Mashups in Action: Fusing Enterprise Mashups to Enterprise Widgets (The Rest of the Story)

About this time last month I wrote a 'Mashups in Action' post that described a then-nameless organization's use of mashups and mashlets (mashup-driven widgets) to expand the reach of their collaborative professional community outside the walls of the community proper. But I was admittedly circumspect on the name of the organization. Which isn't the most confidence-building thing considering that this was, according to me, a public use of mashups/mashlets. I am ready to rectify that. To steal that famous tagline from long-time radio broadcaster Paul Harvey...and now, the rest of the story.

With over $12.4 billion in annual revenues, Thomson Reuters is one of the world’s largest information brokers. In 2007 approximately 88% of it’s pro forma revenues were derived from electronic products, software and services . Thomson applied mashups to one of it’s scientific community portals, ResearcherID, a ‘gateway to researchers and their published works’ for ‘accurate author and publication identification’. ResearcherID provides first-person author profiles, publication lists, and citation metrics, creating an source for research professionals to share and collaborate.

The mashups in this case are dynamic, user-specific views of the user (who are typically researchers in fields like physics or medicine), their published research, and demographic views of third-party citations of that research. Thomson also added dynamic mashlets for these mashups that were designed to be easily be embedded in a user's personal blog/website or emailed to peers. Each widget, when embedded in a personal blog or portal, gives a small dynamic preview of the data from the community. It is not static but rendered when you ask for it.

In just a few weeks, these mashlets (Thomson calls them 'Badges') are already in hundreds of individual blogs/wikis/websites around the world. But explaining it pales in comparison to seeing it in action. By now you've probably noticed a smallish 'Researcher ID Profile' graphic in this blog. It is the Badge of Teng Li, Associate Professor in the Department of Mechanical Engineering at the University of Maryland. Hover over the Badge and you get the snapshot of Teng Li's most recent work; clicking on the 'Go to...' text at the bottom of the Badge takes you directly to Teng Li's page within the ResearcherID community with his complete professional publication vitae.


To see an example of a Badge in action, go to Teng Li's website at the University of Maryland, look under his picture (you might have to scroll down a tiny bit), and you'll see his Researcher ID badge. Like the hundreds of other researchers who have posted Badges on their blogs/wikis/websites in the last few weeks, Teng Li did not get technical support from Thomson to get this done. He did it himself which is more impressive if you remember that he's a mechanical engineer, not a web developer. He merely went to the Researcher ID Badge Creation Page, chose his Badge type (most of them seem to prefer the big version), clicked the 'Generate Badge Code' button, and pasted it into his website.

Finally, it's interesting to note that Thomson didn't stop at the Badge, but provided 2 other mashup-fueled options for the members of ResearcherID: the Collaboration Network, to see who Teng has professionally collaborated with, and the Citing Articles Network, to see who has cited Teng Li's work.

I said this in my previous post but it bears repeating: By all accounts, mashups/mashlets were a very successful addition to Thomson's ResearcherID community. Without any promotion/advertising (or tech support) to its community, there were hundreds of independent professional blogs/websites around the world with ResearcherID Badges in them, all linking back to the ResearcherID community. As our friend Andy Mulholland, Global CTO at CapGemini, put it in his most recent blog, 'It’s another part of the extreme flexibility associated with the new approach to technology that Web 2.0 brings.'

Read More...

Summary only...

Blog Spotlight: Andy Mulholland on Enterprise Quality and Enterprise Mashups

Andy Mullholland, Global CTO at Capgemini and co-author of 'Mashup Corporations The End of Business As Usual' and 'Mesh Collaboration', has always been a practical proponent of enterprise innovation. In a recent blog post Andy gave the topic of enterprise quality a thorough consideration. He highlighted the importance of manageability in an enterprise services endeavour and then, notably, described this attribute as the difference between seat-of-the-pants mashups and mashups created within a governed mashup framework:

...here is where I see the benefit of adopting an Enterprise MashUp approach with elements designed from the start to offer both a framework for deployable MashUps that manages the policies with a MashUp engine to perform a similar role with Data provenance. It’s tempting to just use some open source elements and build ad-hoc MashUps that will work just fine, until the issues of managing become apparent. The lessons of the PC era of deploy cheap, and spend a lot of money to re-establish control of ‘information’ under a new role termed CIO, are still a little close in my mind to want to get caught this way again.

We couldn't agreed more! You can (and should) read Andy's entire post on the Capgemini CTO Blog.

Read More...

Summary only...

What's the killer app for mashups?

Last week at Forrester's IT Forum one of the analysts suggested that spreadsheets would become the killer app for mashups. They certainly are as good a candidate as any other but it's worth considering the alternatives. Between spreadsheets, portals, SOA, and even interactive 'widgets', there's are a lot of contenders for the title of mashup killer-app.

So what's the killer app for mashups? What makes them into the 'must have' solution for IT and business users alike? We try not to be too self-serving in this blog, living by the 'fact not spin' mantra. And I must admit that the question feels very introspective, perhaps being truly meaningful only to those of us who eat and breathe mashups every day. But perhaps the killer-app discussion has a side-benefit: it is a good recap of the many diverse applications of mashups across the enterprise.

Is the killer app for mashups a tried-and-true business utility like Excel? JackBe certainly sees the synergy between mashups and a familiar, user-centric interface like Excel. Mashups-in-Excel can let users consume existing mashups and publish spreadsheets as services into the mashup cloud. This could make mashups very popular with communities of users that would otherwise never benefit from mashups. But spreadsheets will never be a 'one stop shop' for mashups. You'll always have a mashup creation tool for advanced users to do advanced mashup wiring. Is mashup consumption enough to make it the killer app?

Is the killer app a Web 2.0 technology like widgets? JackBe has seen the value of the fusion of widgets with mashups; these dynamic 'mashlets' make mashup-based information very sharable and collaborative. As Andrew McAfee, the Web 2.0 guru and all-around big thinker at Harvard, recently put it:

...it is striking how few opportunities people have to generate, modify, and share information freely and widely on the Intranet, especially when compared with their abilities to do the same on the Internet. Since so many organizations describe people as their most important assets, it is puzzling why these opportunities are so constrained.

Mashlets do just that. One of JackBe's customers has deployed mashup-driven widgets into their collaborative community. They are letting users embed auto-generated mashlets into their own websites, each of which gives a soundbite of their community information and points visitors back to community. In general, widgets show great potential for mashup-sharing. But is mashlet-driven community-building the killer app for mashups?

Is the killer app a tried-and-true business utility like the enterprise portal? Every organization has a portal (I heard one company admit to having 150+) and they are a decidely 'last generation' technology. Delivering mashups via a simple JSR-168 wrapper can let portal users and administrators to quickly deploy a very dynamic Web 2.0 technology into this undynamic-but-ubiquitous web interface. Like widgets, this mashup application makes mashups very consumable. But who's doing the mashup creation to fill this demand?

Is the killer app an IT-facing technology like SOA? We've written many times about the genuine synergy between mashups and SOA. Mashups give a user-embraceable 'face' to this otherwise IT-only technology; mashups in turn benefit from an ever-growing cloud of SOA services that can be mashed. Of course, the association between mashups and SOA seems to hold a bit of controversy, but the real question is bigger. Can SOA alone make mashups into the next big thing?

Only time will tell which of these combinations will ultimately become the killer app for mashups. Perhaps the true killer app for mashups still lies undiscovered by the industry intelligencia. Or perhaps the killer-app for mashups is not any one of these things but a combination of them all. Afterall, every organization has its unique needs, wants, and goals. Perhaps it will vary by department, by industry, or by maturity of the organization.

Regardless, any organization that is planning for mashups should consider all of these uses for mashups when doing its mashup roadmap.

Read More...

Summary only...

Mashups in Action: Fusing Enterprise Mashups to Enterprise Widgets

Do you know widgets? You’ve probably used these shrink-wrapped micro-applications on one website or other. Google has made widgets a staple of their information-from-any-source iGoogle interface. Amazon has their ‘Pay Now’ widget. Yahoo has a nice collection of them. NVidia has one (that is decidely developer-centric). And they seem to be quite popular with the Facebook crowd. There’s even a widget tracker/aggregator: Widgets Lab.

But where are they in the enterprise?

Richard Monson-Haefel from Curl recently gave the subject of enterprise widgets a very thorough consideration. Like a lot of their Web 2.0 cousins (wikis, blogs, etc.), widgets have some great enterprise potential. SalesForce.com widgets are an increasingly popular topic among RIA developers (there’s a good example here). And last month JackBe formally announced ‘mashlets’, a fusion of enterprise widgets and enterprise mashups. Take a mashup, give it a widget 'face', and you got yourself a mashlet.

So where’s the ‘Mashup in Action’ in this discussion? JackBe recently helped a multi-billion dollar data-provider (who wants to remain nameless for now) implement mashups and corresponding mashlets on top of their large community portal. The mashups are dynamic, user-specific previews of the user's overall contribution to the community that bring together the user’s up-to-the-minute information from the community portal, the user's personal data-sharing/security settings, and a modest amount of information from outside the community as well. The mashlets for these mashups were designed to be easily be embedded in a user's personal blog/website or emailed to peers. Hover over the mashlet and you get a small dynamic preview of the data from the community); click on the mashlet and you get taken to that user's page within the community.

It’s quite an instructive and sexy story of mashups and mashlets in a corporate context. By all accounts, it was an immediately successful addition to the community. Within days and without any promotion/advertising (or tech support) to its community, there were over a hundred independent professional blogs/websites with mashlets in them. The community members used the mashlets to extend the community's reach well beyond the formal boundaries of the community portal. Now THAT’S Mashups (and Mashlets) in Action!

We’ll publish a few mashlets from this organization as soon as we can. For now you can take a quick peek at the sample mashlets embedded in this article; it took only a few minutes to create amashups from a spreadsheet and create the sample chart/grid mashlets from that mashup. If you look closely you'll see that the mashlets are dynamic (if the data behind them changes, so will the mashlets), interactive (in these simple mashlets you can sort and rearrange; it more robust mashups you could filter and even update the data), and portable (each has simple calls to embed them in a portal, wiki or email note). We also have a couple of more substantial mashlets on our Demos page. And we’re holding a free webcast about Mashlets on May 28 (you can register on our Events page).

Basic Chart Mashlet (click to try it)

Basic Grid Mashlet (click to try it)

This story, and mashlets in general, is all about enterprise-spanning data collaboration. They make data more fluid, making it trivial for non-technical users to fashion their own information solutions and then share them with peers. ‘Widgets’ may sound too cute-and-cuddly for the enterprise. Enterprise architects and business managers would do well to consider not the name but the potential behind the name.

Read More...

Summary only...

A Storm is Coming: Mashups as a User-Enabling Enterprise Catalyst

We're a bit behind on our blogs. But let me tell you what I told my boss earlier this week: we have a huge list of excuses. Most importantly, we've been busy launching Presto 2.0, the next generation of our award-winning enterprise mashup platform. It includes a huge set of new capabilities but a few are notable innovations: Mashlets, user-created badge-like interfaces to mashups, and our Excel Connector, a lightweight Excel plug-in to publish/consume mashups to/from spreadsheets. Both are very user-centric solutions that bring mashups right into the spreadsheets, portals and blogs that business folk use daily.

And to compliment our Presto 2.0 announcement we rolled out our new Mashup Readiness Test, announced our Spring Mashup Webcast Series, published a column and a chalk-talk video, exhibited at O’Reilly’s Web 2.0 Expo, and launched a brand new edition of our website to wrap it all up in a nice package. (Whew!) But JackBe's activity last week was only part of a much larger movement. What's most interesting was the hyper focus Web 2.0 technologies, particularly mashups, received from the analysts, press and conference-goers last week. I think what we're seeing is the beginning of a perfect storm, one with enterprise mashups at the center.

I have always been intrigued by trends and patterns. Here's a few I see, some obvious, some perhaps not. On the technology side, we [finally] have acceptance of RIA technologies such as Ajax, Flash/Flex and Silverlight as a browser-based presentation technology. SOA, and services in general, are gaining momentum as outside-the-firewall business data providers. And perhaps in part to JackBe and our peers, mashups and widgets have become very popular topics in enterprise circles. (Just take a peek at these to see what I mean: InfoWorld, eWeek, ComputerWorld, PC World, Forrester, VentureBeat, and even more from InfoWorld.)

On the business side, we're beginning to see acceptance of 'iSaaS' solutions (my term), that look and feel like SaaS offerings but are provisioned by the IT department but run by the business folks. Equally important, executive teams are beginning to see the Web 2.0 light, in some cases by choice and in some by force. (I have a great story about the head-fake Web 2.0 technologies can give an executive team but I'll save it for another post.) And these are business trends supported by my time on the floor at the Web 2.0 Expo. The 10,000 attendees at the Web 2.0 Expo weren't all Facebook developers, I assure you. The event was packed with architects wanting to learn how Web 2.0 technologies can solve their business problems.

And that's the storm I see brewing: technology and business beginning to align for some true synergy. As I see it, the three trends that are driving this perfect storm are:

1. Enterprise data is becoming more and more accessible via services.
2. More and more decisions are made based on internal and external data.
3. Users are getting technology savvy to solve problems themselves.

Now take these three enterprise trends and trow in mashup technology as a catalyst. Here's the explosive results:

1. Enterprise Mashups combine data from internal and external web services,
2. Enterprise Mashups let end-users do the creating and sharing,
3. Enterprise Mashups expose data into the common user tools like portals and spreadsheets.

The real message here is the user-facing nature of this trend. This is a swing away from our 20-year love affair with monolithic systems. Don't get me wrong, IT has done a great job of automation of many automatable tasks but monoliths do nothing for users trying to address their Long Tail information needs. The coming storm will fix that. It is a storm of RIA, SOA, widgets, iSaaS, and self-service, one that will include the business folks and the IT folks, and one with a healthy dose of enterprise mashups. It is a storm every enterprise should be eagerly anticipating.

Read More...

Summary only...

"Mean, Lean and Green": Mashups and More at CSC Leading Edge Forum

Yesterday I presented for the second year in a row at the CSC Leading Edge Forum.
This year's theme was "Mean, Lean and Green" and I presented JackBe's vision of a leaner IT future: dynamic data integration, syndicated mashups, mashup-based Enterprise Widgets, and improving the adoption and reusability of SOA assets via Mashup-based solutions.

In addition to my presentation, I had the chance to hear and meet some really interesting folks, including Chris Clark, technical lead on the National Environmental Information eXchange Network, and Tomas Soderstrom, IT Chief Technology Officer for the Jet Propulsion Laboratory (JPL). Both are overseeing projects that sound like potential candidates for Enterprise Mashups and Mashup-based Widgets!

I genuinely enjoyed meeting them and the many other speakers and attendees at this informative conference. Many thanks to CSC for giving me the opportunity to be in such esteemed company.

Read More...

Summary only...

When Mashing Your Enterprise, It Pays To Have a Lot of Friends

It has been almost a year since IBM’s Mashup Eco-System Summit and we noted at the time that there was some confusion among the attendees as to what truly defined an enterprise mashup. Since then we’ve defined the 5Cs of Enterprise Mashups and, more recently, outlined practical examples like the 7 Mashups Every Company Needs. But there’s one thing we’ve always been certain about: no single vendor can address the entire enterprise mashup problem alone. It is critical to catalyze mashups in the enterprise with an ecosystem that surrounds those mashups, making them easier and more secure.

So I’m happy to write that today JackBe announced our Presto Mashup Ready (PMR) program, an ecosystem of partners that provide real value-adding integrations and services to the enterprise mashup consumer. We took a rigorous and systematic look at the actors that can influence the success (or failure) of mashups in the enterprise. The result is that we have an amazing group of inaugural partners that are all working to bring enterprise mashups to the proverbial next level --- a level which, in my opinion, will help make enterprise mashups even easier and more secure.

I could write an entire blog about each partner but I expect in all cases you will recognize and appreciate the value these industry leaders bring to a mashup ecosystem. First and foremost are the Mashup Enablers, Xignite and StrikeIron, that provide business data as reliable SaaS-type services. If you need data from public websites, Dapper provides webclipping to fill the “web page to data” gap needed for many enterprise mashups.

But there's even more to the 'mashup enablement' part of this story and you’ll see other Enablers that might be a surprise. You may not think of a database as a SOA-style service, but JackBe’s 2007 Mashup Market Survey showed that 78% of mashup initiatives had databases as an important data source, far exceeding the other types: RSS, REST, and WSDL/SOAP. So EnterpriseDB, and it’s ability to run on Amazon’s Elastic Cloud, make it a perfect mashup fit (more on EDB, EC2 and JackBe later this year, wink wink). And in case you thought webservices were just for the servers, OpenSpan’s technology lets you expose your desktop applications as webservices, which in mashup-speak means it’s a mashable service.

Beyond enablement, everyone agrees that security and governance are must-haves for mashups in the enterprise. For Mashup Governance we’ve turned to Layer7 for their service access security and HP SOA Systinet for their SOA governance. And we recognize that mashups are not always an end unto themselves. Sure we can deliver ‘mashlets’ (aka mashup widgets), but sometimes the mashup is part of a bigger puzzle. Our Mashup Interface (aka Rich Internet Application) partners, Ext JS and Backbase, can provide a face to mashups that really brings them to life.

Finally, it makes prudent sense to bring in the architect professionals who really understand the sophisticated nature of the enterprise. We’re proud to have Mashup Integrator Partner as part of the PMR Program: Capgemini, NuWave Solutions and MomentumSI. Capgemini brings in a wealth of knowledge in providing customers with business and technology strategy. NuWave Solutions is a well-respected BEA Portal Solution provider and MomentumSI is the SOA expert who knows how to architect SOAs and their enterprise mashup cousins.

I hope you are as excited about the Presto Mashup Ready Program as we are. As far as I know this is the first enterprise mashup partner program in the industry and its a milestone we are proud to be a part of. If you’d like to hear from the partners themselves we have some great quotes from our partners on our website. And I’d encourage those interested in becoming a PMR Partner to apply online.

It does take a village to raise an enterprise mashup. We’re proud to be the first mayor.

Read More...

Summary only...

Telling Stories: Mashups in Action

Here at JackBe we’re always trying to move the state of the mashup art forward. In past posts we’ve described mashup best practices like the 5Cs of Enterprise Mashups, mashup security, the integration of mashups with important enterprise solutions technologies like your SOA, and products like Oracle and HP Systinet.

Last week, while listening to one of my customers enthusiastically describe his enterprise mashup, it occurred to me that we’ve neglected one of the simplest and most useful ways to move the state of the art forward: telling the mashup story. That is why we’re starting a regular blog topic we’re calling ‘Mashups in Action’. Here we’ll share any real-world story that shows the value of enterprise mashups. So here’s my inaugural entry...

I recently visited with a CIO at a major medical research facility. He described the complex processes his researchers did every day. Along the way he described how they manually pick research data and citations from public sources like PubMed (and other third-party biology/genome data sources) and manually matched this against an internal datasource of research results through some key like topic, date, publication, or author. Then he dropped the bombshell: this matching process could take anywhere from days to weeks, occasionally even months!

Of course doing this in a non-mashup-enabled way would take exceedingly long. But the issues don’t stop there. It’s also error-prone, tends to age quickly (the final dataset can be out-of-date as soon as the first cut-and-paste is done), and most important to the CIO I spoke with, it is incredibly insecure (emailing spreadsheets? c’mon!). And that’s why this is my first Mashup in Action.

This Mashup in Action serves as a good metaphor for a number of JackBe's customers. It is about connecting the ‘outside’ to the ‘inside’ and it is one of the premier usage patterns in the areas that are research-heavy like legal, medical, intelligence, and investment.

I’m sure you’ll quickly realize that knowledge workers everywhere do this all day long, day after day, into spreadsheets or something similar. They start in common outside-the-firewall sources like SaaS apps like Salesforce.com, websites like Google, publicly accessible data services like Xignite, or an inside-the-firewall app like SAP or Oracle. These users select a small subset of data from these very verbose data providers as the starting point for their analysis because that’s all they need to get the job done.

Next, they use the some kind of unique identifiers in these data set(s) to join the data to an internal source. The internal sources are ones you probably know well, including off-the-shelf apps like SAP/Oracle, homegrown client-server application, or even other mega spreadsheets. The result is a composite data view used for decision making.

In a mashup this can be done in minutes to hours, of course. And they get the added benefits of security and collaboration, allowing researchers to save, tag and share resulting mashups for use by peers without exposing the data insecurely in an emailed spreadsheet or HTML page. Even with the issues of distance and security, it can be done better than days, weeks or months through enterprise mashups.

We’ll be back in a few weeks with another Mashup in Action. And, as always, we’d love to hear your stories!

Read More...

Summary only...

The Semantic Enterprise: Are Semantics the Future of Mashups?

Is it just me or does it seem like semantics are trying to compete with mashups for the ‘it’ technology crown of 2008? Tim Berners-Lee reiterated his vision of the Semantic Web. In case you haven’t heard him do this pitch before, here’s the jist of it straight from the interview:

‘In the semantic web, it's like every piece of data is given a longitude and latitude on a map, and anyone can 'mash' them together and use them for different things.’

And perhaps not coincidentally, there was a note in TechCrunch around the same time about Yahoo’s foray into semantics: ‘Yahoo talked about their plans to allow third parties to alter and enhance search results with structured data that may be useful to users’. These comments really stood out in my mashup-centric mind. This all sounds very similar to the everyday definition of a mashup!

Semantics and mashups have the same goal of connect-the-data-dots but have very different ways of going about this complex task. And its in the devilsh details that I have seen enterprise technologists find semantics more problematic than Berners-Lee or the folks at Yahoo. Why? Because ‘Semantic Web’ isn’t the same as ‘Semantic Enterprise’. And there's the trap.

I have been enthralled by semantics since the now-distant point in my career where I was responsible for a semantic information integration product. I even had an ex-DARPA PhD on contract to try and help me wrap my head around the not-too-simple subject. And based my experiences I must say that even I can see a myriad of potholes on the road to the Semantic Enterprise. So forgive me if I appear to be putting my foot on the semantic brakes but the pragmatic voice in the back of my head just won’t be quiet. I hate to sound like such a hater on such a great concept. I just have concerns.

First, there's the conceptual underpinnings of semantics itself. It is a complicated topic to say the least. In my old role as semantic pitch-man I used to joke that I could turn off even the most technical audience by using terms and phrases like ‘semantics’ ‘ontology’, and ‘equivalence’. Few understood these tenets and even fewer had any hands-on experience with them. (Perhaps Yahoo’s efforts will begin to change this.)

Of course, even if the fundamental concepts were understood by your every-day enterprise technologist, there’s the state of the semantic technology to consider. In a lab, it is simply amazing to see the power and value of a semantic network. I am sure the folks at Yahoo would agree. In practice, however, it is simply amazing to see how hard they are to create, how complicated they can be to maintain, and how sluggish generally slow they can be in production. I heard one industry pundit remark recently that his efforts at creating semantic ontologies universally led to shouting matches and no unusable results.

Final, there's the practical differences between public, SaaS-type of world Yahoo lives in and the behind-the-firewall world of the enterprise. Practically speaking, there aren’t many Yahoo-caliber solutions available for use inside the enterprise. The best (only?) is perhaps Oracle with its early-stage semantic technologies, with a few niche vendors sprinkled in (like the list of exhibitors at the Semantic Technology Conference.) And while I expect some of these vendors might disagree, it is near impossible to find enterprise-grade semantic solutions that show scale, show adaptability and don’t require a PhD to maintain. They all still have that ‘only for the extreme early adopter’ feel.

Last, I think (actually, I know) one of the biggest potholes on the road to the Semantic Enterprise will be the enterprises themselves. Bringing semantics to the Web, a set of reasonably similar collections of knowledge that are 10-years-old at most, can be imagined through a combination of machines and community efforts (albeit a community the size of Yahoo’s). But inside the typical enterprise you have 35+ years of information and information technologies to get ‘semanticized’ and, SOA efforts not withstanding, it is siloed, often undocumented, and about as disparate in format as you could possibly imagine. And unlike Yahoo, you don’t have armies of semantic-tagging volunteers.

Sure, these issues will be worked through. But it will be a while. In a past post I asked ‘…what does an organization's [information-hungry users] do while it’s waiting for [it’s] SOA effort to reach critical mass...?’. I think the same question applies here. So here’s an attempt at a positive conclusion: Mashups can be the gap-filler between today and the Semantic Enterprise. The results can be just as powerful and, more importantly, mashups are something your enterprise could begin today. Once semantics get their enterprise-kinks worked out, they'll make a valuable source of information for enterprise mashers.

Are semantics the future of information? Of course they are. But when will they fit the world of the enterprise? 2 years? 5? 10? More? Well, that’s the real question, isn’t it? I suggest you mash while you wait.

Read More...

Summary only...

Enterprise Mashup Security 101

Gartner published a report recently on Web 2.0 security, ‘Security Features Should Be Built Into Web 2.0 Applications’, a follow-up to their November 2006 ‘Web 2.0 Needs Security 101'. Excerpting straight from the more recent report: ‘The distributed and dynamic nature of Web 2.0 complicates security protection for enterprises and individuals.’ Understated, to say the least.

So this got me thinking on the unsexy-but-critical topic of mashup security. We have posted in the past about ‘Confidence’ and ‘Governance’, but these have generally been non-specific. So let me try to get a bit practical. The question isn’t a simple one but it is certainly worth noodling: How do we execute mashups safely in the context of the enterprise?

I think we are all aware of the security landscape today. On the technology level alone, security is a messy word of old and new systems that do or do not have any connection to corporate monitoring, authentication, authorization, and logging solutions. And it gets even more complicated once you add the ever-changing set of mandated and self-imposed privacy and data control policies and regulations. You can begin to understand why Enterprise Security Architects don’t get much sleep.

Mashups must play nicely in this complicated security ecosystem. For the sake of this discussion, let’s use this working definition of a mashup: ‘an enterprise mashup is a user-driven micro-integration of internal and external data’. From this definition, we can extract the following important security meta-requirements:

1. Mashups are often created by ‘end-users’ themselves;
2. Mashups can be shared with others who may be outside the firewall;
3. Mashups can be created from disparate sources which may be outside the firewall;
4. Mashups can be created from disparate sources which may be of disparate interface formats (RSS, REST, WSDL, and SQL Databases, most likely).

Generally, meeting these meta-requirements can get very complicated very quickly. But it can’t be done as an afterthought! You must be proactive and persistent. Based on these meta-requirements, I’d propose the following Enterprise Mashup Security Guidelines.

1. Entitle and Propagate. Your enterprise mashup must manage the user authentication inherently, delegate the credentials the appropriate identity management system and all mashed-up services. Your enterprise mashup solution must also allow the mashup creator to specify desired entitlements. And all of this must be treated uniformly and seamlessly when mashing up internal and external services.
2. Standardized but Agile. Your enterprise mashup must propagate credentials in the format the source services require. And this security/credential propagation must be built into the architecture because standards are weak here. Of the four service types, only JDBC/ODBC compliant databases and WSDL (via WS-SecurityPolicy) have a somewhat ‘standard’ credentials format, albeit ill-adopted. Therefore, your enterprise mashups must have the flexibility to pass user credentials in whatever form the service providers require, perhaps leaving a placeholder for new standards or custom formats.
3. Portable and Syndicatable. Mashups and mashlets provide the portability for mashups to be syndicated. Imagine your mashlet embedded in a Web 1.0 portal such as BEA and Oracle Portal or in a Web 2.0 interface such as Netvibes, Pageflakes, or your iPhone, that mashup widget must maintain portable security and governance no matter where it goes.

Enterprise Mashups have the potential to be the technology equivalent of the Wild West. Follow the Guidelines and you’ve got yourself a sheriff. Ignore the Guidelines and you could get yourself some quality time in the pokey.

Read More...

Summary only...

Get off your fat apps!

I saw a report written by the UPI recently that described a program, the Future Combat System (FCS), that will have more lines of code than Windows XP. Here's an excerpt: “The number of lines of software code required by the project has more than doubled in only the past five years. The Army originally reckoned it needed 33.7 million lines of code. Now it reckons it needs 63.8 million. The paper also cited Dennis Muilenberg, Boeing's project manager on the FCS, as maintaining that the original estimate was 55 million lines of software, not 33 million.”

As far as I could tell this was something the project team was proud of. And here’s the part made me laugh out loud: they originally predicted 33.7 million lines of code but in fact will likely end up with 55+ million lines of code. They were only off by 20 million lines of code. How could anyone possibly think to spin this as a good thing?

Certainly the natural tendency is for software developers to add more. As an ex-coder myself I must admit that it’s harder to write less code to solve a problem. If you take a senior developer and a new developer and give them the same problem, the senior developer will write less code most of the time. But more importantly he/she will tend towards creating reusable frameworks and modules for an optimally layered solution. Without layers you get spaghetti. With layers you get something more like lasagna. And in this case it’s lasagna that can make you “thin”.

SOA can be a great start to a nicely layered lasagna-like solution. SOAs efforts can greatly promote reusable, accessible business functionality. But it isn’t a slam dunk. We now know the most successful SOA deployments are those that expose ‘business-granular’ services. You know that you’ve hit the business-granular mark when you can describe the service and the data it exchanges in business terms. Can you say this service processes a Purchase Order and notifies Suppliers when Items are delivered?

Unfortunately, once we’ve gotten the SOA part right, we're falling back on old habits by building big apps right on top of our nicely layered, business-granular services! Some of us are even creating these big apps using fancy new RIA (Rich Internet Apps) tools like Silverlight, Flex or Ajax. But these are still fat apps!

But it doesn’t have to be this way. JackBe has begun delivering to its customers something we call a ‘mashlet’, an enterprise-grade mashup widget that can be shared with others or even embedded in portals. They are easy to create (particularly compared to apps that have 55+ million lines of code!) and make a nice dynamic topping on your elegantly layered services lasagna.

I predict the near future will not be fat. The future of apps is much, much thinner. Do you have enterprise widgets in your architecture strategy yet?

Read More...

Summary only...

Enterprise Mashups without Governance = 10 to Life

Darryl Taft at eWeek just published a good recap of the opening panel discussion from this week’s Webservices/SOA on Wallstreet Conference, ‘Enterprise Mashups For Wall Street – Leveraging SOA and Web 2.0’. I was also at the show and had a chance to listen to the panel discussion live. The best part of the discussion was when the conversation went down the path of Innovation versus Governance.

During this thread, an interesting statement was made by Rene Bonvanie, SVP of Marketing at Serena. Darryl wrote that Rene said; 'governance should take a back seat to innovation’. Boy, was this the wrong thing to say to a financial audience where governance is #1 on IT’s priority list! We all know if you don’t enforce governance in the financial services sector, you and your office mates may spend some some time in prison. Just ask the folks at Societe Generale about their US$7.14 billion fraud.

Of course innovation and governance are not mutually exclusive. Actually, when it comes to enterprise mashups, strong governance fosters innovation, not suppresses it. With strong governance in place, you can actually open up more data. And we’re very proud to say that we’ve been talking about governance from the day one, even making it the very centerpiece of our 5 rules to making mashups work in the enterprise.

JackBe’s enterprise mashup platform, Presto, is built on a deep security and governance foundation that ensures adherence to IT’s requirements while still empowering the business user with robust mashup capabilities. And coincidentally, we recently added even more governance functionality to Presto through our Presto Connector for HP SOA Systinet. We’re not talking about rhetoric here but a real, tangible governance solution for mashups.

Luckily, the other panel members didn’t have the same view as Bonvanie. They all believed governance was paramount and would actually accelerate innovation and SOA adoption. Cheers to them!

Read More...

Summary only...

Crisis 2.0: Menace or Turning Point?

There’s a crisis, you say? We are witnessing crises taking hold in many verticals including housing, financial services, manufacturing and others. There's the housing crisis. The bond crisis. The gas crisis. And these macro-crises are event beginning to put pressure on IT, where we're seeing something of a mini-crisis of confidence with IT pros pondering what might happen to IT projects like SOA.

Why is crisis good? Because it’s in the proverbial pressure-cooker that real innovation occurs. Darwin wrote it. Kanye West sang it. Most recently, Ron Tolido at Capgemini blogged it in “Crisis! Hurray, Crisis!”. Ron makes a very defensible case that companies that face crises are more apt to look for innovative solutions to truly help them leapfrog the status quo and solve longstanding problems that had been previously ignored or solved by long-term, big-ticket investments.

On a more personal level, we have witnessed an upsurge of interest in mashup technologies in the last few months and, to be candid, we weren’t quite certain there was any single cause. But Ron’s post led me to my AHA! moment. Mashups are front-and-center for many of today’s most innovative enterprise leaders because they need innovations like mashups to hack a path back to stability, growth and profitability. In fact, some have begun to posit that service-driven solutions have the opportunity to really shine instead of being a victim of those cutbacks that are so common in times of crisis.

This reminds me of a saying attributed to Jawarhalal Nehru, one of the leaders for independence in 1940’s India:

“A leader or a man of action in a crisis almost always acts subconsciously and then thinks of the reasons for his action.”

Innovative leaders are now hearing that little voice in back of their head that’s demanding different approaches and technologies than what they did in the past. If crisis drives need and need drives adaptation, then crisis is good.

Read More...

Summary only...

Practical Mashups

Mashups don’t live alone. They connect to a dizzying array of information sources, both public and private, and deliver just-in-time answers to all sorts of destinations. Last quarter I took part in a cool project to integrate Jackbe’s Presto into WSRP-compliant portals like Oracle Portal/WebCenter, IBM WebSphere, BEA WebLogic, and the like. It was, in my opinion, a practical example of where mashups can add meaningful value in an enterprise. And I am proud to say that I’ve just completed yet another cool-yet-practical integration. JackBe’s Presto is now integrated with HP SOA Systinet through the HP Governance Interoperability Framework (GIF).

Imagine this: you use your friendly BEA/Oracle/Sonic/IBM ESB to create a new service endpoint against a database. But then what? Sure you can share it with the folks in the nearby cubicles in a direct ‘lemme email ya the WSDL’ kind of way. But any good enterprise architect knows this doesn’t work in any real enterprise. How would your 500 or 5,000 enterprise mashers (or your 50 developers for that matter) find this new service endpoint? And how do they know what it represents? And how can you ensure that only permitted users mash with it? And what happens when you make version 2, 3 or 4 of that service?

At JackBe we get asked these practical questions all the time and the industry experts talk about them quite a bit too. Our friend Dion Hinchcliffe, in his post 'The top10 challenges facing enterprise mashups', discusses governance, security and version control as some of the most important issues you need to tackle before your mashup effort is enterprise-ready. And Clint Boulton at eWeek wrote a well-titled article, ‘Mashups Show Promise but Require IT Governance’, on this topic just last week.

And now JackBe mashups can be created from secure and governed SOA services. Good and practical. We’re thrilled that HP has helped us address a common concern about mashups in the enterprise. HP and JackBe will be holding a webcast to discuss and demonstrate our new integration on March 12; you can register here.

I’ve got other projects in the works. Just wait until you hear what’s next!

Read More...

Summary only...

Welcome to the Party IBM!

Wow, two big weeks in a row for enterprise software. Last week was all about the now-passe Oracle/BEA/Sun/MySQL acquisitions. This week is another big week for enterprise software: IBM announced ‘Lotus Mashups’ at LotusSphere this week.

This is a major milestone for ‘Web 2.0 for the Enterprise’. Sure upstarts like JackBe talk about this stuff. But when leading-edge technologies like enterprise mashups are productized by a tried-and-true software provider like IBM, you know that your conservative, non-early-adopter type of CIO has gotta ask ‘what’s that and do I need it?’. I think Ian White at ComputerWeekly summed it up best: “Using browser based technology Mashup will enable internal and external business objects to be deployed and connected by end users. This will create a new generation of self service applications defined by end users and connecting processes and data at the glass in a way that suit the business not just IT. Potentially this is a very exciting announcement.”

And this should also be a wakeup call for the rest of the big enterprise software providers who don’t have a concise enterprise mashup offering (I’m talking about companies like SAP, Salesforce, Oracle, CA and HP). Soon these guys will realize what IBM already knows: enterprise mashups are the face of a SOA platform for the business user. How can you not have that as part of your enterprise software portfolio?

IBM’s Rod Smith and David Boloker have been spearheading mashups at IBM for well over a year and we grudgingly admit they’ve done justice to the concept (we like their alphaWorks QEDWiki site). And we think JackBe and IBM are not just aligned in its marketing-speak, but also aligned in our overall architectural view of the enterprise mashup space. Check out the architectural similarities between Lotus Mashups and JackBe’s Presto. It's qualities like this that [we think] make mashups enterprise-ready and enterprise-grade:

• Lightweight and server-based;
• Built around security and governance;
• Dynamically driven;
• Consumes multiple data sources;
• Gets data to the user quickly;
• Let’s the user tag, search and share mashups.

You probably know that IBM has five major software brands: DB2, Lotus, Tivoli, Rational, WebSphere. If you know what these brands encompass then you’d probably agree it makes sense they’re putting mashups under the Lotus brand. Lotus is the most ‘user-centric’ of the 5. And I think it is also a testament to the fact that enterprise mashups can actually be about the user, not the developer or some back-office middleware software. This is, of course, exactly what we mean with our now semi-infamous tagline, ‘The User is the Killer App’.

And we hope that continued focus on the business user can remove some of the FUD (that ‘fear, uncertainty, and doubt’ for you non-warrior types out there) concerning user-facing/user-driven Web 2.0 technologies like enterprise mashups, wikis, and blogs. I think Ross Mayfield expressed these concerns best: “The new [Lotus Mashups] tool gives users an easy way to build composite applications that they can share with others and publish to their own or a shared workspace. One analyst said he wondered if IT administrators would be concerned by the possible security and management implications that may arise.”

While we at JackBe agree there are issues like security and governance to consider (and we’d like to think we have a pretty good handle on them), the real impediment to ‘user-driven’ enterprise solutions seems to simply be our 25+ years of inwardly-focused IT efforts. This makes it easy to forget that the average business user is more-and-more technically-inclined and self-sufficient every day. You can thank the constant flow of consumer-type sites like FaceBook, Digg, and NetVibes for that. ‘Born Digital’ has an entirely new meaning now.

So, if you are a Lotus customer, congratulations! You have something to look forward to. But, if you’re like many companies who don’t have Lotus, come give JackBe’s Presto a look.

I can't wait to see what next week brings...

Read More...

Summary only...

Happy Mashup Holidays

It wouldn't be the holidays without retrospection and resolutions. Looking back, 2007 could reasonably be named Year of the User. Web 2.0 was everywhere. And mashups were a big part of the story. What was a consumer-based technology a year ago is now earning its enterprise chops. In less than a year mashups h