IT Strategy Letter, July 3, 2002

Is Security the #1 Obstacle? Last week, eWeek ran three good articles on the state of single sign-on technologies, products and standards. They covered both web-services issues and (particularly via case studies) federated identity for existing intranet and extranet applications. The individual articles are:

Averting Web Identity Crisis (an overview with case studies)
Liberty Alliance or Passport
XML Drives ID Management Systems

Posted Sunday, June 30, 2002 12:16:07 AM

Commenting on these links, Brent Sleeper writes, "If history with things like e-commerce is any indicator, it won't be as uniformly important as the conventional wisdom seems to indicate." Jon Udell addressed the same topic on June 25.

My experiences are the same as Jon's. I, too, was convinced that PKI would take off in the late 90s. I had not just one, but two personal digital certificates. (Maybe that was part of the problem: I couldn't use my Netscape certificate with Microsoft software and vice versa.) As to web services, I think a much greater obstacle than security is the lack of standards for business semantics. While the standards for web-services security have yet to be agreed to, we know how to solve the security problems. They're no longer rocket science. Companies like Grand Central Communications are already stepping up to provide reasonable ad-hoc solutions. But pulling together all the players in an industry and coming up with a common semantic model for real-world business processes, now that's a real challenge. (See the following feature story.)
Posted Tuesday, July 02, 2002 4:28:04 PM

Pieces of the Puzzle. Let's be honest. It's going to be many years (if ever) before all the layers in the web-services pyramid are codified in standards. Even then, there will always be a need for one-off customizations. Standards will never cover everything. In the meantime, where do companies turn for the missing pieces? And where will they turn tomorrow?

The top of they pyramid is the world of business semantics: industry-specific protocols, formats and documents. This will be the final frontier for standardization, and even then it will be dominated by specialty vendors and not-for-profits that operate vertical hubs providing centralized workflow automation and directory services.

Below the business-semantic peak of the pyramid lie the technologies that are horizontal (i.e., not unique to specific verticals) but that have not yet been standardized or widely adopted. Technologies in this layer pass through a technology pipeline in which they evolve over time from ad-hoc service offerings to shrink-wrapped software products, and eventually are bundled with operating systems or application servers.

The pipeline has three stages. (1) In much the same way as vertical hubs solve the most difficult industry-specific problems, web-services networks (WSNs) do the same horizontally. Today, for example, WSNs support encryption, authentication, message queuing and other critical functions for which no standards yet exist. (2) At the next stage in the pipeline, as solutions become less ad-hoc but are not yet fully standardized, specialty ISVs step up to deliver solutions in the form of software products rather than as services. (3) When standards are finally adopted (or as an attempt to create de facto standards) the major ISVs like Microsoft and IBM deliver their own solutions in the form of commodity software.

The history of TCP/IP and the Internet are perfect examples of this pipeline. In the early days--before there was an Internet--companies like UUNET offered message routing as a service via dial-up UUCP. When the Internet became available, specialty ISVs offered TCP/IP protocol stacks as shrink-wrapped software packages. In the final stage of the pipeline, Microsoft bundled the TCP/IP stack with its Windows operating systems. What entered the pipeline as a service, came out the other end as a standardized commodity with essentially no value based on differentiation. (Imagine trying to make a living selling TCP/IP protocol stacks today.)

All of the yet-to-be standardized horizontal components of web services will likely follow the same pipeline. What is only available from WSNs today, will next be available in the form of software packages and eventually bundled with platforms. What does this mean for the WSNs and the specialty ISVs? Will they forever be able to identify and deliver new and valuable ad-hoc functionality, or will they eventually go the way of UUCP networks and the TCP/IP protocol vendors? My instincts tell me the latter.

[Source: Thanks to Dave Wright, Microsoft .NET Architecture Evangelist, who inspired these thoughts over Dim Sum yesterday.]
Posted Wednesday, July 03, 2002 2:10:01 AM

Aggressive Adoption of Web Services. North American companies are adopting web services at a faster rate than anticipated, and companies that hold back on this cutting-edge technology risk being bypassed by more nimble competitors, according to a new research report from The FactPoint Group and Outsource Research Consulting. [Source: Brent Sleeper]

Separately, a survey conducted by Evans Data suggests 98% of IT managers plan to develop web services-enabled applications within next two years and 75% are already incorporating web services. [Source: WebServices.org via Julian Bond]
Posted Tuesday, July 02, 2002 4:11:20 AM

.NET Alerts. As Matt Griffith observed, Microsoft has recently reduced the price of its .NET Alert service, eliminating the initial $15,000 fee and charging Subscription fees that start at $.075 US per user per month. But as Simon Fell points out, ".NET Alerts partners require a [$10,000] Passport license." Microsoft also warns, "Space is limited." Consider this a business-prevention deal. Strangers need not apply. You can bet that those partners whom Microsoft wants as early adopters of .NET alerts aren't paying a dime.
Posted Monday, July 01, 2002 11:03:47 PM

Vendors: Stay on Target. This month, Brent and Bill of The Stencil Group offer good advice to vendors of web-services products and highlight recent changes at Novell.
Posted Monday, July 01, 2002 12:02:55 PM

Web Services DevCon. If you're involved in the messy business of actually coding web services as opposed to just talking about them, then you need to be at the this meeting near Boston, October 10-11. But hurry, the seats are going quickly. [Source: Julian Bond, Ecademy.com]
Posted Friday, June 28, 2002 12:46:06 AM

EDI VANs: Morph or Die. GE's Global eXchange Services is being acquired by technology buyout firm Francisco Partners in a deal estimated at $800 million. Harvey Seegers (current president and CEO of GXS) will remain at the helm. The matching of a seller and a buyer means there are two opinions. GE probably sees that VANs are a dying breed, whereas Seegers and his partners believe they can transform the company into a major web-services player. [Source: Line56]
Posted Thursday, June 27, 2002 4:26:19 PM

Majority of Web Servers are Vulnerable. Mike Prettejohn of Netcraft reports that over half of the Internet's web servers are now potentially vulnerable to attack due to (a) Microsoft's recently announced HTR buffer overflow problem, and (b) the June 17 announcement that Apache web server are vulnerable to a buffer overflow through flawed functionality affecting its "Chunked Encoding" mechanism. Has your service provider protected your servers?
Posted Monday, July 01, 2002 9:47:24 AM

Is Hosting Still Hot? Last week, Information Week surveyed trends in the hosting business. Highlights:

"U.S. businesses operate an estimated 97% of all IT systems in-house, according to Tier 1 Research." [That must include all potential outsourcing, not just web hosting.]

"But the shakeout may be a good thing. 'Consolidation has made the stronger ones better,' says Dan Agronow, VP of technology at The Weather Channel." [I agree]

"It's become clear that basic hosting services such as simply co-locating computers in a shared facility are 'stick-a-fork-in-it dead,' Loudcloud's Andreessen says. To be successful, 'you've got to be high-end, serving high-end customers, and you've got to be at scale," he says. "And if you can do all three of these things, it's a nice business.'" [I disagree. It may not be glamorous, but if you know what you're doing, you can run a healthy colo business.]
Posted Monday, July 01, 2002 10:19:09 AM

Gartner on Web Hosting Measurement. I know throwing the first stone is always risky, particularly when it's directed towards a much higher-profile consultancy, but I just have to wonder: Am I the only one that can't make heads or tails out of this Gartner piece Web Hosting: Efficiency, Effectiveness and Maturity? Is it valuable information that my feeble mind just can't grasp, or is it really just analyst-speak? Here's an accompanying article by the same authors that may shed more light on the topic: Getting Caught in the Web: The Web Hosting Investment. I think I understand this one.
Posted Friday, June 28, 2002 11:54:32 AM

Nothing planned for the rest of the summer. I've got my head down and my fingers glued to the keyboard, writing my next book, Web Services: Strategies for the Real World. Look for it at the end of the year.

The IT Strategy Letter is published weekly by Doug Kaye. The content is identical to Doug's weblogs.