Access Management for Web Applications

A series of blogs has been put up by Maria Sum at Sun Microsystems. The seven part series discusses the Sun products for security and access control. These are the products that have been selected in the Draft Specification for the Security & Access Control  module.


In the Draft Specification, the Security & Access Control module is also the first module to be built. Using Sun Identity, Federated and Access Management frameworks. How this is implemented in the People, Ideas & Objects application modules is that we will be building the application module almost immediately. It will then be used by the community to test and develop the module to the needs of the community. Making the module so that it is Single Sign On (SSO) and that everyone in the community has a hands on understanding and use of the module right from the start.

This is certainly a different way of developing the application, usually the Security & Access Control are the last things that are cobbled together as an after thought. Sun has something to say about that and the use of their product frameworks.  

Typically, the number-one problem in developing Web applications is that identity is often an afterthought," Jamie observes. "Developers tend to focus on the logic, UI, and other aspects until it dawns on them, toward the end of the cycle, that they must secure the applications for, say, user login's and protect the data. Then come the important questions of what tools to use for verifying and authorizing access, what maintenance tasks are involved, whether to adopt federated identity—all afterthoughts at the eleventh hour.

The security of the information held within the People, Ideas & Objects application modules is of a mission critical, highly sensitive and confidential basis. Add to the fact that we are interacting between the community, the producers and their partners and all members of the service industry the security of the system becomes the number one priority. This also brings up the nature of the code that is compiled into the module. This needs to be open and reviewable by those that use the code. It is not enough to say "trust me", people, producers and suppliers have to be able to independently verify that the security level is achieved through their own review. And in People, Ideas & Objects the source code is available to the community and producers for just this purpose.

As with most of Sun's products this independent review of the source code is available to their products. Sun is strongly committed to Open Source Software and therefore their code is openly reviewable as well as that of the People, Ideas & Objects application modules. These products include the following four components.

• Sun Java System Access Manager
• Sun Java System Federation Manager
• Sun Java System Directory Server
• Sun Java System Identity Manager

By implementing the application early, we are able to use the SSO as the method that our community accesses "Google Apps for People, Ideas & Objects Domain" and "SalesForce.com". Permitting our Users to sign on once and have access to all of our systems with one very secure sign in page. Early use will educate our users on its value and features and debug our implementation. Ideally we will need to have the authentication, verification and audit procedures and policies in place before the system is provided to our customers. A system that is used by all members of the community first, and then as production code for our producer clients.

I want to stress a major point of how this application, as defined, is implemented in the greater scheme. If producers are not satisfied with the level of security offered, they are able to deal with the Users and Developers directly to get the solution they want. Try that with either Oracle or SAP. It is reasonable therefore we will have the most secure system possible operating in the ERP market space. And yet, by using Sun's products in this fashion we inherit the following.

Again, Jamie emphasizes, The goal is to free up developers to do their primary jobs instead of fiddling with security.

and

Jamie strongly advocates access management being part of the application design. Applications that work centrally with access management are the answer, he says; otherwise, "you end up creating a load of mundane and unnecessary work for professional-service engineers and system integrators." Typically, as in health-care applications, you "retrofit or use a wedge to incorporate SSO into applications."

This is the model that Sun uses to provide the product. What Sun's Chief Open Source Officer calls the try-prototype-buy support model. Making the extensive costs of developing a high level system such as this much more affordable for development. Interestingly Sun states this in two different phases of a development projects life cycle. When you have time but no money, free is great, and when you have more money then time, the Sun services are there to provide the support.

In Part 5 of the series Sun engineers talk about the "build" model of how the applications go from Open Source to commercial release. The feature differences between the different builds and the expectations from each product. They also state that the application when used in an environment such as People, Ideas & Objects, should have the most recent version of the Sun products.

Lastly I don't expect this preliminary operating feature consider the Military Command & Control Metaphor, or digital signing of documents like agreements and A.F.E.'s in this first build of the module. 

I will be adding this information to the Draft Specifications for the Security & Access Control module in the wiki. To begin this development we need to have our targeted audiences, the oil and gas investor that is disgruntled by the bureaucracy, and governments that need to resurrect the economy, provide the financial resources. If you know of someone that meets that requirement, please send them the URL to this website and encourage them to contribute, and join me here.

Technorati Tags: People's Sun Specification Software

Evaluating SalesForce

For the past few months I have been seriously thinking about the manner in which all the people that may be involved in this project will communicate. And of particular concern how they will communicate to the oil and gas investor / producer that will be using the software and community of independent service providers.

As I may have mentioned, the collaborative environment provided by "Google Apps for our Domain" is the best solution in the marketplace today. It hasn't all the features that other applications have, but Google has been able to prove that everything is always in development. And therefore it will eventually get much better then the competitions. I have been using their service for this project for about a year. And the interface elements of Google's design are such that they are intuitive and clear. Much like the Apple interface.

A few months ago Google announced their "Apps" product was available and integrated into SalesForce.com a Customer Relationship Management (CRM) program. I thought I would try the product on the free trial basis.

When it comes to management of customers and marketing, the oil and gas industry has no idea what these terms mean. After 30 years in oil and gas I can say, that as a producer, I have never seen a customer. So when we take a state of the art application such as SalesForce.com is in the CRM marketplace. I did a bit of scratching to figure it out.

It recently came to me how the application is integrated into People, Ideas & Objects. We need to create full time "Account Manager" positions that service the client producer with their needs. These individuals will need to be very familiar with how oil and gas operates and can see the substantial differences in the application being mirrored within the client producers firm. Attaining that mirroring should be the Account Manager's key objective. They will have the SalesForce.com application as their key resource in determining the needs, and marshaling the resources of the community of independent service providers. Providing the services and our software to the producer. That way the community can be coordinated in their approach to the producer firm. I don't want producers being inundated by the same query more then once. That is inefficient and costs the producer unnecessarily.

How this gets achieved is through the application and the Account Managers organizing the resources for the firm. SalesForce.com provides a comprehensive solution that is well built and capable of approaching the demands that we will eventually be expecting of it.

Naturally this imputes that the Users, Developers, Investor Sponsors and Project Managers that are active in the development of this software will also need a license to SalesForce.com. Or, alternatively can access the system through a Partner and other Portals. Their they can deal with the Account Manager, the development team, other users and producers as needed and be fully up to date as to the status of the software application and its integration within the producer firm.

A couple of things that I thought were interesting and of value was a way in which the producer (Through the Account Manager.) and users could post a suggestion and the rest of the community votes on the feature. If we had the ability to prioritize our developments in such a simple manner, it would help to maintain that our focus remains in the marketplace. The second interesting feature was the idea and solution features.

Therefore the need to have the services of Google Apps for our Domain ($50.00 / user) to deal with the "Office" type of applications, email, calendar, and most importantly the wiki. And have SalesForce.com ($1,500.00 / user) provide the glue that holds this community together throughout the regions we may find ourselves operating in.

Technorati Tags: People's Google Software Users

A new revenue stream.

In the back of my mind I have frequently thought there was a role in this software development project for governments. I have now determined that the reasoning for them to support this project is at least as strong as the argument I have made for the disgruntled oil and gas shareholder.

What's going to happen to the capital intensive oil and gas industry as a result of this credit crisis. Need I say more. It should be anticipated that many projects will be canceled as a result. Maybe even some voluntarily. I think in the first year or so the commodity prices will decline, not substantially from here, but remain depressed as a result of demand destruction. We know this does nothing to the reserve life index other then watch it decline further and further. Therefore I think by 2013 we may see the majority of the capital that was injected in the industry from credit and investors being replaced by the higher commodity prices that provide a reallocation of the financial resources for innovation.

To describe the routine that we will be going through in the next five years is not something that is positive. I hope that everyone can hang on to what they have, but these will be as difficult times, and may be much worse then the great depression. There is a purpose and reason for this pain, and it is so that we are motivated to move to a more efficient future. The quicker we get over the pain the better off we will be.

Why would this downturn be worse? Firstly it's more global then local. The Americans are showing the way, not because they are the worst off, but because they are always the first to see a problem and deal with it. Other countries in Europe, mostly, are in much worse shape then the States and yet, do not have the resilient character to pick themselves up as quickly. Those that profess the doom of the U.S. will be sadly mistaken by the events of the next five years. And how the events that come along will seem to favor the Americans, in which they will dominate the world marketplace for decades to come.

This is a failure of everyone and no one. The economic system that we depend upon is no longer efficient enough to feed and provide for the population. The basis of organizations, the hierarchy is unable to meet the demands of it. This is primarily as a result of its inability to change and innovate, and is a form of organization that is static. The auto industry can't change the cars they provide. The solution in the future will not involve a car. The energy industry can't meet demand for energy and the companies continue to see large declines in their reserves and production. These are the problems that are being represented in the credit crisis. Its an unsustainable way of life based on the way in which business operates. This is to a large extent the failure of bureaucracy, just as central planning was in the former Soviet Union.

In the 1700's Britain's population was around 6 million people. Life was terrible with mass hunger and overpopulation being the critical issues of the day. Professor Ludwig von Mises said the industrial revolution was the solution to world hunger and over population. Mechanical leverage from the industrial revolution provided Britain with the ability to grow to 24 million people and be very prosperous in the 1800's. It is this exact same situation we find ourselves in today. We have to re-organize and become far more efficient to feed and provide for the 6.7 billion of us. This will be done by the Information and Communication Technologies (ICT) revolution.

Non the less, identifying this second stream of revenue may provide a large percentage of the capital necessary to meet our needs. In the Preliminary Research Report it was determined based on the Theory of Structuration of Anthony Giddens and Model of Structuration by Professor Wanda Orlikowski that software defines and supports the organization. The bureaucracies have, or will very soon, lose the ability to organize themselves and function. This is why we need to build this software and why the governments will need to financially support this project. 

After the collapse, if we are to attempt to resurrect the way that things have operated in the past. Then we will be unable to deal with our current difficulties and adjust. This adjustment will be fundamentally different then the previous five economic meltdowns. The last being the great depression. Today we are able to use the technologies to redefine the new organizations and ways that we are going to work. This isn't technology being implemented for technologies sake. This is now a necessity. We can regress completely to manual systems and live like barbarians, or build the systems that will define and support the organizations of our future. A simple choice.

This is where the second form of revenue is established in this software development project. Governments have a vested interest in ensuring their people are not harmed by this credit crisis. It is they who should act in concert with the previously identified disgruntled oil and gas investor. Both of whom are the direct beneficiaries of this application being built, and I am suggesting therefore they are two groups that share the responsibility of making this project real for oil and gas.

Now the government is certainly not only interested in the oil and gas industry. This principle will apply to all industries and in all walks of life. And that broader role is something that these governments should see quickly in terms of reducing the pain of the credit crisis.

So I am calling on the governments to work with the People in this project and provide some of the funding. This is the governments that have centers in their economy that are dependent on oil and gas, such as Alberta, and those that are part of a larger government, the Canadian, U.S. and other jurisdictions. The point I am trying to make is that some governments have a direct interest and some have an indirect interest in making this software available in the marketplace as soon as possible.

Ideally I would like to see the governments contribute the financial resources necessary to cover off the regulatory and royalty requirements of each jurisdiction represented in the application. I would also expect that the governments would provide an element of dollars that are necessary for the overall application.

Can everyone see how the hierarchy and its legacy continue for the next century? This is a time of renewal not of resurrecting dinosaurs. Getting in the car in the morning to drive to work is so unnecessary in the future. Does anyone expect these actions that are defined by using the bureaucracy should remain? I have provided a sound and workable vision of how the energy industry could function in the future. This is represented in the Draft Specification and consists of the eleven modules. Professor Carlota Perez states that the People need to know that the old ways can no longer sustain them before they will move to the new vision. That time is today, September 30, 2008 and this credit crisis will affect us for the next five years. We should move now.

If you know of someone that falls into either of our two primary revenue streams. Please send them the URL to this blog and the URL to this specific page and ask them to consider the role that software can take in making the "pain" that we will suffer less. And join me here.

Technorati Tags: People's Perez Change Software Trends

Encana, the software company.

Word on the street is Encana has a large 200+ person software development project being sourced from the local market. Seems they want to be able to consolidate the financials of Oil-Co and Gas-Co, the two companies being created by splitting up the firm. Therefore they need to hire these people to make sure all their systems are speaking the right language and they can sing from the same song sheet.

Why would an oil and gas company hire from the market the individuals that are needed to build a small application. That's right a small application. This thinking goes back to the troglodyte age when oil and gas firms did everything for themselves. Now there are far more cost effective ways of doing things, but obviously Encana has size and scale on their side. Soon they will be manufacturing their own drill bits, they're invincible.

Just so happens that the Draft Specification includes the ability to conduct all those consolidations that Encana needs. That's right, using the SEC's just announced IDEA platform as one of the cornerstone applications of the Compliance & Governance module. This allows investors to have unlimited access and control to a standard tag library where they can query and develop any type of scenario on any number of companies. The combinations and permutations are unlimited.

So by the time the powers that be at Encana have blown 100% of the costs of developing their software, no one else in the industry will have access to it. Brilliant. Incur 100% of the costs because it is your core competency; and make sure it doesn't play well with others, even though the SEC standard is applicable to all companies. Encana must know something about the software business that I don't.

Here's an idea, I'd be willing to take a similar amount of money from Encana, and deliver a complete systems based on the Draft Specification. Now that's a modern value proposition that adds real value to an oil and gas producer.

It's comments like these that get me into trouble you see. I should learn to keep my mouth shut so that the IT Manager that christened this project doesn't get offended. And, by keeping quiet I would also make sure that IBM, CGI, EDS and the other TLA's (Three Letter Acronyms) don't get questioned on their business ethics by selling something to someone who should know they don't need it.

I wish to appeal to those that have an interest in making this software development project real. If you know of a producing company, or an oil and gas investor that is interested in sponsoring this project, please email the URL of the web log to them and join me here.

Technorati Tags: People's Software Innovation Pig

But can this project scale?

Many people look at a start-up such as this project and say, it'll never work, they can't scale. I look at the existing infrastructure of SAP and Oracle and say, it'll never work, too much code and too many customers. How's that for different points of view.

The constraints of organizations are quickly becoming the impediment to growth. That is by removing the constraints, growth will accelerate. Look at what has happened in the technology marketplace in the last ten years. Apple reacquainted itself with Steve Jobs and restarted the organization essentially from scratch. New designs, new processors, new operating system with 5 major upgrades, invented the iPod, iPhone and who knows what else exists in the man's mind. It's now 3 times the size of Dell.

Google has started as two PhD students with some fancy search algorithms. Ten years later they have built one of the most prolific cloud based product producers. And Microsoft continues to spawn vaporware in every product category as a means to sew Fear, Uncertainty and Doubt (FUD). The performance of the start-ups in the last ten years vs. the industry behemoths has created more value then the behemoths have lost.

Sun Microsystems have two projects Project Hydrazine and Project Caroline. There is a very informative (technical) podcast that you can listen to on Project Hydrazine here. These two projects provide People, Ideas & Objects with the ability to scale better then SAP and Oracle.

Lets look at the Draft Specification - Security & Access Control Module of the People, Ideas & Objects application. This module uses the Federated Identity products of Sun Microsystems. (I recommend you watch the four minute video with the perspective of a JOC in the forefront of your mind.) I take these tried and true applications and implement them in what I believe to be the greatest level of security and user friendliness. I do this development on Project Hydrazine and then deploy it their as well. Suddenly the users of this application have a state of the art Security & Access Control module capability. I provide the major accounting firms with the necessary access for compliance and boom, the job is done.

Well maybe not that easy, but far easier then the two ERP vendors I mentioned earlier. They have a lot invested in their code. They can't, and won't, throw that code where it belongs, even it is not up to the quality necessary for compliance. The reason they don't want to change is that it will take them the better part of this century to change the user base over to the better product. Constraints of code and customers for a software firm are the impediments of growth. I'm certainly pleased that I have neither code or customers at this point in time.

And that is the point. When I do commit to the code, it will have to be in such a fashion that I am not undertaking a huge infrastructure that needs to be built to support it. I hire Sun through Project Hydrazine to deploy the application and run it on their servers. I think they know a few things about that, and they sure are motivated to be the best.

So can this project scale? You tell me. And don't tell anyone but I feel like I'm cheating.

Technorati Tags: People's Sun Software Strategy Specification

Business users.

I recently commented in a number of posts how developers and users need to communicate more effectively during the software development process. I suggested that Users may want to have a look at some of the tools that are available today and highlighted a series of videos on "Eclipse day at Google". I also commented that the developers may want to consider their NetBeans tool set to include some tools for enhancing the communications with users.

Business rules, data models, UML and XML make for a very precise definition of the business. However, to the business user these are very abstract representations of the business and there is so much more to what they do in their jobs. I think the business user needs to understand the Java Language to the level where they are thinking of their problems in Java and then can relate them to the developer. I think the developer needs to understand that an innovative and change oriented business needs to have development work done on a constant basis.

Making a comment on Geertjan's blog reflected well the attitude of the developers and how difficult a task this may be. I feel this is a serious problem. Users and developers in a distributed development project, as big as this project is, are going to need as much help as possible. I would go as far as to say that bridging this gap may be one of the next frontiers in developer productivity.

Then along came Anne. Anne Botha has picked up the topic of how difficult the current environment is for the business user. A developer by trade Anne tried a few jobs in which she became the prototypical "business user". Her writing is very frank, interesting and comical about this subject. She is writing 10 articles about her undercover adventures and I think she is defining this problem very eloquently in her first two posts. If you want to subscribe to her writing it is a little difficult as I don't think she has her own blog, and is posting the series at DZone. Her first two articles are here and here. Very informative and good entertainment.

Technorati Tags: People's User Development Software Ideas

Uh, actually it's three applications.

I was running through the options in how the People, Ideas & Objects application modules can be implemented with Solaris 10 and Java. What has quickly become obvious is that the application that we are building is actually three different applications. Categorized on the basis of either a Producer, a Person or a Joint Operating Committee (JOC). Each category having access to the eleven modules of the People, Ideas & Objects through different interfaces.

The Solaris operating system provides containerized virtual instances of the operating system. For all intents and purposes these virtual instances of Solaris are as separate and distinct to the two operating systems running applications in ExxonMobil and ChevronTexaco. A virtual instance of Solaris is created for each person, JOC and producer company. This provides the separation and access of resources to only those who are authorized. Interactions between instances is through the Java enabled transaction management capabilities.

This provides enhanced security flexibility to each person, JOC or producer company. With each virtual instance of Solaris accessible by the owner they can grant access privileges based on Solaris' 50 user definable roles. Root access is available to be granted to a variety of people who need that access, yet it only provides root access to those areas. Audit, compliance and others will be able to access what they need to do their jobs without the risk of granting global root access to people who need it.

Each of these virtual instance will provide a server side MySQL database that manges the data model for their type of user, a person, JOC or producer. I believe this helps in avoiding much of the complexity and confusion that "might" occur if we ran this application as one monolithic instance. One might assume that the hardware requirements would explode in terms of cost and complexity, and this is where Sun has obviously spent some engineering time. And why this will be run on Sun's network.com or cloud computing platform. Each processor could handle 16 virtual instances, and, are able to scale dynamically to use the number of processors any application may demand. Making the decision to use Sun's cloud computing the equivalent of a "doh!" as Homer Simpson would say.

Technorati Tags: People's, Sun, Software, Development, Specification,

I swear, a day has 36 hours.

Going over the budget numbers for this software development project. In doing so I want to bring back a term that was used in the pre-2000 era technology. That is "burn-rate". Not something that you necessarily want to brag about but this project may have one of the largest "burn-rates" in technology history.

First off I want to note the costs of development in the May 2004 proposal was detailed at $70 - 85 million. Two changes have made these previous development numbers pale in comparison to what they will be in the future. A third change works to expand the number of hours in a day, which leads to even higher annual costs.

As I have mentioned on many occasions, the Users need to be involved in this software development. I have argued that SAP knows nothing of drilling wells and NGL operations. And as a result SAP doesn't work for oil and gas. The need to have the Users involved in development from the start is necessary to get this system right. There is no other way to deal with the issues of determining who, what, where, when, why and how the software has to work then asking the people who hold this tacit knowledge collectively.

OK so the users need to be compensated. Asking them to volunteer their time is an excessive request that extends well beyond the reasonable or even surreal. I have also noted here before that the oil and gas industry is headed towards an annual turnover of $4.5 trillion. I'll bet even Dr. Evil would choke on those numbers. The cost increase that I am talking about here is that the user-to-developer ratio will range from a low of five-to-one and an upper factor of ten-to-one. That's up-to ten User hours for each developer hour.

The second aspect of the original proposal was that it was just for Canadian operations. Back then my thinking was limited to that market, and rather quickly realized that the global audience needed to be targeted. Having only one geographic location being serviced by this application is a reduction in the real value of using the Joint Operating Committee. Besides the supply of energy is a global problem. Therefore, the royalty, tax and compliance requirements of the total population of global producers needs to be considered on top of just the Canadian operational environment.

Lastly I want to add fuel to the fire of my adversaries by noting that the compression of time is something that will be implemented in this application. Instead of budgeting for four years, I think it can be done in two and half years to initial commercial release. (Maybe even less!). We are approaching a systems use that may start the day in Russia and China, move to the Middle East, Europe and then the United States. Users from these regions will be able to collaborate in an asynchronous manner. Hence providing for potentially a "day" of user driven development that totals 36 hours.

To deal with this wealth of information we need the developers to be writing code at approximately the same pace. I have thought about this and have come up with a one-third, one-third, one-third solution. Each third of the time allocated to developers will be sectioned off in the following manner. Open-Source developers, Sun Microsystems and Indian based development houses.

Open-Source developers will be welcomed in this development and be able to add this project to their client list. These people are generally doing what they are doing because their recognized skill set is exceptional. The type of developers that are able to produce ten fold what other developers can do.

Sun Microsystems developers. And here we are accessing the Solaris, Java and MySQL developers. Sun has hired many of the best developers in the world. I also believe that this project will be the first test of Sun's integrated environment, and it is therefore incumbent upon them to prove to the world that it is a viable environment. Essentially setting the bar as high as has been attained in terms of technological risk and implementation.

Lastly I am a fan of the Indian based model of software development. That these are offered at a discount is only gravy for this projects budget. Although they may be fairly new to the overall development world (in terms of the fifty year history of computing) they have inherent advantages in that they speak on average 7 different languages and communication becomes their forte. After all Java is only another form of communication. Secondly they are able to fill in the gaps of time in our 36 hour clock. Lastly they will be a quick and efficient resource in terms of taking many of the boiler plate technological frameworks that exist today and implement them in our code. What I mean is the PPDM, (Petroleum Producer Data Model), XBRL, (Extensible Business Reporting Language) of the SEC, Alberta Crown Royalty frameworks etc. These have become the building block of many companies and we will be able to leverage heavily off this infrastructure.

That in a nutshell is how we will develop the eleven modules in the People, Ideas & Objects application. Anyone want to guess what the total cost will be? I think the annual costs are quoted in the B (Billion) range. This also does not impute the Users and Developers are chained to a desk for 8 hours a day. Some Users, and some developers may only contribute a total of eight hours to the project and some will find life-time employment with this project. Life time employment, as Google has shown, development never stops.

Technorati Tags: People's, Sun, Development, Strategy, Software,

Following up on Sun.

Yesterday's post commented briefly on Sun Microsystems software, hardware and service offering. Sun published their HPC (High Performance Computing) newsletter, and here are four excellent articles from that publication.

First is Sun co-founder Andy Bechtolshiem talking about the building of "commercial" grade systems for "cloud" computing. Andy makes the comment that he spends more of his time on physics these days. Bechtolshiem always provides fascinating talks.

Second is another pertinent article, "Big Data Changes the Rules," regarding this software development project. Recall the Technical Vision that is a key part of this application. How it predicts a data Tsunami will provide key competitive advantages to those in oil and gas that can manage and use this data. The article notes some of the details of how the unsuspecting oil and gas firm may have difficulty with these data volumes.

The third article is an interesting read on how Sun's network.com is being used in innovative ways.

Lastly a comparison of MySql database vs. Oracle. Our choice of database is to use MySQL since Sun purchased the company. This now provides us with a one system vendor solution for all our needs. SPARC chip-set, Solaris Operating Systems, Java and Databases are proprietary technologies of Sun. No more finger pointing as to who's fault it is.

Technorati Tags: People's, Sun, Vision, Strategy, Software,

Thomas Davenport declares a revolution.

Documenting the differences between the old "Knowledge Management" and the current Enterprise 2.0 (E2.0) type of applications. (Which of course People, Ideas & Objects would be considered E2.0) You can access the article from here.

Hard to imagine that Thomas Davenport would say such things, but this is a must read article. His most important point is the reaction that is reflected in this quotation.

Certainly any form of “2.0” movement would require a distribution of power. I have no objections to other groups coming into power, but if I held any power I would not be ready to hand it over because of some new software becoming available. I suspect many senior executives will feel the same way. Most would probably like to get the best ideas of their employees, but they like their own ideas even better.

The powers that be in oil and gas, I can assure you, are reading from this script.

Technorati Tags: People's, Harvard, Call-to-Action, Software,

Why Sun Microsystems is our vendor.

This may be possibly one of the most important technology announcements ever made. (Click on the title of this entry for the article.) If it's not the biggest, I can assure you that it is the largest that I've seen and probably ever will. This announcement tells the current bunch running IT the party is over. Pack your bags your out the guard is changing.

Information Week reports Sun's CEO Jonathon Schwartz states Sun's vision and strategy are now focused on providing support to the start up software firm. In doing so Schwartz expressly calls his current key partner Oracle, the competition.

Schwartz said Sun is repositioning itself as a disruptive software supplier, using freely downloadable open source code to initiate relationships with developers in young Internet companies. With MySQL in its arsenal, Sun has become "an arms dealer" for the next generation of those companies, said Rich Green, the vendor's executive VP for software.

But Sun may find itself offending some communities even as it builds new ones. Oracle is an old partner that has sponsored Solaris sales to customers that want to run the Oracle database. By offering free or low-cost MySQL subscriptions, Sun is now a threat to Oracle's database cash cow. "MySQL will work fine alongside Oracle," Schwartz said in response to an InformationWeek question, "but I prefer to focus on acquiring new customers, not on the competition."

This hurts Oracle. Oracle could see the Open Source writing on the wall and launched a massive takeover of established software vendors. Sun has driven database sales for Oracle for many years. Oracle is now forced to hang its hat on the old generation technologies as the key to their sales growth.

I have documented the two constraints of a software vendor in this blog before. The constraints of code and customers motivate the "established" software vendor to sell the status quo. Change becomes unspeakable in terms of innovation or progress. Old generation software companies had to die in order for change to occur. This has been reflected in IBM's jettison of Qbyte a few years ago. So how does a software vendor compete in this new generation?

As you can imagine the business model has to change, or should I say has changed. Open Source software shows the way. The code base is never settled. It is in a constant state of development. Go to any open source project and you can select any version of the software that you like. The bleeding edge, the alpha, the beta and a few versions of the supported code base in "stable" condition. Innovation doesn't stop, how could the code? The customers demand that the software be reliable and operate as promised in their firm. Any variation needs to be addressed with very specific processes. And no two companies are ever the same. This is where the constant development model meets the reality of the installation and the software User becomes the key in the Open Source community.

To many people in the oil and gas industry, dealing with a start-up on such a large-scale project is not something they thought they would have to do. But how else can you approach such a difficult task as is faced by the energy industry as a whole. Can you continue to live with software that was conceived in Germany for manufacturers? If you believe you can then you know who to call.

Sun's Schwartz has legitimized People, Ideas & Objects as the key to the future generation of IT enabled oil and gas producers. And completely de-legitimized the non Open Source vendor. And in the process has told the Emperor he has no clothes. In my books that is a big announcement.

Technorati Tags: People's, Sun, Open-Source, Software,

New Module's in People, Ideas & Objects Specification

I have been working on the draft specification of the Petroleum Lease Marketplace Module, which may be finished in as little as one month. A number of ideas were generated by the specification process, and two new modules have been added to the specification. Also, by designating the Accounting Voucher as a module in itself, the specification now includes eleven unique modules.

Recall that all these modules recognize the Joint Operating Committee (JOC) as the cornerstone of the business of oil and gas. These modules adopt the culture that exists today in oil and gas. And reflect what is in the legal, financial, cultural and operational decision making frameworks. These eleven module specifications embrace and extend these four frameworks of the Joint Operating Committee.

The original eight modules were specified and detailed in these blog entries here.

The two new modules that have not been mentioned before are named appropriately "Analytics & Statistics Module" and "Performance Evaluation Module". Just as many may think "what's the difference?" I would answer that the two modules reside in the differing domains of the Firm and JOC. Just as the Research & Capabilities Module and Knowledge & Learning Module are designated to the Firm and JOC. Since my next blog entry will be "A quick summary of where we are at" I will only introduce these three new modules here and follow up with the next posting.

Technorati Tags: People's, Modularity, Software, Development

Draft - Security & Access Control Module

I am pleased to present to this community the draft of the Security & Access Control Module. This is the first of eight modules that will be developed for People Ideas & Objects. This critical first module will provide the collaborative, security and access enabled components for the remaining seven modules development. This allows people to become familiar with the tools, processes, the means and methods of developing open source software. I am providing copies of the specification in .pdf format. Please download it from the wiki or email me to get a copy.

The process will follow this schedule:

- Open for Community submissions and nominations to Expert Group and Executive Committee until May 30, 2008.

- Final Draft approval by the Expert Group, August 31, 2008.

- Executive Committee Approval, September 30, 2008.

- Commence development October 1, 2008.

Further time-lines and deliver-ables will be specified by the Expert Group.

To participate please review the first section of the Specification entitled "Innovation in oil and gas" and review the Developer and User tasks. The community should then nominate candidates to fill the Security & Access Control Module Expert Group and the Developments Executive Committee. Review of the time-lines and commence development. I will be spending my time securing the financial resources necessary to pay for these developments. Writing the specification for the Petroleum Lease Marketplace Module. Assistance in these would be greatly appreciated.

The purpose of this process is to get as much input as possible. Please do not hesitate to ask questions of myself and the other people who will be joining. Thank you.

Technorati Tags: People's, Security, Access, Software, Development

A picture, and a thousand words.

Unsustainable! That is the only conclusion one can draw from this EIA Chart. Comparing the volumes of BOE (Barrels of Oil Equivalent) discovered to the capital expenditures expended by FRS (Financial Reporting System) companies. No one would want to extend this charts trend out further. Why have oil and gas exploration and development become unsustainable? I believe it is as a result of the engineering and earth sciences underlying the industry have become so complex, and the remaining reserves are skinny and difficult. That an annual acceleration of the amount of engineering and earth science effort needed per barrel of oil is increasing.

I don't believe the increase in the effort of these tasks can be conducted in the thick bureaucracies that have housed the engineering and earth sciences during the cheap energy era. What is required? The answer to that question is very easy and that is; more data, more eyeballs and most importantly exponentially more ideas. Implying a tidal wave of data and ideas will swamp the already constrained capacities of the bureaucratic energy industry. This projects vision of the future considers the increase in the volumes of data and ideas, and provides a solution that enables companies to employ the information and ideas in their optimal fashion.

Whether we call this changing marketplace peak oil, plateau's or valleys is not the point. It is a reality that faces those in the know within the industry. Where are tomorrow's barrels of production going to come from? I think from a lot of difficult and very hard work. My vision of how the industry faces these challenges is through the development of the software described in the archives of this blog. I will be publishing the Security & Access Module specification this week. People interested in this software development project will then be able to see how they can actively participate and make a difference in these systems developments.

There are no short-term solutions today. Just as there are no short-term solutions to climate change. People who need the oil and gas will just have to go without while the industry reorganizes and retools itself for the future. That process starts here with the People, Ideas & Objects software modules. I made the call for sponsorship of this project in mid-December. This call was followed by a similar call from ASPO-USA. Both of these organizations share a few similarities and differences. Both believe the time for their projects to be funded by the industry must begin. ASPO-USA has been a voluntary effort as have my efforts to date in this blog. This too is unsustainable and it is time for these projects to go forward, be funded, organized and built. Does anyone want to continue on with the trends reflected in EIA's chart?

I can't think of two more worthwhile projects for anyone in the energy industry to move forward with. Clearly since 2001 throwing more money at the problem hasn't provided, and never will be, a solution. The first thing we need to do is come up with better methods of organizing ourselves for these future challenges. Join me here in these tasks.

Technorati Tags: Genesys, Development, Software

Sun Identity Podcasts

I've recently taken the time to subscribe and listen to a Sun Microsystems Podcast stream on the topics of Security, Access and Federated Identity. Click on the title of this entry to be taken to the Sun page. This podcast discusses many of the important topics that are being addressed in the development of the "Security & Access Module" of the People, Ideas & Objects application.

If we are to provide the security needs of the producers, vendors, customers, employees, and contractors that choose to use this system, we need to offer the highest level, state of the art, Service Oriented Architecture security environment. This level of security is necessary for the purpose of our users and their needs to access accurate and timely information, where ever and when ever they need. Additional demands include the ability to search their domain for the information they want and need, based on access control. And finally, represent the resources of the user in a global network of oil and gas users. Where People will be able to market their skills to that global network. This latter point is easily attained by having Google's recently announced OpenSocial API incorporated in the user's identity.

This "Security & Access Module" is a distinct competitive advantage of this application development over the current software offerings of SAP, Oracle or Qbyte. Starting off with the security framework puts the cart behind the horse. Application modules developed with the security framework defined and built first, limits the development surprises when leaks of information are found in legacy systems retrofitted with new security environments.

Entertaining, candid and humorous, this podcast is a worthwhile summary of the risks and opportunities in this subject. In terms of the quality of the discussion it provides information about various initiatives such as LDAP, Identity Governance Framework, OpenID, OpenSSO, OpenDS, Web Access Control, Web Access Management, Federation and a number of various other cryptic acronyms. The point that I take away from these discussions is that security and access are the next big area of Java development. Companies such as Sun and Oracle are very focused here. And they are obviously moving to provide the services and infrastructure to handle, and manage the security for applications such as People, Ideas & Objects. Ultimately accessing these services as a part of a service offering that they can provide for an annual fee of $x.xx / user.

Finally two talks that highlight how the perspective of security has changed in these products. The SSO (Single Sign On) is able to guarantee that three password attempts and you out means, three strikes and the user is out on a global basis. And an excellent discussion about the scope of the role of the CISO (Chief Information Security Officer) or CIO is the CISO Leslie Lambert of Sun.

Technorati Tags: Genesys, Sun, Security, Software, Developments

Google's Android

Two articles out today are talking about the implications of Google's new phone operating system Android. The first is from IT Managers Journal, which discusses the business implications regarding Androids use. The second article is a detailed description of how Google has changed the Java framework in unexpected ways.

Lisa Hoover of IT Managers Journal lists five reasons why we should pay attention to Android.

1) Using computer software with open source code can be enough of a minefield.

I don't subscribe to the ability of hackers being able to damage open source software projects by installing malicious code. The trust and volumes of eyeballs on a project make this risk next to impossible. (The second article opens a very interesting twist on the open source licensing of Java.)

2) Hoover anticipates and expects CIO's to equate an open source platform and API's, with custom mobile applications built by the firm.

Whether that is the case or not is not what I am debating, the ability for any organization to develop and enhance its software is a competitive necessity. The problem is the scope and scale of the knowledge necessary to be effective cannot be built within each producer. The ability to organize this within each company I don't think is possible. The industry should have a software vendor available as an inherent capability it can draw upon. Such that the software developers can make the changes and enhancements for any company within an industry. Every company is unique and is made up of differing assets, to think that they all can fit the SAP mold has been tried and proven unacceptable. Companies need to begin thinking that a software development capability is a competitive necessity and not a competitive advantage. In oil and gas the basis of competition is on the land base and their geo-technical abilities, not their software development capacity.

3) The cost of Android based phones will be lower, making their use ubiquitous fairly quickly.

No argument here, although the budget for these may, as the author suggests, fall on the IT department. Irrespective of who pays for them I think both Apple and Google are developing the next major platform for business to exploit. The smart phone has capabilities that are comparable to desktop systems. The ability to exploit the use of these devices is something that is inherent in the Technical Vision of this project.

4) Google may be able to make bigger strides in the phone market then either RIM or Apple.

Again, no argument here, the competition in the phone market is changing very quickly. I would not count Apple out of this game at this point.

5) It's 3:00 do you know where your developers are?

Google is offering $10 million as prize money for developers to make the best applications for Android. This is in my opinion, only representative of how the changes in the open source development model are affecting businesses. Good developers have become more or less a gun for hire in this economy. Working from project to project enables them to exercise their value in their own best interests. I would not be interested in a developer that does not adopt this type of attitude and routine.

The second article is from "Google Blogoscoped" and is a difficult one to analyse. The author is an MIT researcher, yet appears to have no respect for intellectual property. Possibly the individual is unable to discern where his bread is buttered. He suggest through some legal slight of hand Google has breached a major tear in the Java security model and hijacked the environment for their own benefit. I don't think I subscribe to the thinking that Java can be had in such a manner, but the author offers an interesting hypothesis. Google is operating in the best interests of the Java platform, and hence will attain greater benefit by the independent developers ability to focus on both Apple and Google handsets. To do as the author is suggesting would have Google move over to the evil side of the ledger.

The point in writing this entry was to tie these new devices into the scope of what we are developing here. These phones will be critical in making this software better and more usable by the people who work in oil and gas.

Technorati Tags: Genesys, Capabilities, Software, Development

BP announces reorganization.

Things are not as rosy as the $80.00 oil prices would make it appear. The new CEO of BP Tony Hayward is on record as stating that a re-organization is required. He wants to reduce the number of reporting levels from 11 down to around 7, and intends to do so on the basis of the need to manage its "dreadful" performance. Staff cuts were not expressly stated however Hayward noted "There is massive duplication and lack of clarity of who does what".

Recall BP's recent operational concerns have included a fire at a Texas refinery and pipeline leaks in Alaska. Financial performance appears to be following the operational difficulties and BP's stock was affected today by the comments of its CEO. It would appear to me that the organizations has not only duplications as it's problem, but some areas where no one is watching. Cutting the bureaucracy will most probably prove to be the wrong direction in terms of the safety of its employees, contractors and public in general.

A change in the organization requires a change in the software. This is a fact of life that we live with today, but many of the largest corporations consider that software is just a cost of doing business. Its not, it is the life-blood of the organization, and rolling in another version of SAP is the safest approach to career security. Any organizational changes not directly mirrored by similar changes in the software will lead a company to continue on in the same futile vein as BP has.

There is another important point that I want to highlight here, and that is the role of the user in making sure that the software is what is required. What does SAP know and understand about pipelines and miscible floods? I think the BP situation, with all the failures and problems, is symptomatic of too many organizational changes that were not planned, developed and implemented from a software point of view. The "duplication and lack of clarity" and "operational failures" are the two extremes of the same problem; the software is not functioning, as it should. And the software is not functioning because the user was never asked, involved, consulted or expected to define the requirements of the systems they need and want to do their job.

The hierarchies' life expired in the 20th century. Approaching this problem with the same tools of the 1970's and 1980's appears wrong to me, and certainly not the solution to the BP problem. Have we exceeded the collective imagination of the CEO's and managers of our allegedly greatest companies? What does Hayward and those involved with BP think will occur as a result of the compression of 4 management levels?

If the firm is unable to deal with the operation today, what does that spell for the future? The industry will need to perform at a higher level very soon, and in the near future it will only become more difficult. Contrast today's headlines with what we should be learning from these organizations. We don't hear the news that the industry is moving forward with greater technical achievements and major discoveries, only news that reflects they are stuck in a time and place where nothing positive ever seems to occur.

Technorati Tags: Gensys, User, Software, Failure

Where is the user?

SAP has announced a new product direction today. Offering SaaS (Software as a Service) functionality to small and mid-sized businesses of all industries. See here and here. The ability to service most industries with the same solution would be a tough sell for me. I am surprised that they would have tried such a strategy. The other problem is that SAP has been in development of this product for the past 3 years, what users were used to determine the functionality and requirements? I am not aware of any in the energy industry. And dare I ask what vision was used to unify the users behind one strategy. The answer to that question may be in the title of SAP's offering "Business ByDesign", which indicates to me they have designed this solution in their research labs!

The software service is targeted against other services such as NetSuite, and SalesForce.com. Each of which is offering a smaller component of the functionality pie then SAP. SAP provides the CRM and ERP functionality, as does Netsuite, but Netsuite has been available for 7 years and in the mind of Larry Ellison for the past 10 years. Reviewing NetSuite's targeted offering, it's audience appears to be currently using Quicken and Simply Accounting. SAP is expecting that some of their installed base of R/3 users will move to the "Business ByDesign" offering. Reflecting to me that they are positioning the product more in the mid to high end of their target audience.

I recently wrote about the business model of the traditional software company. And how the ability to deal with the constraints of code and customers eventually becomes such a problem that few enhancements are ever done to the code base. I therefore applaud SAP for at least attempting to break away from those constraints. It is a difficult prospect to restart your business from scratch in such a fashion. The redevelopment of SAP's SaaS solution is recognition of that flawed and outdated traditional model of software development.

Although I think that SAP did a smart thing in making the change to "Business ByDesign", not including the users could be fatal to the offering. It is the lack of users that tells me that SAP may have prepared the competitive offering with the wrong focus. Selling the same code base to thousands of customers as SAP has done in the past, makes it clear what the competitive offering is, the software code itself. Now SAP have shifted to a service and appear to me to be still looking to the software as the key competitive offering. I would therefore suggest they have misread the reasons for moving to SaaS. The competitive offering should be on the basis of the hosting of the application for the user base, and most importantly adding to the offering through enhancements demanded and driven by the users. Supporting hardware and software were not their forte but now needs to be. How will they host this environment within the corporation. Do they realize the business model has changed so fundamentally? The lack of user involvement would reflect to me that they have lost sight of the service offering. Secondly the software development capability becomes one of, and possibly the most important competitive offering. You can have the best developers in the world but they may not understand the user community and the ability to communicate may become a critical component that is missing in the "Business ByDesign" offering. Once the software is built there is no opportunity to build a user community.

People, Ideas and Objects is building its user community the hard way. Brick by brick and stick by stick the most important element of this development will be the user's knowledge and ability to communicate their desires and needs to the software development team. It is also inherent in the understanding of this project that the continuous development and enhancements are what the users need to do their work. In a manner very similar to how Google continues to develop applications that meet certain needs, with the overall vision of organizing the worlds information. What Larry Page and Sergey Brin have been able to build at Google has many parallels to what I foresee the user community wanting in this development.

If you share my vision of building great software, focused on the Joint Operating Committee, and built for the user, please email me and lets get started.

Technorati Tags: Genesys, Software, Strategy, User, Capabilities

Google and CapGemini in agreement.

As I have indicated here before, "Google Apps for your Domain" is the collaborative environment chosen for www.people-ideas-objects.com. Today Google and CapGemini, Ernst and Young's technology division, announced that CapGemini would be supporting users for the use and integration of Google Apps.

CapGemini will be a resource that will be available to help the users of People Ideas and Objects collaborative environment. I look forward to using CapGemini's services in this area.

The warning that CapGemini notes in the announcement, about these collaborative environments being used within a company in an unauthorized manner, is similar to the warning I issued 42 months ago. That port 80 was able to allow these types of applications through the firewall was as big a danger then, as it is now. I can also assure you that when a major accounting firm is announcing the risk, it's too late to do anything about it. And I can certainly provide you with a domain name that is already being used in this manner for oil and gas. ;-)

Technorati Tags: Genesys, Alternative, Governance, Software

And so it begins.

Today Total Petroleum announced a decline of 20% of their projected production to 2010. Not their overall production is in decline; only there projected increases are revised downwards from 5% to 4%. This is more telling about the politics in big companies. Rarely would we have seen such a statement that production would be lower then previously reported. If its lower then just do more drilling, or whatever, to increase production to what was reported earlier. For Total to issue such a statement there must be a lack of faith in the company’s ability to increase production that extra 1%.

Now that the IEA and the National Petroleum Council have released their reports it's "OK" for the truth to be told. Total may be the first that I am aware of, but I am certain that there will be many more, and the volume and the pitch will be heard everywhere. Just as in the 1980's when the managers jumped over each other to prove they could cut their budget further then the last guy, the companies will quietly line up and announce one after another the increase in their associated production decreases.

Speaking of cover stories, OPEC can now pipe in and say that they will be experiencing some production declines. With the news of the major producers decline in production becoming yesterday's news, and a financial crisis in the home mortgage market, no one will actually hear OPEC announce the declines. (Possibly as soon as September 11.) And it will be too tempting for them not to make these announcements. After all reporting to their people that production is scaled back and revenues are way up will be easy to sell. Hugo Chaves may actually become that mythic hero he sees himself as.

I have repeated here many times that the constraints on companies are the reason for the associated decline in production. It’s a new time and a new place. We have to do something to affect the performance of these companies. Our choices are the status quo, build the software I speak of here, or if we do not define and support the Joint Operating Committee, as is suggested in this new software development, then we will be relegated to reorganizing to manual systems.

Clearly the status quo is not working. Join me in making this re-organization real. When you have the organizations actively jumping over each other to state the bad news, you know that their options are limited.

Technorati Tags: Genesys, Software, Capabilities, Environment, Interests