen that were Tamilwas crapdidn't suite my tastes.
Over the long weekend, a good friend of mines (Hi Saran) gave me two movies in hopes of changing my opinion (he was successful but I can't tell him that). They were Anniyan and Kaaka Kaaka. Would be curious to hear from others, what other Tamil movies this ignorant American should be watching?
| | View blog reactionsMy mother-in-law used to sing Hindi songs long distance to my two sons, but since she passed away, they haven't heard these sweet melodies. I called my sister-in-law today, inquiring if anyone in Trinidad speaks other than Hindi and she could think of anyone.
In my travels, it has been a long time since I have had interactions with folks who speak Hindi as it seems as if Tamil is the official language of outsourcing. To date, all of the movies I have seen that were Tamil
Over the long weekend, a good friend of mines (Hi Saran) gave me two movies in hopes of changing my opinion (he was successful but I can't tell him that). They were Anniyan and Kaaka Kaaka. Would be curious to hear from others, what other Tamil movies this ignorant American should be watching?
Links for 2007-11-24
Tim O'Reilly is doing something noble in recognizing the important role of women in technology. Many of us men need to encourage more young women to pursue careers in our discipline.
I wonder if there is anything else that bloggers are discussing that isn't enterprise ready?
Most industry analysts repeat in a humorless monotone the sentiments of those who pay their bills. Luckily, one stands out in the crowd and his name is James Governor. His blog on corporate social responsibility and its importance takes courage not demonstrated by his industry peers. I hope that you will read his blog and to continue to share more of his thinking on this topic.
For every redundancy that a smart outsourcing program eliminates and every dollar that it saves, there also exists an increased element of risk in managing operations from a distance, both simple and complex. Outsourcing should be about more than just rate abritrage as this isn't sustainable.
On the night of 2 December 1984, over 35 tons of toxic gases leaked from a pesticide plant in Bhopal owned by the US-based multinational Union Carbide Corporation (UCC)'s Indian affiliate Union Carbide India Limited (UCIL). The gases that leaked consisted mainly of at least 24 tons of poisonous Methyl Isocyanate (MIC) and other reaction products, possibly including toxins such as hydrogen cyanide, nitrous oxide and carbon monoxide. In the next 2-3 days more than 7,000 people died and many more were injured. Over the last 21 years at least 15,000 more people have died from illnesses related to gas exposure. Today more than 100,000 people continue to suffer chronic and debilitating illnesses for which treatment is largely ineffective. Sadly though, no one has ever said sorry.
It is intriguing to see the architecture of eBay which balances simplicity, cost, technology and other factors in order to achieve success.
This blog provides several interesting insights into making enterprise applications highly available.
Find out now...
Paul Madsen states that federated identity involves/requires identity outsourcing - essentially, an RP decides to 'buy' identity rather than 'build' it, and thereby enjoys some reduced set of responsibilities. The conversation that hasn't yet occurred is that in any form of outsourcing, the notion of indemnification is an important attribute, especially in B2B scenarios. I wonder if Paul has any thoughts on how to hold identity providers liable if you are a relying party?
Friday, November 23, 2007
Links for 2007-11-23
Anil Saldhana hopes that these two specifications can converge. In order for this to happen, Don Schmidt and members of the Liberty Alliance will need to put their egos aside and do the right thing for all parties. This may be a very long wait.
Forrester recently rated IBM as the leader in the ECM space over Documentum and stated that they offer the richest core set of ECM capabilities. Good to also see Stellent in the leaders section as well.
Laurence Hart is one of the few ECM bloggers who goes beyond simple concepts and dives into details. I have learned more about ECM from Laurence that I have from reading the blogs of Craig Randall, Andrew Chapman, Cornelia Davis, Dave Robertson, Sumanth Molakala and other EMC employees combined. Hopefully, Laurence won't have to carry all the weight in 2008 and others will join the conversation in a meaningful way.
I like Lawrence Liu's Theorems in that they are pretty accurate. I would only change one thing and that would be to remove the constraint of community as something that solely occurs within an enterprise (except for the occasional conference) and instead talk about knowledge management of the entire domain.
Jackson Shaw keeps me honest, something I wish other bloggers would do more often. His quote: There's not enough services revenue required for these products may actually be the primary reason why vendors are focused on identity while ignoring implementing XACML PEP within their products...
Should open source have IP protections similar to closed source? Mark Fleury has different opinions that the rest of the community. What is your opinion?
I suspect that Gartner summed everything up but didn't provide any details. Anyway, Nishant wonders whether user provisioning is ubiquitous enough that it is well understood or is it simply too boring a topic? My thought says that the answer may be both and neither at the same time. How many enterprises are wildly successful with user provisioning vs how many have at best achieved mediocrity? I suspect that many folks don't want to talk about it.
There are many definitions for the concepts of SOA reference models and SOA reference architectures that are now being defined by guys like me (my models are correct, as always), standards organizations such as OASIS and the Open Group, and vendors such as IBM, Oracle, BEA and TIBCO. Sometimes they align; most of the time they do not. I wonder who should step up and help all these entities get on the same page?
Thoughts on Black Friday...
Thursday, November 22, 2007
Content Security: Are you insecure?
I just wasted valuable time reading a report entitled: Content Security: At the Fulcrum of Innovation and Risk which is published by AIIM...
This study of 600 end users (performed in September 2007) found that a majority of organizations have either begun or are in the throes of establishing a content security strategy, but that vision suffers from lack of awareness and outdated perspectives.
One of the perspectives and lack of vision many enterprises have is in reading such useless information gathered via surveys. For example, Figure 38 asks what is your budget to implement Content Security which is a bulhits question in that if you happen to be a user of open source and aren't required to spend lots of money, it doesn't mean that security isn't important to you.
Consider all of the questions that they didn't ask. For example, imagine if they asked customers would they like to see Alfresco, Stellent, Documentum and Nuxeo implement the XACML specification, I bet the respondents would be a resounding majority. What if they had enough courage to also ask those who have taken the survey whether ECM systems should have their own user stores? I bet you get the point.
Lots of facts doesn't mean lots of insights. It is clear that AIIM is owned and controlled by the software vendors who have no vested interest in solving for anything related to solving customer issues. No mention of what areas need standards or even security standards such as OpenID, SAML, WS-Federation, CardSpace, etc that could be leveraged in the ECM domain.
I wonder when AIIM will figure out that pretty much every other technology domain has pattern catalogs including BPM, SOA, CRM,etc and that someone needs to document Enterprise Content Management patterns. I bet this is too challenging for many in the ECM community since the vast majority don't come from a software development background....
| | View blog reactionsThis study of 600 end users (performed in September 2007) found that a majority of organizations have either begun or are in the throes of establishing a content security strategy, but that vision suffers from lack of awareness and outdated perspectives.
One of the perspectives and lack of vision many enterprises have is in reading such useless information gathered via surveys. For example, Figure 38 asks what is your budget to implement Content Security which is a bulhits question in that if you happen to be a user of open source and aren't required to spend lots of money, it doesn't mean that security isn't important to you.
Consider all of the questions that they didn't ask. For example, imagine if they asked customers would they like to see Alfresco, Stellent, Documentum and Nuxeo implement the XACML specification, I bet the respondents would be a resounding majority. What if they had enough courage to also ask those who have taken the survey whether ECM systems should have their own user stores? I bet you get the point.
Lots of facts doesn't mean lots of insights. It is clear that AIIM is owned and controlled by the software vendors who have no vested interest in solving for anything related to solving customer issues. No mention of what areas need standards or even security standards such as OpenID, SAML, WS-Federation, CardSpace, etc that could be leveraged in the ECM domain.
I wonder when AIIM will figure out that pretty much every other technology domain has pattern catalogs including BPM, SOA, CRM,etc and that someone needs to document Enterprise Content Management patterns. I bet this is too challenging for many in the ECM community since the vast majority don't come from a software development background....
Are Wiki's ready for the enterprise?
Dave Oliver asks Are wiki's ready for the enterprise?. In my humble opinion, the answer is no!
Have you ever considered the principles of being service oriented where the goal is to achieve loose coupling? Consider for a moment that my blog is loosely coupled in that the producer (me) publishes in a standard format where the consumers (you) can alter the format to suite your needs and it doesn't require me to either know nor care if this occurs.
Fast forward to the enterprise where the focus is less on knowledge and more about presentation. Have you ever had a boss that has suggested that you change the look of your presentation in terms of format alone while not actually reading the message? Sadly, producers of content in large enterprises are tightly coupled to those who are consumers where we are forced to change formatting to fit someone's else notion of beauty as part of the overall desire to perform perception management.
Imagine being the Enterprise Architect who champions the rollout of of Wiki's only to learn that the desire was to find a lightweight tool for productivity purposes only resulted in producers having to publish in multiple forms creating even more work and watching productivity go out the window.
Besides, wiki's also don't align with the control the message way of thinking as the paradigm is more about publishing with instant viewability by your audience. There is little opportunity for censorship. Minimally, some wiki's do have authorization models that can help mitigate this particular concern. For the record, I do like the Wiki that is built into Liferay Enterprise Portal as it allows you to apply role-based security constructs to a wiki. Of course, Liferay is 100% open source and therefore cheap to acquire. If you however must spend money, may I suggest you check out Confluence.
Before you consider Wiki usage within an enterprise setting, may I suggest that you solve the loose coupling problem between people first...
| | View blog reactionsHave you ever considered the principles of being service oriented where the goal is to achieve loose coupling? Consider for a moment that my blog is loosely coupled in that the producer (me) publishes in a standard format where the consumers (you) can alter the format to suite your needs and it doesn't require me to either know nor care if this occurs.
Fast forward to the enterprise where the focus is less on knowledge and more about presentation. Have you ever had a boss that has suggested that you change the look of your presentation in terms of format alone while not actually reading the message? Sadly, producers of content in large enterprises are tightly coupled to those who are consumers where we are forced to change formatting to fit someone's else notion of beauty as part of the overall desire to perform perception management.
Imagine being the Enterprise Architect who champions the rollout of of Wiki's only to learn that the desire was to find a lightweight tool for productivity purposes only resulted in producers having to publish in multiple forms creating even more work and watching productivity go out the window.
Besides, wiki's also don't align with the control the message way of thinking as the paradigm is more about publishing with instant viewability by your audience. There is little opportunity for censorship. Minimally, some wiki's do have authorization models that can help mitigate this particular concern. For the record, I do like the Wiki that is built into Liferay Enterprise Portal as it allows you to apply role-based security constructs to a wiki. Of course, Liferay is 100% open source and therefore cheap to acquire. If you however must spend money, may I suggest you check out Confluence.
Before you consider Wiki usage within an enterprise setting, may I suggest that you solve the loose coupling problem between people first...
Links for Thanksgiving 2007
As you start noodling Black Friday, hopefully you will consider purchasing higher quality toys made in the USA and not that unsafe cheap Chinese stuff.
Here is an interesting study by Mercer Management consulting outlining how other countries are cheaper than India. A later study will emerge demonstrating how they are also of higher quality.
When will VC's learn that they need to also embrace the discipline of enterprise architecture to manage their own portfolio.
A great posting by Krishna Kumar on how business folks create IT death marches. I hope that he will continue this thread of thinking.
Jeff Potts questions who is stupid enough to believe the latest Forrester ECM report. Let me state for the record that there are hundreds of Enterprise Architects who have read and unfortunately believed the contents without thinking any deeper. In fact, many of them may have encouraged their non-technical IT bosses to further amplify it. Likewise, it wouldn't surprise me that all those closed source ECM vendors won't also circulate it to their clients further digging the hole. Alfresco can't survive in the competition against closed source unless us enterprise architects demand more transparency from industry analysts.
I wonder when Jeff Bohren and Phil Hunt will stop throwing daggers at CardSpace and figure out how to log into an Oracle Database and Remedy using an Information Card? Oops, that may actually require them having an internal conversation.
In many enterprises, the architect has fallen into a role of the gatekeeper. Rather than spending time on strategy, layers of abstraction and modeling, they are consumed by tactical decisions for projects at hand. If you think about this, it is really a problem.
Awhile back, I challenged Robert McIlree whom is process weenie and project manager attempting to convince others that he is an Enterprise Architect to talk less about process and more about practices. In fact, I rightfully predicted that he would either throw daggers, rationalize his thoughts or exercise his right to remain silent. He has managed to do all three.
Wednesday, November 21, 2007
Enterprise Architecture: Is your boss really a leader?
Walter Lippmann