IT Watchdog - News and Views on IT

Windows Cardspace gets praise across the industry

Years ago, Microsoft tried to be the guardian of our personal data with Microsoft Passport.   Passport was conceived as a single sign-on for  the internet.  You were supposed to  use Passport to log in into your bank's website, Ebay, the social networks you were member of...  The intention was noble-minded in that respect that it allowed users to divulge their personal data selectively depending on the relationship with the diverse site owners. 

But it didn't work, for reasons that Microsoft since then has acknowledged (see the "Seven Laws of Identity" by MS's digital identity guru Kim Cameron).  Users did not grasp what a technology company had to do with the relationship with their banker or auction site (users probably even didn't like the idea of one centralised identity).

Windows Cardspace is built in into Vista and the latest version of the .NET framework.   Unlike Passport,  it  is an enabler instead of an actor.  It's a framework that provides a consistent interface for users to manage their multiple identities.    On an auction site, you might want to have your bank assert that you can pay for the item you bid on.  When commenting on a blogwith your own blog url, you want to have your blog software assert that you, the  commenter, are really  the person behind the url you pretend to represent.  All of this becomes possible with the single, consistent user interface of  Windows Cardspace, in which all kinds of identity providers can plug in. 

Cardspace is an open specification (Windows Cardspace, previously called "InfoCard",  being the MS implementation).  Several parties are working on their own implementation, see for example this (cross-platform)  Firefox plugin.  It's a perfect illustration of Microsoft as "the company that helps you to organize your own information".  As opposed to "the company that wants to organise all the world's information".  Guess who that is...

Relevant links:

• "What is Microsoft Infocard": an excellent introductory write-up
• Cardspace : MS resource pages
• Kim Cameron's Identity weblog

First deliverables of Microsoft-Novell agreement

Several months after the famous Microsoft-Novell cooperation announcement, the first positive signs of the agreement are popping up:

• Novell has adapted its award-wining Zenworks desktop management suite to run natively on Active Directory. It is remarkable that Novell plays down its own metadirectory software such as Novell Identity Manager, but it is certainly a good thing small and medium-sized businesses.
• Novell has developed an open source version of Microsoft's InfoCard identity technology that will run on both Linux and Mac. Actually, Novell was already working on this long before the Microsoft deal, so the source code is available and was presented at Novell's Brainshare.
  A more technical description of the InfoCard selector for OS X and Linux based on the Brainshare presentation can be found at the excellent "Between the Lines" blog.

Of course, not everybody is happy with the Microsoft-Novell agreement. Open source guru Bruno Perens wrote an extensive blog entry "What They Aren't Telling You" about the deal. Also, Richard Stallman (who will present on the goals and philosophy of the Free Software Movement at our local University next week), lashed out at the deal in his presentation made at the fifth international GPLv3 conference in Tokyo.

OWASP updates report on Web application security

For the first time since 2004, the Open Web Applications Security Project (OWASP) is updating its Top 10 Vulnerabilities list. As we rely more and more on Web applications (and the offer of software-as-a-service and on-demand applications will only increase), the need for Web application security is huge. However, many Web applications are inherently insecure, and the OWASP Top Ten report offers a nice checklist (and background information) on the most common vulnerabilities.

You can find PDF, Word and HTML versions of the imminent 2007 release at the OWASP Wiki.

Oracle's Hyperion acquisition confirms that Corporate Performance Management is the Future of Business Intelligence

Oracle's plan to acquire corporate performance management specialist (CPM) Hyperion brings Oracle a lot closer to chief financial officers (CFO's) in very large companies. However, most of those large companies are using SAP for ERP, and this may also have been one of the "hidden agenda" reasons behind this deal. It is probably uncomfortable for SAP to see its large customers use Oracle-Hyperion as the "lens" through which they view and analyze their underlying ERP data ...

But the acquisition also shows how BI vendors are moving up the value chain of information, and how CPM can be seen as the future of business intelligence. On the 3rd of May 2007, our speaker Stijn Vermeulen of the brandnew CPM consulting company element61 will be presenting a one-day seminar on CPM in Brussels. This seminar contains a thorough vendor-independent overview of what CPM is, what the different elements are, and how the market looks like. Of course, we will update this presentation with the latest news about the Oracle-Hyperion deal if such information is available and finalised.

Also, this leaves Cognos and Business Objects as the only remaining independent pure-play BI vendors, and it may not take long before they are acquired by IBM, SAP or HP to compete with Oracle's BI offering. For the moment however, Oracle will have (yet another) tough job to integrate the Hyperion products, to align it with its Fusion strategy, and to inform customers about what it will do with some of the overlapping products ...

A very good analysis of what the acquision means to the market can be found at TDWI (Behind Oracle’s $3.3 Billion Bid for Hyperion).

What is your Service-Oriented Maturity Level ?

Dave Linthicum, the world-renowned author and consultant in middleware, EAI and SOA, has published a 5-level maturity model for service-oriented architectures on his InfoWorld Real-World SOA blog.

Dave is correct to state that having an enterprise-service bus (ESB) is only the first step towards SOA maturity (although many vendors and users think otherwise), you also need transformation and routing (level 2), a common directory service (level 3), brokering (level 4) and orchestration (level 5).

Important to say is that many companies do not need a fully mature SOA to solve their problems. If you can get away with sending SOAP messages from one system (or company) to another (a level 0 SOA), you will save yourself a lot of trouble and money.

Frustration Abounds: waiting for mail.google.com

I have been a happy gmail user since 2004. If you don't know it yet, give it a try. It has a very simple yet efficient interface, it is free and definitely a lot better than Microsoft's Hotmail or Yahoo! Mail, although this one did improve a lot recently. Furthermore, it is server-based, meaning that you can access it easily from anywhere (even on a mobile device) and you can continue editing a difficult-to-write email at home exactly where you got stuck writing it at the office...

However, the server-based aspect may have its drawbacks. As I (and together with me thousands of other people) are using it more and more, I'm getting more and more of these "waiting for mail.google.com" and "server not available, retry in a few seconds" messages. I am sure that Google realizes this, e.g. building a new giant server facility in The Dalles, Oregon, but it will be no surprise that I (together with thousands of other people) are hesitating to use Google's other interesting applications such as Docs & Spreadsheets ...

PS: if anyone wonders why Google is building its O2 facility in the Dalles, Oregon, the answer is the presence of the 1.8 million kilowatt generating hydroelectric dam on the Colorado river.