A week of firsts
You might think having been a senior analyst for 8 years that I'd have seen most things. Well, this has definitely been a week of firsts for me.
My first ever
JavaOne conference; my first week in joining MWD as a principal analyst covering the application delivery and lifecycle management market (moving from 8 years at Ovum) and finally my first blog entry.
I accepted Sun's invitation to JavaOne this year because rumour has it that interest in the conference and support for Java is waning, and I wanted to see for myself just what was going on.
To be honest, I've never given much credence to such hyperbolic scaremongering, and what I've seen over the last couple of days merely backed that up. There's no doubt that Java's progress has been and continues to be marked with difficulties: controlling interests and agendas, delays, confusion, swerving focus and industry bickering. However, this is to be expected of a technology that has been successful and widely adopted.
Java is a mature technology that has many masters, spawned a number of lucrative revenue streams, opens many doors and is consumed in many different ways. The competitive alternative ?
Microsoft's .NET environment, although just as formidable, is beset with similar issues and one or two harder challenges.
That's the good news. The bad news is that Sun's role and involvement from technology, market and management perspectives alike has been opaque at best.
Sun has never been particularly clear about how it actually makes money from Java or indeed maximising the opportunities. This doesn't really look like changing in the future.
For all that, I have enjoyed these past few days at the conference and gained a good deal of valuable insight; some disturbing, some surprising, others anticipated. Rumours of the conference's lack of importance and influence are, in my view, premature, and I will share my thoughts with you in future postings.
Far from what I was expecting, there has been a general air of optimism at the conference.
In ending this blog post I find myself with two regrets:
Firstly, the sheer number of interesting and enticing presentations made it inevitable that I should miss more than I could attend. Those that I did get to which I found particularly compelling, and would certainly recommend anyone getting the presentation materials or podcasts / webcasts of the sessions, were:
"Sun Mobility General Session ? Java wherever you are" (the information delivered was certainly interesting and a good insight into JavaFX mobile development - and it's clear that Sun is after the same market as
Microsoft and
Adobe in this space); and
"Real World, Real Time, Instant Results: Make Information work for you" presented by
Jeff Henry of IBM (very interesting, insightful and for the most part non-partisan). I was booked on, but missed,
"Service-oriented Architecture and Java Technology: Level-setting standards, Architecture and code" delivered by Steve Jones and Duane Nickull. By all accounts this had some good insight and valuable information from guys with a lot of end user and real world interactions. The other sessions I wanted to attend but they clashed were
"The many moons of Eclipse" and
"Case Studies from the JavaFX technology world".
My second regret is not having attended JavaOne during the past eight years as a senior analyst, if only to have seen it in its heyday when Java was the exciting new kid on the technology block and firms were rushing and fighting to be part of the show.
Given the size of the big hall and the number of organisations exhibiting I would definitely say that whilst veterans of the show might argue that the volumes are not up with its peak years (early 2000s) the show still maintains enough of an influence to entice the great and the good in this market and plenty of start-ups and innovators.
JavaOne, in my opinion, is still an incredibly important and very necessary conference. My worry is that it becomes increasingly a mouthpiece for Sun rather than a standalone entity.
Over the coming weeks and months, I am going to be writing a lot more about the state of the development market and taking a closer look at the value of some of the underlying technologies and products. I welcome any comments and questions and look forward to readers getting in touch to further the debate.
Labels: development, Java, JavaFX, JavaOne, mobility, Sun
Roles play a prominent role in identity management this week
Back in September Oracle
announced that it had acquired privately-held Enterprise Role Management (ERM) player Bridgestream continuing its "identity management-through-acquisition" strategy. With many eyes focused on the company's Oracle Open World shindig this week,
Sun also entered the fray with its plans to acquire another leader ERM independent: Vaau. Role-based access control (RBAC) is hardly new: the
US' National Institute of Standards and Technology (NIST) initiated standardisation efforts back in 2000 and an
ANSI/INCITS standard (359-2004 if you're that way inclined) was published in 2004. So why all this acquisition activity?
As with many things identity management, it's primarily driven by compliance, with a small helping of increased operational efficiency and cost reduction. As well as promising to streamline the provisioning and de-provisioning of entitlements, roles can help organisations to define, enforce and demonstrate those entitlements to address regulatory compliance demands.
The realisation of that potential, however, has proved elusive. Organisations have struggled to identify (!) the roles that they need, and inconsistent management approaches have often resulted in an explosion of roles to the point where there are as many roles as users. The likes of Bridgestream, Eurekify and Vaau, whose offerings provide role discovery, analysis, allocation and provisioning, emerged specifically to address these challenges, creating the identity management sub-market of ERM along the way.
With compliance top-of-mind for many of their customers and prospects, the major identity management suite vendors who were unable to respond as rapidly as the nimble ERM start-ups quickly established partnerships and, in some cases, moved beyond the press release to actually provide pre-built integration. Sun, for example, provides bi-directional data integration with Vaau (which should help to speed up the integration process). With two of the leading ERM players now with competitors, this leaves the likes of CA and IBM in an interesting position. Their partnership teams no doubt have their eyes (and potentially their wallets) pointing in the direction of Israel, where Eurekify is based.
Some of you may wonder why I didn't include Novell in this list. Had I been writing this post straight after the Sun announcement it would have been. But not long after the announcement I came across
this post from an identity management group blog at Novell, which discusses how the company has been building its own role management capabilities, focused on role provisioning, exploiting its directory heritage (discussed in more detail in our assessment
here) and partnership with Eurekify for role discovery and analysis. The post's author claims no knowledge of acquisition talks. Then lo and behold, and far be it from me to suggest that Sun's announcement had anything to do with the timing, the next day Novell
announced its new Roles Based Provisioning Module.
Of course, a Eurekify acquisition by Novell could still be on the cards, despite the blogger's ignorance of any such discussions, but it seems to me based on Novell's stated strategy that the Israeli company is more likely to end up in the arms of CA or IBM.
The implications for customers are varied. Bridgestream and Vaau customers, who have plumped for a vendor other than Oracle or Sun, should be a little nervous and seeking concrete assurances regarding ongoing support. Customers of the likes of CA, IBM and Novell who are considering ERM will have to think very carefully before plumping for Bridgestream or Vaau for similar reasons.
Labels: Bridgestream, Eurekify, identity, Novell, Oracle, RBAC, Sun, Vaau
Sun's OpenID programme: definitely something to watch
Sun yesterday
announced:
a new initiative around support for OpenID, a decentralized, web-friendly single sign-on mechanism that allows consumers to reuse a single login across different websites, tackling the "login explosion" problem. OpenID is currently limited to facilitating low-risk transactions such as blog comments. Through its new initiative, Sun is exploring what changes and practices are needed to make OpenID applicable to a broader spectrum of business and IT challenges. The company will actively encourage participation from customers and technology partners through a series of activities and real-life implementations that are initially driven by Sun's Chief Technologist's Office.It would be all too easy to focus on vendor sports and discuss this announcement in the context of Microsoft's
embracing of OpenID at the RSA Conference in February. But I will avoid the temptation (not least because I think the sport wouldn't be much of a spectacle).
I also don't want to join the ongoing debate (at least over at the
Identity Gang) sparked by this statement in the press release:
People using Sun- based OpenID identifiers at an OpenID-accepting website can convey in this simple and secure manner that they are indeed Sun employees, a piece of information that can enable access to employee discounts and unlock other special services all across the web.
which confuses authentication with authorisation - contractors may be given OpenID identifiers to access particular services but they are not Sun employees; what happens in the future if Sun provides OpenID identifiers to partners in the future but a service provider is working on the assumption that OpenID identifiers have only been issued to employees?
No. It's this statement which captures my particular interest:
As enterprises increasingly open up access to data and services to wider audiences and improve usability, the use of a decentralized technology like OpenID will be an appealing way to manage account proliferation. Integration with existing deployments, which often involve enterprise-ready technologies like SAML and the Liberty Alliance's Identity Web Services Framework will become an essential consideration. Sun is working with customers and partners to combine and converge these technologies to maximize effectiveness.I discussed the importance of convergence of user-centric and enterprise-centric approaches to identity in
our report on identity management. Although there have been some very valuable discussions in the identity community, this has not resulted in much pragmatic guidance for enterprises assessing the implications of OpenID and other user-centric identity technologies behind the firewall. Sun's experiment should hopefully provide some valuable insight. I for one look forward to hearing more.
Labels: identity, Microsoft, OpenID, Sun
