Application Platform Strategies Blog

Blogger: Anne Thomas Manes

Greetings from Catalyst Conference in Prague. I've been working with Kevin Kampman over the last few months in his Identity Services Working Group (ISWG) effort. We've been working with a number of financial organizations and identity management vendors to define a logical model for identity services. I think we've done a passably good job distilling some of the core capabilities that enable authentication and authorization, and Kevin will be publishing the results of our preliminary work within the next month or so in the IDPS content area.

But I just saw a tremendous presentation by Gerrit J. van der Geest on the identity services Navit has developed to enable robust and extensible trust models for their clients. A core foundation of the Navit trust model is a set of Identification Services that manage and coordinate identities -- which enables this model to go beyond simple authentication and authorization. Check out this white paper to learn more about Navit's identity trust model.

It makes me think that perhaps the ISWG should reassess our starting point...

Blogger: Richard Watson

It was standing room only yesterday at the Software as a Service (SaaS) sessions at our Catalyst conference in Prague. There’s a real thirst for insight into SaaS.

In the first session after lunch, Mike Rollings opened our eyes to architectural implications, and non-trivial data and process integration issues of adopting SaaS. Mike identifies the biggest impact of SaaS as “the elimination of IT boundaries”.

One of our concerns at Burton Group is improving the relationship between enterprise IT and the business they support. After years of disappointment, the relationship can sour. In the most dysfunctional cases, business regards IT as irrelevant, certainly not the solution provider of choice. One danger of SaaS, as Roman Stanek of Gooddata.com quoted is “the CIO is the last to know” [about a SaaS contract].

When discussing SaaS, I’d like to see a SaaS suitability rating for each class of applications, like an electrical appliance energy efficiency rating, or credit-worthiness. So maybe we’d give ‘AAA’ to the productivity suites that Guy Creese surveyed yesterday evening and maybe a single ‘A’ rating to CRM. Beyond that, right now, I’m a sceptic. Enterprise applications participating in a next generation architecture may not fit – and be graded no higher than junk.

My scepticism recognises the challenge teams will experience when eliminating application boundaries and creating a seamless cross-application user experience. Removing the skin and unpicking the tissue of assumptions that holds enterprise applications together is painstaking work. The data semantics, trust and infrastructure assumptions twisted into the tissues cannot easily be mapped into a multi-tenanted homogeneity.

Despite maintaining a healthy scepticism, we’re doing a lot at Burton Group to lay the groundwork necessary for taking those boundaries down:

• The Infrastructure Service Model (ISM) is our model of service-based infrastructure, created by Jamie Lewis and Anne Thomas Manes. One of the key features of the ISM is that it enables policy-driven management and control of infrastructure capabilities.
• We have Chris Howard to thank for relating the concepts in Stewart Brand’s book How Buildings Learn to layers of system architecture.
• Kevin Kampman’s work on interoperable identity services
• Bob Blakley’s research on relationship-based and federated identity
• Dan Blum’s work on Shifting Defenses, Zones and Dynamic Perimeters”
• Joe Bugajski’s overview of “Data Integration: Fantasies and Facts”
• Guy Creese’s evaluation of SaaS versions of the safer AAA, and AA rated applications
• Craig Roth’s overview on surveying more than 300 SaaS implementers
• Eric Maiwald does a great job of combing the fine print of SaaS contracts to highlight security and operational risks in “Considerations for Risk Management When Choosing Software as a Service”.
• and not forgetting Jack Santos’ “Software as a Service and GoogleApps: IT Strategy Implications”, Mike Rollings’ full perspective on “Architecting for SaaS” and his “Related Research Summary: Cross-Domain Context for Build, Buy, or Borrow Decisions” which provides a more comprehensive list than this of Burton Group research as a context for SaaS.

Everywhere you look, both here at Catalyst this week, and in our research, we’re taking on the challenges of SaaS so that our clients can reap the genuine benefits of off-premise, on-demand IT.

Are we there yet? No, but we’re getting there thoughtfully, so that our clients don’t create another generation of legacy technology silos.

No way out (“Huis Clos”) is a play by Jean Paul Sartre about dealing with the boundaries created by our minds. Garcin and the other characters looking for an exit came into my mind yesterday. The most famous line from No way out is “Hell is other people”. By the way, I don’t believe this is Sartre anticipating multi-tenanted databases!

Blogger: Richard Watson

Are you in shape for SOA this summer?  Get ready for the SOA initiative you've always dreamed about by working out with us in the "SOA: Assessment And Planning" workshop at Catalyst North America 2008.

Chris Haddad and I will be presenting tools for allowing you to make an honest and measured assessment of your organization's SOA baseline and a recognition of areas that could be more toned.  As an example, here's a checklist we'll be walking through to assess your Incentive Systems:

People alignment with SOA principles
Mark as True [T] or False [F] 

• Services publicized
• Sharing encouraged
• Open source mindset is present (i.e., solutions delivered to other teams are documented, evangelized, and supported)
• Business stakeholders expected to define capabilities
• Teams discouraged from creating redundant software assets
• Compliance with corporate standards is expected

We will also be sending you away with box of tools you can use to plan the evolution of service-oriented thinking.   Another sneak preview, shown here, gives a checklist for Service Classification meta-data:

Service Classification Meta-data 

• Service Overview (e.g. name, description)   
• Lifecycle Attributes (e.g. version, version relationships, lifecycle status)
• Classification (e.g. basic, composite, infrastructure, business)
• Endpoint Deployment Attributes (e.g. protocols, location, WS-* specifications)
• Data Model (e.g. XML Schema, WSDL, version, semantics, validation)
• Service Level Requirements and Policies (e.g. availability, capacity, responsiveness, security, transaction rate)
• Mediation (e.g. routing, queuing, caching, transformation)
• Service Dependency Attributes (e.g. services, databases, directories, frameworks)   
• Physical Instance Dependencies (e.g. application platform, security, management)
• Business Process Model (e.g. UML diagram, business classification)
• Contract information (e.g. consumers, providers, utilization)
• Usage Guidelines (e.g. time of day, availability, # of users. throughput)
• Accounting or remuneration options (e.g. pay per use, subscription, chargeback amount)

Other tools in that goodie bag include a customizable SOA maturity model, those circuit training assessment surveys and samples for creating your own organization’s SOA roadmap.

Blogger: Chris Haddad

Have you viewed Pete Lacey's REST Take5 presentation?

The REST presentation is a short introduction to Burton Group's popular REST Easy workshop. The workshop will be presented at Catalyst North America 2008;. Additional workshops will cover 'SOA:  Infrastructure Reference Architecture', 'SOA: Assessment And Planning', and 'Improving the Software Development Process'.   

If you are interested in getting face time with Burton Group experts and discussing REST, SOA, or SDLC topics, take a deeper look at the workshop abstracts.

Blogger: Chris Haddad

There is still an opportunity to submit an abstract and share your real-world story with Catalyst attendees. We would like to obtain additional end-user participation and perspective in the following  APS-centric themes:

The Next Generation Application Platform
SOA, SaaS, and social software will fundamentally alter the platforms we use to build and operate application systems. This topic will postulate on the next generation application platform.

Software as a Service (SaaS)
New financial and architectural realities have promoted SaaS to a first-class application delivery model. This topic will discuss the risks and rewards of SaaS.

SOA Report Card
Everyone seems to be doing SOA, but is anyone making a passing grade? Based on real-world experiences, this topic will explore ways to improve your chances to succeed with SOA.

The Infrastructure Services Model: Focus on Identity Services
Enterprise applications based on SOA need to leverage identity infrastructure as reusable services, but current standards don’t ensure interoperability. Burton Group analysts define identity services, assess standards efforts, and challenge the industry to make it work.

New Realities for Data Management
Market trends including DBMS-based XML data management and standards such as XQuery are reshaping the data management landscape. This topic explains how to exploit new opportunities and manage related challenges.

While the formal 'call for papers' ends today, there is still an opportunity to participate.  If you desire to submit a proposal, please contact me at chaddad@burtongroup.com