At the beginning of March I attended Microsoft's Architect Insight event in Newport, Wales. The event is run by Microsoft but the idea is to try and stimulate a community of interest around IT architecture. The flavour is therefore not so much "listen to what Microsoft is doing" and more "let's talk about what architecture is, what's difficult, what's important, and how we can do things better". I certainly found it pretty interesting.

One feature of the event was a series of workshop sessions set up to explore a kind of "taxonomy of IT architecture". Participants were positioned on tables with peers with similar job titles/experience and asked to focus in on one or more roles, discussing what important features of those roles were and how the industry could potentially evaluate skills and experience. I could only attend one of the sessions, but at the session I managed to attend I was positioned on the "strategy architect" table.

Our small group was a bit non-plussed by this title, so instead we took things up a few levels and started with that perennial "what is an architect, anyway?".

Which is where I drew a version of this diagram:

The context of the drawing was this: we'd all come across people whose business cards said they were "architects", but who clearly weren't. Why not?

Well here's my hypothesis: if your role doesn't take you a fair way up at least two of the axes in the diagram, you're a re-branded systems analyst. In my view an architect:

• engages with multiple different stakeholders in doing their work - both from business and IT teams. They seek to engage those people to drive common understanding of the challenge, solution, costs and benefits and tradeoffs.


• plays some kind of role throughout the entire lifecycle of the IT investments they're involved in. Might not be hands-on all the way through, but they contribute.


• work across multiple systems, services or projects. In my mind the job of the architect is to try to optimise the value delivered across a portfolio of systems/projects. We're very good (mostly) at getting people to make local optimisations within system designs: we're not so good at balancing these with global optimisations that seek to pull IT activities closer to business strategy and direction.

What do you think? Is this a valid distinction? Is anyone else out there seeing lots of re-branded analysts, or is it just me?

Posted by neilwarddutton in Architecture | Permalink | Comments (0) | TrackBacks (0)

The Liberty Alliance today announced its Advanced Client specifications which are

designed to allow enterprise users and consumers to manage identity information on devices such as cameras, handhelds, laptops, printers and televisions

For those of you that are so inclined, you can read the specifications here but, in a nutshell, the Advanced Client relies on ID-WSF 2.0 (which I discussed here) to provide the following capabilities:

Trusted Module - protocols which allow a client (be it hardware, software or a combination of the two) that is sufficiently secure to be trusted by third-parties to participate in identity-based transactions e.g. to make identity assertions on behalf of an identity provider event if the client is disconnected from the identity provider

Provisioning - over-the-air provisioning of data and/or functionality to the client

Service Hosting/Proxying (SHPS) - facilities which allow an identity web service service hosted on the client, such as an individual's e-commerce profile, to be accessed under the control of the individual (whether or not the client is connected)

These capabilities allow identity data to be provisioned to and stored on a client device, such as smart card or a mobile phone SIM and subsequently used in a variety of scenarios, including single sign-on and identity federation. In SSO scenarios, the client can either perform the role of an identity provider (self-asserted) or take responsibility for certain aspects of the SSO process, essentially acting as an extension of a third-party identity provider.

The Advanced Client is the third phase of Liberty's four-phase roadmap for delivering client capabilities, following on from the Liberty Enabled Client/Proxy (which I discussed at some length here and here) and the Active Client, which provides client-based identity web services and SSO capabilities in an untrusted environment. The final phase is the Robust Client, which will add support for multi-factor authentication and mobility of Trusted Modules.

This is not just about dry specifications though. Earlier in the year at the RSA Conference BT, together with HP and Intel, demonstrated an Advanced Client proof of concept (you can download the presentation here - it's a 10MB ZIP file!), with HP doing the provisioning and Intel providing the trusted client environment, based on its Identity Capable Platforms (ICP) technology. The proof-of-concept is based on a Wi-Fi provisioning scenario where an individual subscribes to Wi-Fi on the web and completes the BT-initiated provisioning process using credentials which have been pushed down to the ICP-based trusted Active Client.

As I have said before (and I was as guilty of this as anyone) the work of the Liberty Alliance can be perceived as focusing on server-to-server protocols for enterprise-centric federation. Its work on client-enablement, however, provides compelling evidence that this is not the case. With major telco players such as BT, Ericsson, NTT, Nokia, T-Com, Telefonica, Telenor and Vodafone on its membership roster its highly likely that its client specifications are going to see significant deployment. Their participation also explains the emphasis on over-the-air provisioning and active, trusted participation of the user which are essential for telecom services. With an increasingly mobile and disconnected workforce, this is not just a consumer play and organisations should be monitoring these developments closely.

Posted by nmacehiter in Identity Management | Permalink | Comments (0) | TrackBacks (0)

BEA today announced a stategic partnership with CA, which will see the latter's access and identity management solutions (SiteMinder and Identity Manager) integrated with the former's WebLogic and AquaLogic application and service infrastructure platforms.

I agree completely with Wai Wong's (BEA's executive vice president of products) statement in the press release that

Identity and Access Management is critical within SOA

not least because we have said as much in our service infrastructure assessment model and our report on identity management.

Despite this agreement, I am still left a tad confused by this partnership as it is far from clear what this means for AquaLogic Enterprise Security (ALES), which BEA describes as

a fine-grained entitlement management solution that combines centralized policy management with distributed policy decision-making and enforcement. This combination provides management and control of your critical applications

How will SiteMinder integrate with ALES? Will ALES continue to integrate with other identity and access management solutions? Does BEA plan to provide a common policy definition and enforcement framework across ALES and SiteMinder?

We point out in our assessment of BEA's service infrastructure offerings that there are some important gaps when it comes to security and identity management, which explains why BEA felt the need to establish this partnership. However, as well as answering a number of questions from potential adopters, this partnership is going to raise a few more for existing customers with an investment in ALES. I for one look forward to learning more about the two companies' plans to

validate and further extend integration between CA SiteMinder and BEA WebLogic and AquaLogic technologies

Posted by nmacehiter in Identity Management | Permalink | Comments (0) | TrackBacks (0)

In October Microsoft finally got SOA (kind of)... now has it got BPM?

I've not had a briefing on Microsoft's BPM initiative, but I did see the announcement of the Business Process Alliance partner initiative. And I also read Sandy on Microsoft's BPM presentation at the Gartner BPM event - and I for one pretty much always go with what Sandy thinks around BPM.

It's interesting that on Microsoft's website both BPM and SOA topics live within the BizTalk product pages. That might tell you all you need to know. Knowing what I know about Microsoft's software infrastructure market approaches generally, I'm not at all surprised that the meat of its BPM story seems to be "Sharepoint + BizTalk".

Of course Microsoft isn't the only big software platform player giving themselves a BPM makeover - IBM is at it too. Like Microsoft, it's reacting to customer demand for help with BPM initiatives. Revitalised offerings are pledged to arrive soon.

It looks like Microsoft is cooking plans to create a more compelling "proper" BPM proposition over time as the Windows Workflow Foundation gets inserted as a common process automation engine into future BizTalk and Sharepoint releases, but we'll have to wait and see. Just the other day MS announced BPEL 1.1 support on Workflow Foundation, implemented as a Domain Specific Language (DSL), but there are currently no plans to support BPMN. Public commitments for delivering Biztalk on Workflow Foundation are currently vague - beyond saying "in the Longhorn Server timeframe".

If I learn any more I will share!

Posted by neilwarddutton in BPM | Permalink | Comments (0) | TrackBacks (0)