How flat is the IT world, anyway? [cont'd]
A while back I made
this observation.
Now comes a fascinating report from the World Economic Forum: the fifth
Global Information Technology Report. A key part of it is an assessment of "networked readiness and ICT competitiveness" - defined as
the degree of preparedness of a nation or community to participate in and benefit from ICT developments.
Here, there's a relative ranking of 115 economies in this context. The
Excel version of the rankings provides some additional dynamics. Below I've taken the liberty of mapping the Top 20 countries (in black) and countries ranked 21-40 (in grey). Apologies for the poor shading work - particularly if you're the resident of a country that's been poorly shaded...
So I ask again - how flat is the world of IT, anyway? Just look at all that white space. This is the kind of
long tail we should be thinking about.
SOA, reuse and rabbit-holes
I've gradually become aware, over the past weeks, that I - and a lot of other people - have fallen down a bit of a rabbit-hole when it comes one aspect of SOA. I've been talking a lot about the value of SOA - and in my conversations with people about that, one of the key elements I've talked about is "reuse". I've seen a lot of other people talking about reuse in the context of SOA, too (see
here and
here for two blogospherical examples).
But last week I finally became convinced:
reuse is the wrong word for what people think about when they think about how services get published and consumed in SOA. A much better word is
sharing.
Why? Because
reuse is a loaded term, which makes people think of object-orientation or component-based development. It's associated with replication of software. If I'm reusing an asset, I copy the code, the libraries, the package, whatever; and I use a copy of it in a new context (quite possibly altered a little bit, if I'm going for "white box" rather than "black box" reuse). But this is not what happens (or at least, it's not what should happen) in SOA. What should happen in SOA, is that an overall requirement is factored to draw out opportunities to implement common services that are used in multiple contexts.
More seriously than that, though,
reuse is the wrong word because it's a term which allows us to be lazy, and focus exclusively on the technological and organisational details of how you build systems. [Let's face it, in the software industry we're all much more comfortable thinking about software development issues than we are thinking about other things (like how to make systems manageable, for example)].
Sharing is a better word because it forces you to think not only about the implications of SOA on developers - but the implications of SOA on the IT organisation, and indeed on companies as a whole.
Thinking about
sharing makes you start thinking in a more holistic way about SOA, which is much healthier in the long run. In particular, it makes you think properly about one of the critical success factors of SOA initiatives: getting a governance model in place. Specifically, as soon as you think about
sharing you realise that by having a consumer use an existing service, you are placing obligations on both the consumer and on the organisation as a whole. If I
reuse your code, then we both have a copy. Lovely. But if I
share your service, you need to know about that, because you need to ensure the service scales, and that your support for it can scale, too. I will probably need to be prepared to contribute to funding for these things.
Sharing of a capability implies sharing of benefit; but also it implies sharing models for cost and risk.
Of course, I have my own legacy to deal with now. I'm just trying to decide whether to go back to all our existing articles, reports and blog entries which refer to "reuse" in the context of SOA, and update them...
Web services management standards convergence
Well
this certainly passed me by (although I don't recall any major announcements/press releases). Fortunately, the ever-watchful
Tim Bray didn't miss it, as he points out in this
recent excellently-titled post.
At long last the industry behemoths on either side of the web services management standards stand-off - HP and IBM with the
OASIS' WSDM and Intel and Microsoft with the
DMTF's WS-Management - have announced plans to converge the respective standards over the next 18-24 months. I am sure, as the four vendors point out in the "announcement", that this is in part the result of totally justifiable customer pressure. But I can't help thinking that BMC, CA, Dell and Fujitsu, all of whom are active participants in both camps, also had something to do with it. BMC, CA and Fujitsu in particular need convergence given their focus on enterprise systems management. Without it, they either risk backing the wrong horse or incur the cost and time penalties of supporting both standards.
This harmonisation is definitely welcome. However, like Tim, I am far from convinced by the following:
Customers and vendors should continue investing in solutions and products based on the implementations of the current specifications related to this work. The vendors are assuring that this harmonization of the competing specifications will be a smooth evolution from today’s environment and provide a simplified technology base for the future. As the new specifications are finalized a clear migration path will be defined.
Customers are deploying web services technology today using a wide variety of vendor solutions, from application servers and ESBs through to BPM and identity management. They and their suppliers are required to take a big leap of faith with at least two years before they'll see whether they are going to land safely. Not only are they relying on a process that is, more often than not, subject to delays, they are also dependent on, as Tim so rightly points out, the development teams at HP, IBM, Intel and Microsoft who are going to be
supporting the existing to-be-superseded and to-be-amended specs in the interim
whilst worrying about the migration to the converged specifications for the future.
As I said, this harmonisation is definitely welcome. But for customers and other vendors I think there's some way to go before they will know whether it is better late than never. In the meantime, they should monitor progress carefully and continue to exert pressure (this announcement suggests it can be effective) on HP, IBM, Intel and Microsoft to follow through on their commitments. They should also seek details of the migration path and its implications for current solutions as work progresses on convergence of the specifications and not wait until the end of the process.
Enterprise mashups: save us from the hype
I know I'm going to come across like the annoying old fella who sits in the corner at any fun event and mumbles to himself about how rubbish things have got since men started wearing their hair long - but in the spirit of my esteemed colleague's
emerging manifesto for industry analysis (he hasn't forced me to sign up yet but it's probably only a matter of time) I thought I should at least make a (possibly vain) attempt to push back at some of the unthinking evangelism that's going on out there concerning Web 2.0 ideas and their application to enterprise IT.
In the name of education, not evangelism: let's scotch the idea of "enterprise mashups".
What started it all was reading Phil Wainewright over at InfoWorld on "
Enterprise Mashups: a lesson from history". His post makes a lot of sense. What I object to is the title - which I acknowledge is not Phil's doing: there are plenty of other people poking at this idea (
Eric Newcomer of Iona recently led me to
Joe McKendrick - and then onto an IBMer,
Bob Zurek).
Dion Hinchcliffe is even talking about the "mashosphere"! Please, let's not give any more credence to this idea than it already has in the crazed kool-aid drinking dens of Silicon Valley.
Now here at MWD we are solidly with
Grady Booch on SOA -
SOA is, first and foremost, about the A part of the acronym (architecture). Organizations who already have a solid approach to architecture will likely do reasonably well with SOA; organizations who already have a broken architecture and/or a broken architectural governance practice will likely fail with SOA and then blame SOA on all their problems ... There are places where SOA is suitable, and places where it is not...
There's too much association between the idea of a "mashup" and SOA. And as I've
written before, there's really no comparison: mashups are inherently *not* about architecture. Nor are they about services. But with Grady Booch's comments in mind, does that mean that where SOA doesn't work, mashups are the answer for enterprises looking to integrate IT resources?
The answer for me is a firm "no" - and that's because mashups embody everything, from an IT policy and architecture point of view, that enterprises are today desperately trying to escape from. A lot of what IT shops are trying to do today, is undo the pigging messes of information and applications that were created when individual business groups worked by themselves to "innovate" in the client-server era of the 1990s. If what some pundits are talking about here is really mashups, then they will never gain a foothold in the IT portfolio of any right-thinking enterprise.
Dion Hinchcliffe himself hints that he recognises the challenge here by burying this point towards the end of his
post:
There will be a mashup information ecosystem crisis. Whether it's the explosion of uncontrollable dependencies, vicious dependency cycles, scalability issues, privacy problems or some other side-effect of high levels of somewhat ad-hoc integration, mark my words there will be significant growing pains. Of course, we'll learn our lessons and there are ways of dealing with all the problems that will come up.
Yes - but in dealing with these challenges, we'll end up with something that looks a lot more like today's architected integration than today's web 2.0 mashup.
Come on, tell me if you think I'm wrong!
An interesting spin on user-centric identity
One of the issues I highlight in
our recent report on identity management is the need to bridge the gap between enterprise- and user-centric identity. This issue is at the heart of Kim Cameron's
7 laws and the
identity metasystem, and
IBM and Novell's embracing of the Eclipse Higgins initiative.
This morning I met with a
PAOGA (Disclosure: PAOGA is not a customer), a UK-based company (hardly a start-up as the company has been operating for 4 years but is nonetheless a possible example of
James Governor's much-sought-after British innovation and one moreover which is addressing a key issue at the heart of Web 2.0) which has already seen some success with the likes of BT, the UK National Health Service and UK local government.
The company's core offerings are the PAOGAplatform and the PAOGAnet service. These provide a runtime platform and development environment targetted at web-based service providers to allow them to develop and deploy user-managed identity solutions, incorporating automated workflow and compliance logging and auditing. Identity data is hosted by PAOGA, in what the company refers to as the PAOGAperson database, with identity data exposed to the service providers under the direct control of the user. It is this latter capability which is particularly innovative: PAOGAperson puts identity data in the direct control of the individual.
There are clearly some overlaps with the work of the
Liberty Alliance and Microsoft's
InfoCard but Graham Sadd, the CEO, recognises the need to interoperate. The company also needs to look at what is happening with the likes of
OpenID,
NetMesh's LID and
i-names (as well as the
YADIS interoperability work) in the world of user-centric identity, as well as
Opinity with its work on reputation.
Certainly interesting stuff but not without it's challenges, not least of which is the chicken-and-egg problem: how to get individuals to sign-up without a decent number of service providers and how to get service providers to sign-up without a decent number of subscribers.
PAOGA is also going to have to work hard to overcome the concerns of service providers and users alike when it comes to trusting a comparative unknown quantity to control and manage what is incredibly valuable data. Service providers will also have the same concerns regarding control of user data which lead to the downfall of Microsoft's
Hailstorm (which
Dare Obasanjo of Microsoft alludes to
here). Graham is under no illusion here either.
The company is definitely attempting to address what I, and I am certainly not alone, believe is a key issue going forward as individuals transition more and more of their day-to-day activities to an online world and, as they do so, begin to recognise the importance of taking control of their identity, rather than leaving it to a multitude of service providers (commercial or public sector).
Breathless hyperbole
Maybe it's because I'm British. Or maybe it's a broader thing - is anyone else getting really fed up with quotes in vendor press releases that fall over themselves to be the most
super-super-excited (thanks James) they can be?
So today BEA announced that it has completed the acquisition of BPM technology specialist
Fuego. By the way, I think it's a sound move for both companies - with the usual MWD caveat that when it comes to
BEA's acquisitions, it's important to think about how easy it will be for BEA to convince its customers that their existing investments in portal/process management technology aren't quite enough...
But here's what made me write this post: a quote in the
news release attributed to CEO/Chairman Alfred Chuang:
"We are systematically targeting the fastest growing segments of the red-hot SOA software market," stated Alfred Chuang, Chairman and CEO of BEA Systems, Inc. "The addition of Fuego to our AquaLogic portfolio means that we are now the only company to offer a unified SOA-based platform to integrate business processes, applications, and legacy environments."
Let's look at that quote again.:
"We are systematically targeting the fastest growing segments of the red-hot SOA software market"
BPM is not part of the SOA market. You can do BPM without SOA, and you can do SOA without BPM. BPM is a fast-growing segment of the enterprise software market - fair enough - but please don't try to position BPM as part of SOA to make it more sexy.
"The addition of Fuego to our AquaLogic portfolio means that we are now the only company to offer a unified SOA-based platform to integrate business processes, applications, and legacy environments."
Come on Alfred. A unified platform? You're telling us that the Fuego and Plumtree products all share common development, runtime and operational environments with the rest of the BEA middleware portfolio?
BEA is making some sound moves and it really does have significant capabilities to help organisations with SOA initiatives (see
our in-depth report on BEA's service infrastructure offering). But it owes it to itself and to its customers to be smarter and cooler about the way it communicates.
Higgins, InfoCard and conspiracy theories
I was unfortunately otherwise engaged yesterday and so wasn't able to comment on the IBM, Novell, Parity Communications Higgins
announcement. In my blogging absence, the guys over at Digital ID World did a great
analysis job (thanks Eric and Phil):
1. This is, net-net, a *win* for Kim Cameron's Identity Metasystem. In the past few weeks, Kim has had Verisign announce support, and now an open source project building out a WS-Trust framework for application developers. So, make no mistake about it, Higgins equals more momentum for the Metasystem.
2. However, the move by IBM and Novell *appears* to be a move designed to pressure Microsoft and ensure that their instantiation of the metasystem (InfoCards) remains "open."
3. That move is being done in response to one very big (and obvious) realization: InfoCards is going to ship in Vista (probably early) and it is going to be a game-changer in the user-centric identity space.
4. But more importantly, it may *also* be a game changer in the enterprise space, as well. There is a tremendous amount of enterprise interest in using InfoCards as a central metaphor for enterprise identity management.
5. So think about this for a second: InfoCards on a huge number of desktops, enterprises upgrading to Vista for its security features (like BitLocker), and InfoCards needs to have an identity credential issued. Where might that be issued from? Active Directory. It is no mistake that (as John Fontana observed), Active Directory is now the hub off of which all of Microsoft's enterprise identity management offerings hang.
6. ergo InfoCards will drive even more adoption of what is quickly becoming the Active Directory juggernaut.
7. Therefore, if I'm a company selling products that are competitive to Active Directory (say, like, for instance IBM or Novell), and I believe that the identity metasystem has gained enough critical mass, then it is absolutely in my best interest to push forward an open source project for the metasystem. Not doing so is to hand over my market to Active Directory.
8. Higgins is good for the community at large (the more Identity Metasystem things we get going the better), and necessary for the vendors involved.
Enough said!
They also point out, as does
Bob Sutor to his credit, that this is not as some in the press have commented - see Bob's (sigh) links - that this is not an anti-Microsoft conspiracy directed at InfoCard. To some extent I can understand the press reaction (apart from the obvious need to find an angle) given that the
InfoCard front-end identity selector, and not the
identity metasystem interoperability layer, dominated the stage during
Bill Gates' RSA Security Conference keynote. To my mind, it's a bit like highlighting the benefits of the credit card payment system by focussing on wallets rather than the Visa and Mastercard virtual credit card networks.
One thing that did strike me with the announcement that hasn't been discussed already is the notable absence of Sun. It is equally threatened by the proliferation of Active Directory and, just as I expect IBM and Novell will be building Higgins capability into their respective Workplace and Linux Desktop Windows client alternatives , Sun would benefit from an InfoCard alternative in its Java Desktop System (as well as the trio's identity management suites). As Bob also points out there isn't an anti-Liberty angle to this so I don't think that can be the reason - or
Sun's work with Microsoft to integrate WS-Federation and Liberty ID-FF for federated web single sign-on.
No! I think the big problem for Sun is
here: Higgins is a sub-project of the Eclipse Foundation's Technology/Incubator project. That would be a tough pill for Sun to swallow as it continues to push its NetBeans alternative. Yet another example (see James Governor's great post
here for another) why Sun should push dogma to one side and participate.
So, I share the view of other commentators who see this as a positive move and one which promises to bridge some of the important gaps around user-centric identity which I highlight in our recent
identity management report.
UpdateFor those of you looking for a succinct description of Higgins, take a look at
this presentation (PPT format) from EclipseCon which comes courtesy of
Johannes Ernst's
blog - thanks Johannes.
