Mashup Camp 2 Day 1: Mashdowns

As I mentioned in my previous post, I had to do all my blogging today offline because of the spotty wifi in the Computer History Museum, and I have to say that Windows Notepad makes a pretty sucky offline blogging tool. However, I’m relaxing back in my room listening to the newly-downloaded and extremely enjoyable Veneer (just available on iTunes, after I couldn’t buy the CD after a month of trying on, cleaning up the blog posts and paper notes from today.

Following the kickoff session, we headed off to breakout sessions proposed by anyone and everyone during the kickoff. Each session was supposed to update the wiki with notes from anyone at the session, and you can find the grid of sessions here with links to the wiki pages with the notes. I’ll link to the notes for each of the sessions that I attended.

The first one that I headed to was “Mashdowns: mashing for competitive advantage in rich client/enterprise applications”, led by Mike Fisher and Ben Widhelm from ElephantDrive. They see this as a second generation of mashups: more tightly integrated into desktop or enterprise applications, and more focussed on “doing” rather than “consuming” — which seems pretty much aligned with my ideas about BPM and mashups. I hate their term “mashdown”, however, preferring the more-commonly used “enterprise mashup”. Really, the distinction between first and second generation mashups is primarily between consumer mashups and business/enterprise mashups.

We gathered a number of ideas about the difference between first and second generation mashups:

  • First generation mashups are about the “what”, and are primarily about aggregating/joining/federating data. They’re generally seen as useful by users (consumers), and because they’re focussed on the consumer market, they tend to be public, and developed rapidly and a bit loosely. The revenue model is usually based on ad revenues, since few end-users pay for the mashups.
  • Second generation mashups are about the “how”, and are about aggregating external and internal (enterprise) services. They’re useful to business for all the usual business ROI reasons: improving process efficiency, reducing IT costs and increasing business agility; like any other plan that reduces technology capital investment, they also tend to level the playing field for smaller companies since they can use the same technology as the big guys but not have to build it or buy it outright. Unlike the consumer mashups, however, they have to be industrial-strength, private and secure. Equally importantly, they have to be supported by some sort of service level agreement backed by appropriate high availability and disaster recovery scenarios, which most of the current API vendors are not willing to provide.

The key difference for me is that second generation mashups are about integrating into the business processes. This breakout was a significant conversation since it’s the first one that I’ve heard at either Mashup Camp where business processes were a major focus. I’m feeling very positive about BPM and Web 2.0 today.

We had a conversation about one of the main problems of enterprise mashups, which is their current lack of acceptance by IT. Part of this is IT attitudes: not trusting the external APIs, either in terms of data integrity or in terms of reliability, plus the NIH problem. An equally important part is the relatively lack of readiness of the APIs themselves in terms of SLAs, authentication and other indutrial-grade issues that would have external APIs be on equal footing alongside internal ones. Even with internal-only mashups, that use lighter-weight mashup techniques on internal APIs, there’s resistance to a new way of doing things. That really comes back to the question of the the difference between a mashup and any other web services orchestration, especially as lightweight (non-WS-*) integration methods are used for faster application assembly internally.

This was a great session for focussing my thoughts on how to talk to my enterprise customers about mashups.

Michael Scherotter was also there from Mindjet, distributing copies of their application on flashdrives. Haven’t had a chance to install and try it out yet.

SaaS: Mean time to fix security holes

I hadn’t looked at the news feed from Information Week for a few days, so when I checked it today there was a really interesting story told by way of headlines:

Yahoo Mail Worm Harvesting Addresses: The “Yamanner” worm exploits a JavaScript vulnerability in Yahoo’s Web mail client. Users should watch out for messages with a “From” address of [email protected] and the subject line, “New Graphic Site.” Posted on: Mon, Jun 12 2006 11:41 AM

Yahoo Quashes Mail Bug: Yahoo says it has patched a bug that was letting attackers hijack systems through a flaw in the portal’s free Web-based e-mail service. Posted on: Tue, Jun 13 2006 1:23 PM

Yahoo Mail Worm May Be First Of Many As Ajax Proliferates: The Yamanner worm that hit Yahoo Mail shows how increasingly popular techniques like Ajax and Javascript that make Web-based software perform well also could make it vulnerable. Posted on: Tue, Jun 13 2006 4:00 PM

As alarming as this might sound, think about the timeline for a minute. Late Monday morning, the problem hits the news. Early Tuesday afternoon, the security hole is fixed; because there’s no software installed on any desktops, the fix is effectively distributed everywhere instantaneously. By late Tuesday afternoon, they’re already into the post-game analysis since there’s nothing else to talk about.

Quite different from applications that run on your desktop or your servers: this is the reality of web-based SaaS.

The Eight — er, Four — Misperceptions of Outsourcing

I was catching up on some older Gartner podcasts recently — they’re not really time-sensitive, so fine to listen to them weeks or months later, and some of them do contain some good tidbits of information. There was one good one called The Eight Misperceptions of Outsourcing: Part I, in which Linda Cohen starts by listing these eight misperceptions:

  • the myth of sourcing independence;
  • the myth of service autonomy (this was particularly interesting since it touched on the subject of the interdependence of services due to SOA and BPM);
  • the myth of economies of scale;
  • the myth of service management as self-management;
  • the myth of the enemy;
  • the myth of procurement;
  • the myth of steady state; and
  • the myth of sourcing competency.

She then went on to discuss the first four in detail, whetting my appetite for Part II, which was to contain the second four. I checked my iPod: not there. I checked the iTunes directory: ditto. I checked the Gartner podcast page: Part II just doesn’t exist. Okay, it’s only been four months since Part I, maybe I’m being a bit impatient, but bring on the second four myths, already!

Of course, I’m not one to be throwing stones here: I posted the first six episodes of my Short History of BPM over a month ago, and haven’t completed the last two. Now that JC has caught up with translating them to French on his blog, however, I need to get moving on this.

CIO as dinosaur

From Baseline/CIO Insight, a report on emerging technologies; specifically, a survey of CIOs of what technologies that they’re actually using. Some results that I find to show the incredible short-sightedness of many corporate CIOs is the percentage who find the following technologies “of no interest/not on the radar”:

  • SaaS, 32%. How could this number of CIOs possibly have no interest in SaaS? Only one answer comes to mind: empire building.
  • SOA, 30%. The percentage of CIOs who prefer to remain mired in legacy linguine.
  • AJAX, 46% and RSS, 38%. How to they plan to deliver information, both interactively and via publication, in the future? This isn’t just an externally-facing issue; in large organizations, these technologies are equally important for serving it up to internal users.
  • Social networking, including tagging, 51%. Although other things were mentioned in this category, I see tagging as the key contributor to a corporate environment here. How long will it be before all ECM systems have tagging as a standard feature? When will CIOs stop characterizing this as “allowing the lunatics to run the asylum” and just put the right categorization tools in the hands of their users?
  • Wikis, 46%. Okay, I get why a lot of companies are still uncomfortable with blogs. But wikis for collaboration make a lot more sense than clogging up everyone’s email with multiple out-of-date copies of a Word file that everyone is trying to update at the same time. It’s only a matter of time before Microsoft adds wiki capabilities to SharePoint (if they haven’t already), at which time everyone will be using wikis below the CIO’s radar. David Berlind posted yesterday about how many IT leaders have never even heard of wikis, which is likely where the “not on the radar” is really coming from.

There are a lot of other equally shocking stats about just how far behind corporate CIOs are in their thinking. Many of my clients are large financial institutions, so I suppose that I shouldn’t be that shocked: if I polled them directly about these same issues, I’d likely get similar results. Unfortunately, that doesn’t give me much hope that these organizations are going to become a lot more efficient or offer better services to their customers any time soon.

On the BPM front, only 21% show as “deployed”, 19% “testing/piloting”, 27% “evaluating/tracking” and 32% “no interest/not on the radar”.

Update: I just saw this post on why AJAX and RSS matter for in-house user interfaces, particularly for BPM.

Update: Robert Scoble reports that wikis will, indeed, be in Sharepoint 2007. The meteor has landed, you guys can all just head for the tar pits.

SaaS versus shared services

Lots of interesting things swirling around about SaaS lately, including the relationship to shared services within an organization. James Governer posted about the convergence of shared services and business process outsourcing, but I have a bit of a problem with comparing an internal mandated service with an external service about which you have a choice. As I said in my comment on James’ post, the problem with equating shared services within an organization and a true outsourced SaaS is that an enterprise is usually captive to its shared services, whereas they have a choice with an external SaaS.

Then Richard Veryard posted about “Open Sauce”, which completely cracked me up, referring to an earlier Seth Godin post about Tabasco, and making a SaaS analogy:

Imagine there was a delivery mechanism that allowed people to buy a single shot of Tabasco on-demand. Imagine there was a social mechanism that allowed people to share bottles of Tabasco (and many other flavours) with their neighbours.

Having seen these three posts in succession, I started thinking about the shared services analogy: similar to Veryard’s SaaS one, except that your older brother owns all the bottles of hot sauce, and your mom makes you buy from him rather than the kid in the next block. If your brother’s taste is the same as yours, that’s great for you; if it’s not, then he comes off like a bit of a tyrant. If you don’t like his taste and choose not to have hot sauce, then he still justifies his existence because he’s still the household standard, there’s just less hot sauce used and your life is duller because of it.

Who’s the dinosaur now?

Do you hate the Microsoft “dinosaur” commercials as much as I do? If so, you’ll love the skewering that they receive at the hands of the Economist‘s illustrator this week, accompanying an article entitled Spot the dinosaur (paid subscription required):

The article, of course, discusses the world of online software and what Microsoft is doing — quite late in the game — to join the party.