Collaboration amongst open source integration initiatives

Martin LaMonica over at CNET reports on the planned co-operation between three open source projects focussed on the integration space: ServiceMix, ObjectWeb Consortium’s Celtix and WSO2’s Synapse.

Both ServiceMix and Celtix are based on the JBI (Java Business Integration) specification with the objective of providing open source alternatives to ESB products from the likes of Cape Clear, Polarlake and Sonic. Synapse, meanwhile, plans to develop web services mediation technology to provide message routing, transformation capabilities that are complementary to ServiceMix and Celtix.

The planned partnership should certainly increase the pressure on commercial alternatives from the likes of BEA, IBM, Oracle, SAP as well as the ESB specialists and provide potential customers with a more cohesive open source alternative. It also poses a few questions for Sonic, one of the initial backers of Synapse, which now faces the prospect of supporting, at least indirectly, open source alternatives to the ESB concept it claims to have created. The same could be said of Iona, which is also backing Synapse, but it initiated Celtix and so (hopefully for Iona shareholders) already has its strategy ironed out. It will be interesting to see whether Sun, which announced the open source, JBI-based Java ESB at JavaOne earlier this year decides to participate.

posted by Neil Macehiter @ 8:14 PM 0 comments permalink

More bogus use of business process

Earlier this month, my partner commented on the bogus use of the BP in BPEL. Today, I stumbled across the nattily titled ‘BPEL Tracking for Tivoli Monitoring for Transaction Performance’ (TMTP) over at IBM’s alphaWorks emerging technologies site. Whilst I don’t question the potential value of correlating the progress of web services-based BPEL orchestrations with the underlying IT infrastructure, I think IBM is overstating the case when it claims that BPEL Tracking for TMTP provides “seamless correlation of the business process execution to the information technology (IT) transaction flow”. Replace “business process” with “integration process” and then I think IBM’s claim is easier to justify. posted by Neil Macehiter @ 6:59 PM 0 comments permalink

Something to consider for architectural governance

Here at MWD we believe that IT-business alignment, at its heart, is an approach which enables IT organisations to collaborate with business decision-makers to ensure that IT investment and IT service delivery reflect business priorities; and where business and IT change are informed by the capabilities and limitations of each other. Central to this approach is a broad but well-defined IT governance framework, which strives to maximise quality and minimise risk, as well as ensure that scare IT investment is focussed appropriately.

With so much hype and choice surrounding different architectural approaches – SOA, EDA, ESB (approach or product? – that’s for another day!), AJAX and so forth – it is critical that the governance is applied to architectural decisions. The Carnegie Mellon Software Engineering Institute (of CMMI fame) has defined ATAM (Architecture Tradeoff Analysis Method), a highly rigorous and formal methodology for evaluating architectural decisions.

I came across ATAM thanks to Jeromy Carriere at Microsoft who was a contributor to ATAM and is now working on a ‘lightweight’ (his words not mine) alternative to ATAM. Jeromy’s LAAAM uses a similar approach to ATAM but applies it to high-level architectural decisions rather than to any architectural decision. The objective of LAAAM is not to come up with hard-and-fast recommendations amongst different architectural approaches. Rather, it provides a tool that identifies the strengths and weaknesses of the different alternatives. The strengths and weaknesses are assessed in terms of fit (viability of the approach, organisational IT impact, risk and alignment with business objectives), implementation cost and operational cost, and maps well to our IT-business alignment perspective, although I am less clear how it deals with the change aspects.

The approach advocated in LAAAM (and by implication ATAM), particularly because one of its objectives is to promote dialogue amongst the relevant stakeholders, is certainly worth considering as part of a broader IT governance framework. posted by Neil Macehiter @ 12:39 PM 0 comments permalink

A file system surprise from Redmond - WinFS beta released

Almost a year to the day after Microsoft announced that it would be pulled from the initial releases of the Longhorn client (whoops Vista) and server, WinFS has – to the surprise of many, myself included – reared its head again. It was widely anticipated that the “new relational file system for Windows” would not see the light of day until late 2006.

Unsurprisingly, there has already been considerable coverage (here, here and here for example) and I won’t replicate what has already been said. However, there were a couple of things from the new WinFS team blog that caught my eye.

Vijay Bangaru (Program Manager for the WinFS product team) describes WinFS as a “platform for desktop developers”. That’s certainly true but what about the server? WinFS has just as important a role to play there – not least for the work that Microsoft is doing with the Microsoft Business Framework which was one of the casualties when WinFS was originally pulled from the initial Longhorn wave – particularly when used together with WinFS on the client. As with the Windows Communications Foundation (aka Indigo) and Windows Presentation Framework (aka Avalon), WinFS Beta 1 will be made available on Windows XP SP2 but not, as far as I can tell, on Windows Server 2003 (unlike WCF and WPF). Perhaps I am reading too much into this but I do wonder whether WinFS is destined to be a desktop-only capability.

Peter Spiro, General Manager in the SQL Server team responsible for the WinFS team, refers to a Microsoft-internal meeting a couple of years ago when Ray Ozzie discussed how the Groove team had built its own storage system and that Microsoft should do the same. I wonder whether the accelerated delivery of this WinFS beta has anything to do with the fact that Ray Ozzie is now firmly ensconced in Redmond?

posted by Neil Macehiter @ 2:57 PM 0 comments permalink

Reflecting the reality of business processes - a start

Microsoft yesterday announced the availability of its Presence Controls for Microsoft Office Communicator, to enable enterprises and partners to integrate presence and Office Communicator’s instant messaging capabilities into applications using Visual Studio. The company is also providing some code samples for role-based presence and instant messaging and for team-based alerting (through integration with Active Directory). A number of partners, Siebel amongst them, were on hand to endorse Microsoft’s strategy.

Back in May my partner commented on the real-world complexity of business processes: “Business processes are rich, collaborative, often unpredictable and organic. It's just that the shadow that they cast onto IT - the systems that we have built to automate parts of business processes - is highly structured and often rigid.” – and highlighted the inherent danger in assuming that real business processes look like the shadow they cast – “we all miss the real challenge of enterprise use of IT in the next five years: harnessing all kinds of information management and communication technologies, and blending them in ways that truly provide structured support for business processes as they really are.”

Microsoft’s announcement, IBM’s strategy with Workplace and its recent announcement of the Eclipse-based IBM Workplace Designer for the creation of Workplace composite applications and Skype’s SkypeNet API are just a few examples of vendor strategies to unite the traditionally disparate IT worlds of ad-hoc, dynamic collaboration and structured, rigid process automation. This is only a start, however, and there’s still a long way to go before the much-vaunted promises BAM, BPM, ESA, MDA, SOA and numerous other TLA proponents will be realised. posted by Neil Macehiter @ 12:32 PM 0 comments permalink

Three words: metadata, metadata, metadata

It's good to see other commentators looking beyond today's SOA "sound and fury", and pointing out that serious SOA initiatives will be very difficult to implement without real consideration of managing service metadata throughout the service lifecycle.

"If you can't see it, you can't manage it". Building quality systems efficiently - no matter what the architecture - demands that you manage change effectively and verifiably.

Last but not least (I couldn't resist it) - Yankee - come on! Those forecast models need tweaking now the dot.com boom is over... posted by Neil Ward-Dutton @ 9:32 AM 0 comments permalink

BEA to acquire Plumtree

Yesterday BEA announced its intention to acquire Plumtree, the last of the significant pure-play portal vendors, for approximately $200 million. BEA claims that the acquisition makes sense for a number of reasons. First, Plumtree adds collaborative portal capabilities to complement the transactional capabilities of its WebLogic Portal. Second, it adds .NET support. Third, it brings expertise in vertical markets – retail, CPG, manufacturing and local government – and so has the potential to extend BEA’s customer base. Finally, it allows BEA to target line-of-business decision makers as well as its traditional IT buyers. On the face of it, all very sensible but I am not convinced that all of BEA's claims are justified.

On July 19, BEA completed the acquisition of Compoze Software, to “offer portal customers direct, seamless, standards-based integration of email, calendaring, and task list functionality from Microsoft Exchange and Lotus Notes. Compoze Software also enables portal customers to easily integrate Instant Messaging applications from Yahoo!, Lotus Sametime and Microsoft Live Communication Server, as well as the ability to incorporate threaded discussions and group “white-boarding” to any portal”. So, the company had already taken steps to add collaborative capabilities to WebLogic Portal. In our recent analysis of BEA’s service infrastructure proposition we highlight that one of the challenges the company faces is dealing with replicated capabilities within its portfolio. This acquisition adds to that challenge.

I am also less than convinced when it comes to the new customer opportunities. Certainly, Plumtree exposes BEA to vertical markets where it has not achieved the same levels of penetration as it has in financial services and telecoms and, by virtue of Plumtree’s application-centric, as opposed to infrastructure-centric, portal proposition to a different target audience. However, it seems likely that a significant proportion of these new opportunities are .NET environments (and where they aren’t one would presume that BEA would have already been considered as a J2EE platform provider) and BEA is not yet, as our analysis shows, in a position to offer a credible multi-platform proposition. Not forgetting of course, that Plumtree’s total revenues for the last financial year were $84 million – less than a third of BEA’s revenues for its most recent quarter!

It seems to me, leading on from my previous point, that this acquisition is about what BEA’s VP of product marketing referred to as the company’s goal “to be the Switzerland of software” and break away from its Java-centric roots. This is core element of its new AquaLogic platform proposition. Whilst this acquisition, assuming it is completed successfully in the autumn as BEA hopes, will allow the company to claim support for .NET as a runtime platform, in reality it is only for one component of its portfolio and BEA will still have a lot of work to do if its neutral stance is to have credence.

John Kunze, the CEO of Plumtree, discussed composite applications as part of his contribution to the announcement. Whilst this did not figure as prominently in terms of the justification for the acquisition, I can’t help thinking that this is also significant. When BEA announced AquaLogic the company emphasised a shift away from application development through coding to service composition and even talked of an AquaLogic ‘Composer’ for use by non-developers. But it remains just that – talk – and the company currently relies on its existing WebLogic Integration and Portal products to compose services into higher level integration processes which, together with data and information services provided by the AquaLogic Data Services Platform, can be accessed by users. The acquisition of Plumtree will bolster BEA’s capabilities here, particularly in terms of reducing the reliance on developers but, as with the multi-platform proposition, there is still work to do.

So, all in all, the proposed acquisition has some merits. However, it remains to be seen whether it will provide the boost to revenue and market share that BEA hopes and the company still has work to do when it comes to its platform neutral AquaLogic proposition posted by Neil Macehiter @ 11:00 AM 0 comments permalink

Sun's DReaM - could it just be that?

A number of news sites (here for example) are reporting Sun’s latest open source foray, with the announcement of that it plans to release it’s digital rights management (DRM) project, DReaM under Sun’s open source Common Development and Distribution License (CDDL) as the foundation for what it refers to as the ‘Open Media Commons’. Jonathan Schwartz, who made the announcement at a Progress and Freedom Foundation conference in Aspen over the weekend, gave some pretty strong hints that this was coming in a blog post the day before.

I think few would question Sun’s objectives here (although some in the open source community do question the merits of DRM at all!). Open, royalty-free, broadly adopted DRM standards would certainly benefit consumers by breaking down DRM-enforced content stovepipes. It would also benefit other participants throughout the digital media supply chain (particularly smaller organisations and individuals) by eliminating potentially costly royalties associated with the use of DRM patents.

However, I think the fact that Schwartz was unable to announce any partners is indicative of the challenges ahead for Sun. Sun needs the involvement of the big industry players – Apple, Disney, Sony, Time Warner etc etc – for this initiative to succeed and, if previous history is anything to go by, they will be reluctant to cede the control that proprietary DRM solutions provide. According to the news commentary, Schwartz cited the success of the Liberty Alliance Project as providing grounds for optimism but I am not so sure. The success of Liberty is due in no small part to the realisation that federated identity management is a key enabler of online business models and that proprietary approaches are counter-productive – that’s not the case yet with DRM. Liberty also benefited from early participation of a significant number of enterprise users of technology, which helped to keep the suppliers honest.

Microsoft, by virtue of Windows Media, its controlling interest in one of the major DRM-related patent portfolios (through joint ownership of Content Guard with Time Warner and Thomson), its dominance on the consumer desktop etc etc, has to buy in if the Open Media Commons is to realise its laudable aims. Whether or not Sun can persuade its newfound partner in Seattle to relinquish its control for the sake of the broader good will be a real test for the Sun-Microsoft alliance. posted by Neil Macehiter @ 1:59 PM 0 comments permalink

Collaboration, open source communities and co-operatives

Irving W-B is always worth a quick read as his longevity in the industry and his (enviable) position give him a nice abstract perspective on trends. He recently blogged on “The Economic and Social Foundations of Collaborative Innovation”, and referenced work by Yochai Benkler (Prof of Law at Yale Law School).
Prof Benkler has been looking for some time at the nature, structure, motivations and behaviours of collaborative innovation efforts and open-source software creation in particular. But as someone with a passing interest in co-operative societies, what I find surprising is that (unless I’ve missed something really important) in his work he dismisses the relevance of co-operative movements and their parallels with today’s online collaborative innovation efforts and open-source software development communities.
The “commons-based peer production” model of creative innovation is not, as far as I can see, an “emerging third model of production” (beyond market-driven production, and firm-driven production) at all – it’s just a new spin on the 200-ish year old principle of co-operative societies, super-charged by the world-flattening nature of the Internet. Today’s online collaborative efforts seem to differ from historical farming, retail or other co-operatives largely in the dynamic ways in which co-operative communities can be created, enlarged and modified – and in the ways in which the fruits of co-operative labour can be distributed.
For anyone who’s interested, some interesting insights into open-source development communities can be gained by looking at them through the co-operative lens. Take a look at the 7 principles of co-operative identity, for example, and see the parallels between these and the principles that drive open-source development communities.
What’s also interesting is that there are some nascent attempts to bring these ideas together and think about if there are beneficial implications for software development communities (and communities more widely). There are some interesting examples (some more ambitious/strange than others) of joining the dots here, here and here.
Last but not least – it’s not exactly exhaustive research but from a bit of Googling and web-searching it does appear that there is a strong correlation between those countries whose governments are playing strong Linux advocacy roles (China, Brazil, Germany, Singapore, India, Japan, Phillippines, etc), and those countries where co-operatives play significant economic roles.
I’d like to find out more about this if anyone out there has done anything more exhaustive! posted by Neil Ward-Dutton @ 6:12 PM 0 comments permalink

More good news on the federated identity front

Following my post earlier today about Liberty Alliance interoperability conformance testing and a new Apache incubation subproject focussed on implementation of a variety of federated identity standards, there's more good news to report.

Today I discovered that Ping Identity has announced that it has made the source code available for its InfoCard STS (Secure Token Service) Toolkit for Java. The toolkit provides a library and framework for the development of server-side applications which use WS-Trust to translate between different security tokens. This was first demonstrated this back in May at the Digital ID World conference.

The ability to translate between different security tokens is critical for widespread adoption of federated identity, so it is very encouraging to see workable implementations - implementations moreover for which the source code is available. posted by Neil Macehiter @ 7:25 PM 1 comments permalink

Positive developments in the world of federated identity

Yesterday, the Liberty Alliance Project announced that products from 8 organisations - the Electronics & Telecommunications Research Institute, Ericsson, Novell, Oracle, Reactivity, Sun Microsystems, Symlabs and Trustgenix - had successfully completed interoperability testing based on Liberty's Identity Web Services (ID-WSF) version 1.1 and OASIS' Security Assertion Markup Language (SAML) version 2.0 specifications. This is an important event in the world of federated identity standards.

SAML 2.0 represents the convergence of a number of federated identity standards - Liberty's Identity Federation Framework (ID-FF), SAML 1.0 and Shibboleth (an Internet2 project focussed on identity federation in the academic community) - and goes a long way to simplify the previously fragmented standards landscape, whilst ID-WSF provides a framework to enable web services-based interaction between users, service providers and identity providers and extends the reach of identity federation to business-to-business scenarios. Whilst the specifications promise interoperability, conformance testing provides organisations with the much needed assurance that the promise has been realised (at least within the constraints of the test specification). The Liberty Alliance Project, as well as the 8 vendors, are to be applauded for demonstrating interoperability within 6 months of the ratification of the SAML 2.0 specification. It is all well and good establishing mechanisms for interoperability and conformance testing - but the value dimishes as the gap between ratification (and support by vendors) and successful testing lengthens (WS-I take note!).

Of course, as with many things standards, that's not the end of the story. Other vendors, particularly the major enterprise suppliers such as BMC, CA and IBM need to provide customers with similar levels of comfort. A combination of customer demand and competitive positioning are likely to force the issue.

More importantly - and more challenging - is the providing similar levels of assurance in the case of interoperability with the WS-Federation, co-authored by IBM, Microsoft and VeriSign. The Burton Group's July Catalyst Conference included such demonstrations, for example from Trustgenix, but demonstrations are not enough. The growing momentum around the Kim Cameron-initiated "identity metasystem" holds much promise in this regard. Only yesterday, for example, we saw the emergence of an incubation subproject at Apache known as the Trust Services Integration Toolkit (TSIK) which is looking to "to implement WS-* standards as they are developed, in particular the ones related to implementation of a federated ID protocol such as Microsoft's InfoCard, but also other federated ID protocols could be of interest, for example, Liberty Alliance, Sxip networks, Identity Commons, LID NetMesh, Passel.org."

Encouraging signs indeed. posted by Neil Macehiter @ 11:58 AM 0 comments permalink

Hurrah! - General Motors gets a seat on the OASIS board

Today, OASIS announced the election of John Jackson of General Motors to its Board of Directors. This is great news. For too long vendors have played the standards card as a means of allaying customers’ and more importantly (for the vendors at least) potential customers’ concerns about the threat of lock in, but have left largely to their own devices when it comes to setting those standards, as the words of the new board Chairman, Eduardo Gutentag of Sun, clearly indicate: "There was a time when the task of working on OASIS standards was mainly left to vendors.”

OASIS is the primary standards-setting body for the higher-level web services specifications, with the W3C responsible for those at the bottom of the stack, and it is critical that technology adopters are in a position of influence when it comes to the governance of the processes by which those standards are defined. The success of the Liberty Alliance Project in addressing the “technical, business and policy challenges around identity and identity-based Web services” is due, in no small part, to the involvement of the likes of Fidelity Investments and General Motors (again!) in its Management Board. Hopefully, the participation of General Motors is only the start and over time we will see more board-level involvement from technology adopters in the likes of OASIS and the Web Services Interoperability Organisation (WS-I). The latter, incidentally, would benefit from far greater participation generally, let alone at board level, given its focus on one of the oft-touted benefits of Web Services protocols for users of IT.

The recent challenges faced by the Apache Foundation with its implementation of WS-Security (see David Berlind’s excellent analysis over at Between The Lines), which stem from OASIS’ licensing and intellectual property policies, suggest it is high time for representatives from the open source community to join the other standards stakeholders at the directors’ table. posted by Neil Macehiter @ 11:00 PM 0 comments permalink

Representing real business processes in software

I've long been a believer that even though BPEL has "Business Process" as part of its full name, it's really a declarative design and execution language for composing web services and application functionality and nothing more. It's for that reason that any time we write something that refers to technology vendors' integration offerings, if BPEL is part of the conversation, wherever possible we avoid using the term "business process". At the very best what vendors are really representing are definitions of integration processing.

However I have to be honest and say that our attitude has been driven only mostly by real understanding of the tech details, and to some degree by general cynicism (from decades on the receiving end of previous bait-and-switch tech marketing tactics).

So I was delighted when I stumbled across this excellent article on the challenges faced in the formalisation of BPM technology. It clearly and honestly explains the good and bad not only of BPEL but also of XPDL, BPMN and assorted other definition efforts.

Hooray for Bruce. Recommended reading for anyone thinking seriously about BPM, SOA and Web Services technologies as a potential business software architecture stack. posted by Neil Ward-Dutton @ 12:04 PM 0 comments permalink

Trackbacks - admin

To anyone who's interested - I've updated our blog template so that we now support trackbacks (about time). Blogger doesn't support 'em - so our trackback facility comes to you courtesy of some nifty Javascript integration with Haloscan. Lovely! posted by Neil Ward-Dutton @ 6:53 PM 0 comments permalink

On Sun's JES, software pricing and the tricksiness of PR

Even cynical organs like The Register have picked up on Sun’s deal with GM (announced here last week) and reported it as a milestone in the company’s bid to become seen as a mainstream enterprise software infrastructure player. But is there less to this than meets the eye?

Schwartz often talks about Sun’s move towards simple subscription pricing, and (in some cases) no-cost pricing, for software as being a great catalyst for expanding Sun’s market – reaching new customers with Sun infrastructure technology. It’s never quite said, but Sun statements often strongly imply that the growth in Sun’s Java Enterprise Suite (JES) shipments is an indicator that this strategy is working.

And this is the point where my radar starts to twitch. I spoke to Jim McHugh of Sun earlier this week, who told me that GM was already using Sun’s Web Infrastructure Suite and Application Server Suite, and was shopping for identity management and single sign-on technology to help it make its numerous internal and external portals more sophisticated and secure. Now if GM was paying list for these technologies it was already spending around $32m. So the JES deal was really an upgrade of an already very significant investment in Java software from Sun (and, thanks to Schwartz’ friendly pricing model, an upgrade that likely saved it around $3.5m over buying all the components separately).

The deal was also described as enabling GM to be “the largest company to use Java ES to build a Service Oriented Architecture that delivers innovative, interoperable Web services while reducing development and maintenance costs.” But in reality it appears that what GM is actually committing to, is to use Sun’s very capable identity management technology on top of its existing Java investments, and integrating this with its portals and other infrastructure using technology standards like WSRP and SAML.

So – first of all while this is clearly a good customer story for Sun I think it’s a tad disingenuous to talk about this deal in the context of a massive enterprise-wide SOA rollout. Equally concerning, though, is that what appears to be a major milestone in Sun’s enterprise Java play is in fact an expanded deal with an existing major user of Sun’s Java software.

This begs an important question: how much of the growth in JES subscriber numbers is really just re-categorisation of existing customer spend on Sun Java software? And how much of it is really an indicator of Sun expanding its market?

If anyone’s got any insight into this question I’d love to hear it. posted by Neil Ward-Dutton @ 5:46 PM 0 comments permalink