More Clouds Looks Good to Me

I recently spoke with the folks at MSDN and Microsoft’s Channel 9 about our Azure Cloud initiatives. This is better than an entire box of Fig Newtons. (If ya know me, you know how big of a deal that is.) How'd we get here? In March, JackBe launched Presto 2.7, and since then over 5,000 mashers have been building mashups with Presto 'in the clouds'.

And some of these cloud mashups are impressive. One mashup in particular caught our attention, earning 'mashup of the month' on our Mashup Developer Community. The 'Broadband Applicant Geospatial Mashup App' presents a view of how the government could potentially allocate billion in federal dollars to support the extension of Broadband infrastructure and education across the nation.

The success of our cloud-based Community Edition caught the attention of one of our most important partners, Microsoft. They invited JackBe to connect Presto to Microsoft's Azure cloud. We jointly decided to showcase mashups that connect Azure data sources such as SQL Azure and OData with other public, private and cloud-based data sources. (We went the extra mile and published these Azure mashups as native SharePoint web parts with a few clicks of the mouse!)

The result is the 'Open Government Azure Mashup', with labor statistics and related labor news on a country, state, and even county level. Data from the Bureau of Labor Statistics (BLS) is exposed through the OGDI toolkit, Azure hosts the exposed data, and Presto mashes the exposed data with other third-party sources and delivers results as personalizable widgets, including ESRI-driven maps. It's a mashup of partner technologies as well as cloud data.

So, as I mentioned, our efforts caught the eye of the folks at Microsoft's Channel 9 and I recently had a chance to discuss Mashups and the Azure Cloud with them. As soon as we get our upcoming Presto 3.0 release out the door, I will begin work on an even deeper level of integration between Presto and Azure. As I keep saying, it’s going to be a very hot Microsoft summer.

Read More...

Summary only...

I Predict a hot summer of SharePoint and Mashups

Back in February, I wrote about our Microsoft partner certification, which came about as a natural side effect of the synergy between Microsoft's SharePoint and JackBe's Presto as a best of breed Enterprise Mashup environment. I also noted that big things were soon to come in this space and wanted to take this opportunity to fill you in on some exciting new developments.

Our goal at JackBe has always been to make it easier and faster to build secure, dynamic mashups with disparate information sources. One common scenario is the desire to combine Microsoft and non-Microsoft information, such as bringing together SharePoint list data with external, non Microsoft information, such as an issue tracking system like Remedy or a CRM system, such as Oracle Siebel or SalesForce.com.

There are two sides to this equation, though, with one being the data side and the other the visualization side. We want to rapidly mash these disparate information sources that can come from anywhere (the 'data side') and to publish the resulting apps anywhere (the 'visualization' side). SharePoint is unique as it is both a source of information and a publishing destination, uniquely positioning it as part of an organization's mashup ecosystem.

In our soon to be released Presto version 3.0, we are enhancing our SharePoint mashup integration to make it even easier and quicker to mash SharePoint. As you would expect, this improved self service covers both sides of this equation, with improved capabilities both for mashing SharePoint information as well as for publishing your mashup apps in SharePoint.

Users will now have enhanced support for simple point and click access to their SharePoint list data and improved drag and drop support for utilizing this SharePoint data for building mashups in a visual, web based environment.


Additionally, single click publishing of mashups into SharePoint as native web parts makes it easier than ever to share and collaborate with mashups within and across SharePoint instances.


I am a strong believer in the value of an App Store for the Enterprise.
For those of you with SharePoint in your org, you are one step closer to realizing this vision, since you have a powerful collaboration portal for sharing your apps.

SharePoint and Presto are a best of breed Enterprise Mashup environment and about the closest thing to an "App Store in a box" going today.

Exciting to be sure. But things are about to *really* heat up with SharePoint 2010 recently out the door and Presto 3.0 on the horizon…it's going to be a long, hot summer!

Read More...

Summary only...

Mashup Security – Drinking Wine without the Hangover

I'm a new addition to the blogging team here at JackBe, so let me briefly introduce myself. I’m an architect and application layer security guy specializing in enterprise application development. My 20 years in the software security industry includes a lot on interesting experiences, much of which I relied upon while co-authoring a book on security, Core Security Patterns.

Patterns are very common in software. As my friend and co-author, Ramesh Nagappan puts it, you see a lot of the “same old wine in a shiny new bottle”. But patterns aren't bad, per se. They allow us to reduce complexity by using references to the old when talking about the new.

And every so often you get surprised, with a NEW wine in the bottle. I was lucky enough to get involved with Mashup technologies at JackBe and I am finding a whole new wine in dealing with the security issues that surround enterprise mashups. I know you're thinking 'security is dull' but I assure you this is an exception. (That's a security joke, by the way.)

At the heart of security, you still have to deal with authentication, authorization, confidentiality and non-repudiation. In the older technologies, everything was hosted, client-server, or peer-to-peer; one-to-one relationships. In these types of approach, when a client authenticates to the server (via sockets, CORBA, RMI, HTTP/s), they use an ID/password or other credential token that maps one-to-one with that server.

Now, with Mashups, we are confronted with one-to-many relationships, where clients will need to supply (and servers will need to manage) multiple credentials that will be passed to back-end services. In addition, the struggle of providing and enforcing authorization also becomes more challenging as you mash different services with different authorization requirements together in one application. We really are dealing with a new flavor of wine and not just the same old wine in a new shiny bottle.

In my book I remember writing hundreds of pages on the various aspects of security. Luckily, here I think I can sum up the Mashup Security issues in 5 key patterns:

--- Authentication to multiple backend services with different credentials, authentication protocols;
--- Authorization to multiple backend services requiring attributes from disparate sources;
--- Bridging point-to-point protocol security mechanisms such as SSL;
--- Extending compliance rules and regulations out to the cloud;
--- Understanding the implications of your data being used in new ways.

In it's simplest form, it looks like this:


While these challenges are new, the wine is still wine and we can leverage existing security patterns as is, or possibly by extending the existing pattern strategies. For instance, we can systematize the authentication to multiple backend services by encapsulating existing authentication mechanisms in ‘Mashup Secure Profiles’ that propagate authentication credentials to the backend services in the way that they expect.

Mashup Security Profiles would provide us the ability to allow the Mashup server to store credentials across disparate backend services, manage the login sessions to those services, and thus improve the overall experience of the Mashup user. It would also let us codify the best practices for all of our access types, saving us development time and even improving our overall security. I am happy to report that Mashup Security Profiles are one of the new security features of Presto 3.0, the ‘Enterprise App Store’ release, coming out at the end of this month.

Mashup technology does present a new wine in a new bottle. Of course, there is still risk of the same old security hangover. Luckily, here at JackBe we are used to dealing with security and new challenges and are readily extending the old security patterns to meet these new challenges. I’ll write in more detail about how we extend these patterns in future blogs.

Read More...

Summary only...

When is a Dashboard More Than Just a Pretty Face?

We’ve had a long-running survey on our Mashup Developer Community that asks ‘Where do you think mashups are most relevant?’. And the clear winner, with 41% of the vote, is 'Dashboards and Decision Support Technologies', beating out options like 'Portals' and 'SOA'.

Message received! In fact I am happy to say that, with the June 2010 release of Presto (version 3.0, which we refer to as the 'Enterprise App Store' release), we will have an entirely new tool called Presto Mashboard. And I think that we've taken traditional dashboards and added a few spicy ideas of our own.

At first glance Mashboard might appear similar to Google Desktop, as an interactive ‘Web 2.0’ dashboard for web-savvy users to organize their Apps in customizable layouts. But Mashboard is also much, much more.

A screenshot of Presto Mashboard, the drag-and-drop way to create sophisticated App Groups.

Most importantly, Apps in Mashboard aren't static reports showing individual data sources. The Apps are mashup-driven: dynamic, customizable views of many sources, mashed and transformed to specific needs. A lot of power in a little package.

Mashboard also supports grouping sets of Apps that are brought together for a particular application or purpose. These groups can be shared, just like individual Apps, to other instances of Mashboard, or to popular enterprise collaboration destinations like SharePoint, iGoogle, or simply to a web browser. And I’ve already seen some great Mashboard-based solutions created by our mashup developer community, like the Disaster Response Dashboard.

I think the previous generation of dashboards were great for their time. But with the opportunity to create dynamic, flexible mashup-driven Apps rapidly and in a visual environment, I think the next generation of dashboards is more than just a pretty face.

Read More...

Summary only...