Editor's Note: To understand the rapidly evolving world of SOA, learn firsthand from the people who are shaping its future at ebizQ's SOA virtual conference, which you can sign-up for by clicking right here.

What follows is my podcast with Brenda Michelson, Program Director for the SOA Consortium and principal of Elemental Links. In this podcast we discuss the SOA Consortium and the SOA framework they’ve been developing, along with some of the challenges companies are facing in their adoption of SOA, and generally provide a quick introduction to the SOA in Action Virtual Conference coming up on ebizQ in the fall.

Listen to or download the 5:57 minute podcast below:

Download file

---Transcript---

I hear that the SOA Consortium is currently developing a Planning Framework, which is interesting since everyone else in the industry seems to be working towards developing reference models. What made you decide on a Planning Framework?

Honestly, we didn’t set out to develop a Planning Framework, but it more or less evolved from conversations that we had in our community of practice and our Executive Summit series. When we started the SOA Consortium, we realized that SOA was more than boxes of software, bags of protocol, but that’s where the industry was focused a couple of years ago.

For us and the people that we talked with, SOA is an approach to deliver business capability so it’s broader than just buying an ESB, or registry, or placing a mediator. And when we were out at our Executive Summits, the CIOs told us that SOA is pervasive and the technology is the easy part. In our conversations in the community of practice, those sentiments were continuously reinforced that, yes, architecture and technology were important and it’s what people talked about that most of our conversations really revolved around organization and process issues.

Some examples were how do you work with the business on service funding strategies, governance, service definitions, or how do you work with your IT peers after you get the pilot out? How do you involve project teams? What are the challenges with operations? What do you do with the data folks? How do those strategies dovetail?

So what we were realizing is that there’s a lot to here, there’s a lot to know, and all that information and all those activities aren’t necessarily in the purview of the team that’s starting up your SOA because those are typically architects. So what we came to was that you really needed to develop a roadmap for your organization that could be implemented by the right people in a coordinated manner.

Now, is this roadmap, is this a universal road map that all organizations should follow or is it the framework more a set of activities that companies should incorporate into their own roadmap?

Definitely the latter, in that people need to compose their own roadmaps. Organizations, enterprises, agencies would use this framework to pick and sequence activities that account for their specific business organizations, their technical situations, their people skills.

And what we’ve talked about patterns emerging over time, say for government agencies who are pursuing SOA for information sharing that it’s unlikely that a common roadmap would work for more than a handful of organizations. But what we’ve talked about and learned through conversations is that the activities on most roadmaps are common such as most organizations create a governance plan.

Most organizations work on a service versioning policy. However, the implementations, the rules behind those vary organization to organization what they pick for products, what they already have in place. So we found that kind of the Chinese menu approach to developing a roadmap was really helpful for our members and we believe it’ll be helpful for the community at large.

Is the framework available now?

Yes and no. The basic framework itself and the supporting context diagram are available in document form, and then our next step is to launch a public wiki of all the contents so that you could actually drill into the different activities and see the relevance to SOA, see some insights from our practitioners, some learning that we’ve gathered along the way. And that wiki will be available in September. We’re going to launch it at our member meeting in Orlando.

Just to get to a more general question, what do you see the current state of SOA adoption in companies?

What we see with our membership is that people really are moving along with SOA, they’re delivering business value, people are actually using SOA not just to optimize a current business but some people are entering into even adjacent market strategies.

Right now, we’re running a case study contest. It’s open to the public. And what we’ve seen from those entries is that people really are telling us stories about how they’ve used SOA to grow their business, to optimize some processes, to deliver some new business capabilities, that the stories aren’t focused on some the early SOA stuff, like setting up governance or even using a service approach to integration.

So what are some of the implementation challenges that the companies are facing?

What we’ve seen is some initial challenges that everybody faces, that we all kind of learn in kindergarten and forgot that sharing is hard. But more and more what we see, and even if it’s a big topic of our member meeting in Ottawa in June, is that its getting beyond the initial SOA challenges to things like operations, security, properly defining your services. People are really starting to focus now on the bigger problems of how do you have a Service Oriented Architecture at scale. So how do you move beyond pilot?

Interesting, and I want to remind everyone to make sure you checkout the virtual conference of SOA in Action that’s coming in the fall where Brenda will be a keynote speaker. You can sign up for her session, Business Driven SOA Planning Framework, right here.

Posted by ebizQ in | Permalink | Comments (0) | TrackBacks (0)

Editor's Note: Interested in SOA, security, and business collaboration, then make sure to attend Open Group's webinar, Evolving Security Architectures and SOA for Better Business Collaboration by clicking right here.

What follows is my podcast with Fred Etemadieh, Chairman of the SOA Security Working Group for the Open Group. Fred has over 25 years of experience in the Open Source Systems Development with UNIX and Linux, and in this podcast we discuss the intersection of SOA, security, and collaboration, and Fred gives a quick introduction to the Open Group’s upcoming Webinar on Wednesday, August 6, Evolving Security Architectures and SOA, where Fred will be a featured speaker.

Listen to or download the 5:01 minute podcast below:

Download file

---Transcript---

What will people learn from this Webinar and who exactly should attend?

The intent of this Webinar is to introduce a merger of two primary IT ideas. One is the SOA or Service Oriented Architecture and the other one is the security characteristics within the IT environment. And as we all know, SOA is gaining grounds in the architectural community and the security has always been traditionally and to this day a main part of the IT infrastructure. And as such, we think that it is as good of a time as any to introduce a cohesive simple understanding of these two primary features of an IT infrastructure in this Webinar.

Because SOA represents a different way of constructing applications, does that mean the security threats and vulnerabilities are different then as well?

Indeed it does. SOA has a certain characteristics that is common regardless of who is attempting to define it. Needless to say, given that it is a relatively new architecture, you will have varying definitions of what SOA components comprise of. However, in all of these definitions, a couple of items come to mind. SOA is a distributed environment.

And more importantly, the information that traditionally had been part of an internal IT organization, an internal corporate framework is now being scattered all over the internet. And therefore, the nature of information needs to maintained as far as the confidentiality is concerned, and indemnity is concerned, and a bunch of other features, which in the past were not necessarily at the forefront of security definition and design.

Right. So it sounds like its calling for new security solutions and new architectural responses. But then do you see an evolution in terms of the appropriate response for securing SOA architectures over time?

I think evolution is a proper term as opposed to total overhaul. I think that the existing security features within the IT need to evolve to take into account the nature of the SOA architecture. And SOA architecture is coming into to the picture as we speak within small and large organizations.

More and more companies are interacting with one another in an internet connectivity as opposed to internet or within the same realm of the security. So as it grows, and grows, and grows, we need to evolve the requirements, and more importantly, keep them in check so it’s not scattered all over and the companies can interact with one another.

Well, that makes a lot of sense. Now, one of SOA’s biggest challenges seems to me to be with identity. So what exactly are the SOA security implications for identity management services and technologies?

Well, that’s an excellent question. Imagine if you’re within a single organization, and you have an identity, and you go out and you have own other identities when you’re dealing with other organizations.

But in this instance, the nature of identity can be very convoluted if we leave it the old traditional way of identifying either one as an individual, or a feature, or a process in that it needs to be more uniformly defined across the net in that it makes it more -- simplifies the process of exchanging information, recognizing where the information is coming from, authenticating where the information is coming from.

All these characteristics that belong inherently to an identification become important in developing and generating an unified means of defining and implementing these features of identification. There are organizations that are working towards federated identity, which some people might have heard which is concentrating on defining and promoting what is global identities recommended to be.

This is ebizQ’s Peter Schooff having spoken with Fred Etemadieh, Chairman of the SOA Security Working Group for the Open Group. If you have any questions, make sure to log on right here and ask the question so it then can be addressed during the Webinar. Thank you so very much for joining me today, Fred.

Posted by pschooff in | Permalink | Comments (0) | TrackBacks (0)

Editor's Note: Interested in Web 2.0 and the Enterprise, then you cannot miss ebizQ's upcoming Enterprise 2.0 virtual conference on Wednesday, July 23. Sign up here!

What follows is my podcast with Rob Koplowitz, Principal Analyst of Forrester Research, where he leads Forrester’s Research in the areas of basic content management, instant messaging, blogs, and Wikis as they relate to the enterprise. In this podcast we discuss Web 2.0 and the future of the enterprise, basically providing an introduction to ebizQ's upcoming virtual conference, Enterprise 2.0, where Rob will be a keynote speaker.

Listen to or download the 5:57 minute podcast below:

Download file

First off, what type of companies are experiencing the most success with Web 2.0 applications?

Well, there’s a couple of different profiles, Peter. Number one would be certainly smaller organizations that didn’t have a big investment in collaboration technology in the past that have picked these tools up and started using them very aggressively and they’ve seen some great case studies there. But oddly enough, the other group that is actually showing a great deal of success are organizations that are highly regulated, and highly secure, and they really have an interest in a path of getting there.

They start off with risk mitigation. They start off looking at patterns where people are starting to use these applications out on the open internet and they need to think about shutting them down but they very quickly realize that’s not a good idea, people are getting business value from them. So they looked to providing sanctioned alternatives and they very quickly come to the conclusion that these are anything but toys.

There’s business value to be gained from these, that these drive organization efficiency. And more importantly, they drive some really important cultural changes that change the profile of these organizations pretty dramatically so they see the value very quickly. They start off with risk mitigation but they very quickly see the business value in these tools.

Interesting. Now, what are some of the best practices that allow companies to have their Web 2.0 applications be widely accepted and useful and also, what practices should be avoided?

Well, I would certainly say that the “If you build it they will come” mentality can be problematic. You do need to have a great deal of critical mass around these tools in order for them to really gain their maximum value. But with that, there are firms that are providing a great deal of prescriptive guidance in the use of these tools.

And some of them are taking it down to the level of very specific business processes, and business scenarios where certain types of key planning processes, certain types of content are being generated using these tools. And what they’re finding is they’re simply more efficient tools for handling certain types of business tasks.

But beyond that, once this starts to gain momentum, you start to see some social networking effects take place and that can be very, very powerful towards moving the value of these tools forward in some very interesting ways that can drive some organizational changes that are certainly not caused by the tools but the tools can lower the friction around some of these organizational changes.

When you start to see some interesting hierarchies develop where some of the folks who are your go-to-folks for creating ideas, and the go-to-folks for providing value start to get turned on their head a little bit, and we start to see new voices emerge, and new patters of communication emerge, and that’s really when the power is tapped into.

I’m sure a lot of companies will still hear Web 2.0 and think it’s all about their employees IMing their friends, or updating their Facebook, and pretty much although just slacking off. That’s not really the right way to look at it though, correct?

Well, I certainly haven’t seen that pattern. I mean, number one; it’s not necessarily fair to say that a little bit of social interaction among employees is a bad thing; it actually can be a very good thing. But the patterns that I’m seeing emerging around these tools are really focused on the business value that they add.

There is a tremendous magnification of the value your employees when that community broadens across organizational boundaries and across geographic boundaries. And a community is involved in solving a business problem or driving a business process as opposed to an individual.

So I think there’s some initial fear at the beginning as there was with instant messaging, for example, that folks will get off task quickly and not be getting their jobs done but that’s really not how people work. People want to get their jobs done; they want to be effective in their jobs. And to the extent that these tools allow them to be more effective and the [0:04:08] is really quite significant. Folks use the tools wisely.

Great. And I just want everyone listening to note that this is just a prelude to ebizQ’s Virtual Conference coming up on July 23rd, Enterprise 2.0. Rob will be a keynote and make sure you sign up for his event here. And if you have any questions, please do ask so Rob can address those questions at the conference.

Posted by pschooff in Podcast | Permalink | Comments (0) | TrackBacks (0)