Access Management for Web Applications

A series of blogs has been put up by Maria Sum at Sun Microsystems. The seven part series discusses the Sun products for security and access control. These are the products that have been selected in the Draft Specification for the Security & Access Control  module.


In the Draft Specification, the Security & Access Control module is also the first module to be built. Using Sun Identity, Federated and Access Management frameworks. How this is implemented in the People, Ideas & Objects application modules is that we will be building the application module almost immediately. It will then be used by the community to test and develop the module to the needs of the community. Making the module so that it is Single Sign On (SSO) and that everyone in the community has a hands on understanding and use of the module right from the start.

This is certainly a different way of developing the application, usually the Security & Access Control are the last things that are cobbled together as an after thought. Sun has something to say about that and the use of their product frameworks.  

Typically, the number-one problem in developing Web applications is that identity is often an afterthought," Jamie observes. "Developers tend to focus on the logic, UI, and other aspects until it dawns on them, toward the end of the cycle, that they must secure the applications for, say, user login's and protect the data. Then come the important questions of what tools to use for verifying and authorizing access, what maintenance tasks are involved, whether to adopt federated identity—all afterthoughts at the eleventh hour.

The security of the information held within the People, Ideas & Objects application modules is of a mission critical, highly sensitive and confidential basis. Add to the fact that we are interacting between the community, the producers and their partners and all members of the service industry the security of the system becomes the number one priority. This also brings up the nature of the code that is compiled into the module. This needs to be open and reviewable by those that use the code. It is not enough to say "trust me", people, producers and suppliers have to be able to independently verify that the security level is achieved through their own review. And in People, Ideas & Objects the source code is available to the community and producers for just this purpose.

As with most of Sun's products this independent review of the source code is available to their products. Sun is strongly committed to Open Source Software and therefore their code is openly reviewable as well as that of the People, Ideas & Objects application modules. These products include the following four components.

• Sun Java System Access Manager
• Sun Java System Federation Manager
• Sun Java System Directory Server
• Sun Java System Identity Manager

By implementing the application early, we are able to use the SSO as the method that our community accesses "Google Apps for People, Ideas & Objects Domain" and "SalesForce.com". Permitting our Users to sign on once and have access to all of our systems with one very secure sign in page. Early use will educate our users on its value and features and debug our implementation. Ideally we will need to have the authentication, verification and audit procedures and policies in place before the system is provided to our customers. A system that is used by all members of the community first, and then as production code for our producer clients.

I want to stress a major point of how this application, as defined, is implemented in the greater scheme. If producers are not satisfied with the level of security offered, they are able to deal with the Users and Developers directly to get the solution they want. Try that with either Oracle or SAP. It is reasonable therefore we will have the most secure system possible operating in the ERP market space. And yet, by using Sun's products in this fashion we inherit the following.

Again, Jamie emphasizes, The goal is to free up developers to do their primary jobs instead of fiddling with security.

and

Jamie strongly advocates access management being part of the application design. Applications that work centrally with access management are the answer, he says; otherwise, "you end up creating a load of mundane and unnecessary work for professional-service engineers and system integrators." Typically, as in health-care applications, you "retrofit or use a wedge to incorporate SSO into applications."

This is the model that Sun uses to provide the product. What Sun's Chief Open Source Officer calls the try-prototype-buy support model. Making the extensive costs of developing a high level system such as this much more affordable for development. Interestingly Sun states this in two different phases of a development projects life cycle. When you have time but no money, free is great, and when you have more money then time, the Sun services are there to provide the support.

In Part 5 of the series Sun engineers talk about the "build" model of how the applications go from Open Source to commercial release. The feature differences between the different builds and the expectations from each product. They also state that the application when used in an environment such as People, Ideas & Objects, should have the most recent version of the Sun products.

Lastly I don't expect this preliminary operating feature consider the Military Command & Control Metaphor, or digital signing of documents like agreements and A.F.E.'s in this first build of the module. 

I will be adding this information to the Draft Specifications for the Security & Access Control module in the wiki. To begin this development we need to have our targeted audiences, the oil and gas investor that is disgruntled by the bureaucracy, and governments that need to resurrect the economy, provide the financial resources. If you know of someone that meets that requirement, please send them the URL to this website and encourage them to contribute, and join me here.

Technorati Tags: People's Sun Specification Software

How does the oil and gas investor fit in?

How does the investor fit into this software development project? Like a glove. The People, Ideas & Objects system modules we are building add a few new dimensions that will be of interest to oil and gas investors. First, as their soon to be former management cries over its un-cashed and now worthless stock options, the investor has to take control. The days of the separation between management and ownership is over. In this posting I want to provide support for the idea of the investor as the one sitting at the virtual Joint Operating Committee (JOC) table.

In the Preliminary Research Report Professor Giovanni Dosi instructed how the focus needs to be on the situation in hand. Companies apply strategic policies on a blanket basis to all the properties they own. Irrespective if the policy is of advantage to the asset or not. This can no longer be the case if we are to have innovation based on the local focus that Professor Dosi suggests is required. Recall the JOC provides this level of focus. All aspects of each and every JOC are unique to the characteristics of all others. We need to tap into this uniqueness and build upon it. When the participants are engaged in discussion there is no ambiguity as to which property is under discussion. There is also no ambiguity as to which direction the property should take. Even though the strategies of participant are individually unique, consensus is driven by financial motivations. If these JOC participants are the actual investors, we have eliminated the management, and tied the incentives of the property to the decisions made by those that are the benefactors.

The Financial Marketplace module provides some of this uniqueness. Having the ability to secure bank financing based on the JOC participants ownership interest in the JOC. Not on the basis of the corporate entity. If each property were individually secured by the bank that provided all of the services just for that JOC, then we would have a highly focused team where the application of the policies are in the best interest of the JOC and irrespective of any other (corporate) considerations.

Another critical element in this software is the movement of the Compliance & Governance module to be aligned with the cultural, financial, operational decision making and legal frameworks of the Joint Operating Committee.In today's corporate environment compliance is used by management as the justification for the managements existence. The Compliance & Governance module is a fall out of the decisions made in the JOC. This alignment will provide the accountability that is missing in today's corporate environment. As I've stated in the Preliminary Research Report, the separation of governance and operational decision making is the recipe for a breakdown in accountability.

In a related discussion Carl Icahn had an interview on Bloomberg in which he was talking about the extent of the governance issue in the United States. He extends the scope of the current meltdown to not only
the financial side, but also on all corporations lack of accountability. Icahn also states "There is no accountability in companies and boards. You've let the fox guard the hen house." I'd be willing to bet that Icahn knows the better solution would look very similar to the People, Ideas & Objects Draft Specification.

Technorati Tags: People's Specification Management Failure

Easy Come, Easy Go.

Or is it.

I documented the $3.3 billion in stock options for the four little piggies, (Encana, CNRL, Nexen and Petro-Canada.) in a posting dated July 16, 2008. As of Friday's October 10, 2008 closing prices the value of those options now total $57.2 million. (Values based on 2007 weighted average options and prices.) The problem is that the investors in these companies have experienced a far more substantial haircut in their share holdings. (Piggies are down 53.4% to 65.5%).

From my point of view these alleged management types are better understanding the market and the scope of their greed. This provides justice to those who were so slovenly in the past. I wonder what Monday's trading will have in store for these wonder pigs. Recall they were in the forefront of rewarding and congratulating themselves for the higher stock valuations from commodity price increases. Therefore we should ensure that they are also compensated for the damage to these companies from the decline in commodity prices. These pigs brought that upon themselves, and in the future these management should understand that you reap what you sow.

But wait, not only are they incompetent, they have also lost their motivation. I wonder if they'll quit before anyone has the chance to be fire them? I've always believed a firm that loses greater then 53.4% of their market value is considered a non entity. That large of a loss in a firm is a reflection of the future of the firms opportunities. All the Kings Horses and All the Kings Men. (Ricky Gervais provides some insight and comedic relief.) 

The investor class is now forced to act in recovering their assets and value. Kick these bastards to the curb and lets start building the oil and gas industry for the 21st century. As I said these managements are now unqualified, unmotivated and unproven to hold the offices they occupy. They have damaged the firms to the point where they will be walking corpses for the next several decades, and that is being optimistic. Fire the bunch, you certainly can't trust them. I don't trust them, as any group of companies that would attempt to steal ones Intellectual Property, as these firms attempted to take the idea of using the Joint Operating Committee, are crooks.

Pig courtesy of http://designedtoat.com/pig.htm

Technorati Tags: People's Pig Call-to-Action Management Failure

Evaluating SalesForce

For the past few months I have been seriously thinking about the manner in which all the people that may be involved in this project will communicate. And of particular concern how they will communicate to the oil and gas investor / producer that will be using the software and community of independent service providers.

As I may have mentioned, the collaborative environment provided by "Google Apps for our Domain" is the best solution in the marketplace today. It hasn't all the features that other applications have, but Google has been able to prove that everything is always in development. And therefore it will eventually get much better then the competitions. I have been using their service for this project for about a year. And the interface elements of Google's design are such that they are intuitive and clear. Much like the Apple interface.

A few months ago Google announced their "Apps" product was available and integrated into SalesForce.com a Customer Relationship Management (CRM) program. I thought I would try the product on the free trial basis.

When it comes to management of customers and marketing, the oil and gas industry has no idea what these terms mean. After 30 years in oil and gas I can say, that as a producer, I have never seen a customer. So when we take a state of the art application such as SalesForce.com is in the CRM marketplace. I did a bit of scratching to figure it out.

It recently came to me how the application is integrated into People, Ideas & Objects. We need to create full time "Account Manager" positions that service the client producer with their needs. These individuals will need to be very familiar with how oil and gas operates and can see the substantial differences in the application being mirrored within the client producers firm. Attaining that mirroring should be the Account Manager's key objective. They will have the SalesForce.com application as their key resource in determining the needs, and marshaling the resources of the community of independent service providers. Providing the services and our software to the producer. That way the community can be coordinated in their approach to the producer firm. I don't want producers being inundated by the same query more then once. That is inefficient and costs the producer unnecessarily.

How this gets achieved is through the application and the Account Managers organizing the resources for the firm. SalesForce.com provides a comprehensive solution that is well built and capable of approaching the demands that we will eventually be expecting of it.

Naturally this imputes that the Users, Developers, Investor Sponsors and Project Managers that are active in the development of this software will also need a license to SalesForce.com. Or, alternatively can access the system through a Partner and other Portals. Their they can deal with the Account Manager, the development team, other users and producers as needed and be fully up to date as to the status of the software application and its integration within the producer firm.

A couple of things that I thought were interesting and of value was a way in which the producer (Through the Account Manager.) and users could post a suggestion and the rest of the community votes on the feature. If we had the ability to prioritize our developments in such a simple manner, it would help to maintain that our focus remains in the marketplace. The second interesting feature was the idea and solution features.

Therefore the need to have the services of Google Apps for our Domain ($50.00 / user) to deal with the "Office" type of applications, email, calendar, and most importantly the wiki. And have SalesForce.com ($1,500.00 / user) provide the glue that holds this community together throughout the regions we may find ourselves operating in.

Technorati Tags: People's Google Software Users

Google Chrome and Single Sign On (SSO)

One area that Google may be working on is having their new Chrome browser able to remember it's state during your last session. Imagine for a moment that you were able to move from machine to machine and have the same environment displayed just as you had left it. A working environment that remains constant through-out your day-to-day travels and changing work stations.

In People, Ideas & Objects I think this is a worthwhile type of feature for our users. The current specification states that we are using Java Web Start as the windowing agent of the application. Java Web Start provides a similar level of state recall for the application. The difference to the two products, assuming both products are built with these features, is that the Chrome browser provides a web application interface and People, Ideas & Objects being a stand alone ERP application.

The Chrome browser is open-source and uses WebKit as its core. This allows us to embed the browser within Java Web Start and as a result, have Chrome embedded into the People, Ideas & Objects desktop. Providing access to applications such as Google Apps and Salesforce.com as one application.  I will therefore add this feature into the Draft Specification.

This software development project is at somewhat of a standstill due to the lack of financial resources. We have identified the oil and gas investor as gaining substantial value as a result of this application being built. Value in the form that their oil and gas assets are managed in the most profitable manner. If you know of an investor who fits this description, please send them the URL to this website and have them consider filling this role.

Technorati Tags: People's Google Specification Development

10 Things to know when pitching to a VC

Being that we are developing a community of people that are in business, it is not unreasonable that the community based user, developer or project manager comes up with their own innovative way of providing services to the producers. I see this as a very likely occurrence. Many people may have a shortage of financial resources necessary to launch their service oriented enterprise. Acquiring financial resources and pitching to investors may be something that they are not familiar with.

Clicking on the title of this entry will take you to a TED conference video of David S. Rose. In this presentation he shows exactly what is needed to make a presentation to a Venture Capitalist.

First things first, your pitching people, your character, drive and enthusiasm.

Ten must haves in your presentation.

These 10 things should be presented in as little as one half hour, or ideally 18 minutes which is the length of people's attention.

1. Integrity
2. Passion
3. Experience
4. Knowledge
5. Skill
6. Leadership
7. Commitment
8. Vision
9. Realism
10. Coach-ability 
    

Your presentation style.

Do the following

Logical progression. In terms of time don't skip or return to different points. State the things you know or understand and provide validation that people can confirm. What's the upside if the venture capitalist invests. Make the assumption believable.

Avoid the following

Don't state things the VC knows are not true. Cover off each assumption with facts. Don't try to impress them with things you don't understand. Things that make the VC think. Keep the presentation rolling by answering the obvious questions for them. Avoid any internal inconsistencies, label facts so that they are clearly identifiable. Typos, errors or unpreparedness.

Things to put in the presentation.

1. Company logo
2. Business overview
3. Management team
4. Market
5. Product
6. Business Model
7. Strategic relationships
8. Competition
9. Barriers to entry
10. Financial overview
11. Use of proceeds.
12. Capital and Valuation
13. Then leave the presentation running with just the company logo displayed.
    

Top five rules of presentation.

1. Software being used is always in presentation mode.
2. Always use a remote
3. Handouts are not presentations.
4. Don't read your speech
5. Never look at the screen.

I would add the following. When developing the presentation think of your audience and strive to maintain their interest. And on behalf of People, Ideas & Objects, best of luck, and most importantly have some fun.

Technorati Tags: People's User Funding Learning

Don't touch "Mark to Market".

One of the strongest institutions that we have available to us is the U.S. regulatory environment. This includes the SEC, FASB and others that define what the accounting requirements are for companies operating in the U.S. Those that suggest "Mark to Market" accounting has brought the credit crisis to our door are correct. It has seen past the sham that is financial capital and exposed it for the failed system that it is. Changing the accounting rules now will be the wrong action.

I'm not saying that there won't be changes to the accounting rules. In the future the systems will have to be rebuilt based on sound ideas and principles. To alleviate the pain that we feel today by making "Mark to Market" less onerous will only hurt the U.S. and other jurisdictions that rise from these ashes. Leave it alone and the systems will be able to build on the principles and ideas that exist or will exist, like "Mark to Market" accounting.

As noted in Reuters.

One of the reasons that the United States has so far suffered less real economic damage from the financial turmoil to date is because mark-to-market accounting has forced the banking system to take write-offs, pursue new private capital, reveal which banks are more stable than others, and force the issue of toxic mortgage-backed securities. Fair value accounting is today sending a very powerful market signal. It may also signal that the US financial sector is under capitalized and needs to shrink. Bankers of course want to deny that, but wishing does not make it so. And removing mark-to-market is just wishing.

Also as noted in the Peterson Institute and Emac's Stock Watch.

Technorati Tags: People's Market Measurement

That's going to hurt.

What a difference a day makes. This credit crunch is now in its last moments before total seizure. I hate to be the one to be the bearer of bad news, so I won't. This crisis is the biggest opportunity that mankind has ever faced. We are now moving at lightening speed from the total collapse of the old economy that we depend upon. To be replaced by the hugely productive economy based on Information & Communication Technologies.

What we are facing in the oil and gas industry is that all of our assumptions about the future are being turned up-side down. Companies such as Canadian Natural Resources Ltd will cease to exist in as little one year. The gas production and prices, and the oil production and prices as reflected in these articles are collapsing, on a temporary basis, slaughtering firms like CNRL's revenues. On the costs side, the ability to do anything operational in the short term will be impossible due to the lack of cash to pay people. These companies, like CNRL who have a Working Capital Deficiency of $3.2 billion, are toast. And if investors followed my advise they would have sold out of their positions and waited for the fire sale of oil and gas assets to start in earnest very soon.

The bureaucracy is dead, long live the producer.

That is if they had the systems necessary to organize themselves. And that is where "Innovation in Oil and Gas" comes into play. We need to rebuild the industry based on the Joint Operating Committee (JOC) and the Draft Specification. To do nothing on this front will reduce us to barbarians fighting over the littlest things. Without the systems to support organizations, people and society we will regress to barbarianism. I thought this was a good news entry? Well it is and I just want to reiterate an important point of what our actions need to be. Here is President George W. Bush's comments after singing the bail out on Friday.

In October 4, 2008 Sunday Herald the following comments were made. They resonate with essentially the same things that I am saying here about what will happen to the banking system in Europe. There article too is a positive one when you see their point of view.

While it is unlikely that we are going to see a return of the era of the Captain Mainwaring-style bank manager, the culture of spivvery, and high-pressure sales that has permeated most British banks will also certainly become a thing of the past.

In its place we are going to see a banking system that looks much more like the "utility" model which Britain had in the 1950s and 1960s. It will be a low-risk banking system, and one where the profits are going to be much lower than they were in the 1990s and the noughties. Credit rating agency Standard & Poor's says that "the survivors are going to be those banks that have learned and applied the lessons to live with new realities, not those which hanker for a past that no longer exists".

Financial regulation is also going to be tightened up, as banks cannot be granted a liberal safety net by the taxpayer and expect to go back to the loosely regulated free-for-all that existed before. Ian Blackford, former managing director of Deutsche Bank and head of its Dutch equity business says: "Our political leaders now have a responsibility to put in place regulation that prevents this crisis ever happening again.

"There needs to be a far-reaching debate on how regulation should work and at what level. These are global problems and they require global solutions. Capital, after all, is mobile."

At a dinner in Edinburgh last Thursday Michael Howard, the former leader of the Conservative Party said that Britain needs to return bank supervision to the Bank of England, where it was housed prior to 1997.

In the long term, these sorts of changes are going to be hugely beneficial to both business and society. It will mean that rather than the abuse of customer relationships that has destroyed most people's trust in their banks, the banks will once again recognise that their main role is to serve their customers rather than to enrich themselves and their shareholders.

One London commuter said: "Outside the City bubble, many people are shocked to find that bankers, once serious folk you'd doff your cap to for a loan, are in fact bonus-fuelled casino operators. What a mess."

The writing is on the wall. We have work to do and that is to define the Preliminary Specification. As mentioned we are looking for 100 people to help identify this system. It is derivative of the Draft Specification and I have established reasonable deadlines for this work to be completed. Please understand as well that I will only be able, at best, to have 1 out of every 20 people who reply, through this process, to sign on. Nonetheless there will be significant opportunities for everyone as soon as the Preliminary Specification is completed. Please be patient. Help me raise the needed revenues for this project, and join me here.

Technorati Tags: People's Change Pig Perez Specification

The Future of Capital.

Bruce Nussbaum who writes the "Innovation Design" blog for BusinessWeek has a fascinating article on the effects of the soon to completely collapse Wall Street. Entitled "Congress Readies to Vote on the Financial Package -- Get Ready for the Post-Wall Street World." Of which I encourage that type of thinking, I also recommend subscribing to his blog as it is always rich and strong with content. The starting paragraph of the current Rotman school magazine frames his point of view quite nicely.

BY THE DAWN OF THE 21ST CENTURY, a revolutionary change had taken hold in the realm of value creation: physical and financial assets were no longer the key factors of sustainable competitive advantage. Instead, leading companies like Dell, GE and Procter & Gamble depended on superior human and knowledge assets for their competitive edge. p.3

I have, and always will, assert that Intellectual Property (IP) is the only thing of value in the new 21st Century Organization. Either you own or have access to IP, is something that should be the first order of building a "new" business offering in your chosen field and industry. This is why my attitude regarding the Wall Street problems is to let them fail. As Professor Carolta Perez says, financial capital has done its job. It built the Information & Communication Technologies, now product capital has to rise out of the ashes of the financial capital industry. Financial capital is a badly over built industry that is primarily redundant to the needs of the world. When you see the panic that is occurring and understand that productivity in the U.S. is up in the second quarter by 4.3% on an annual basis. You see the dichotomy of the world in which we live. The old is collapsing like the former Soviet Union, and the new economy is now big enough and strong enough to lift all boats.

I’ve said it before: business people don’t need to understand designers better; they need to be designers, designing organizations in which capital of all types wants to congregate. As evidenced by the work of our own Richard Florida, their role is not unlike that of the mayor of a great city, who creates an environment in which multifaceted communities can all agree on one thing: that they wouldn’t want to be anywhere else. p.3

The entire magazine is devoted to these concepts. I highly recommend downloading the magazines from the Rotman school. As I read these three latest issues I may find more valuable information that I will post up on this blog.

Technorati Tags: People's IP Community Trends Innovation

Project Charter - Preliminary Specification

Based on the Draft Specification, this community will complete the following tasks in publishing the Preliminary Specification. Ideally the number of members of the community defining the Preliminary Specification should be up to 100 individuals. They will have a broad background in oil and gas in all professions, geographic regions and organizations, including service industry businesses.

The most important attribute of these people is they should be leaders in their field and well versed in the oil and gas industry. These People are accessing this work on the basis that their leadership skills will provide a sound Preliminary Specification, and develop a cornerstone of the "Community of Independent Service Providers" offering to the producers. They are expected to develop the Preliminary Specification on the basis where their cost of time is incurred on their behalf as an investment in defining and developing that service offering.

This investment by the leadership of "Community of Independent Service Providers" is the basis of the beginnings of these organizations. They will be able to provide users (upon approval) of their organizations to
this software and service offering. Where the People, Ideas & Objects and producer companies are their clients. The costs of Users in the Detailed and Final Specification will be fully funded before any work is started.

Establish deadlines for the Preliminary, Detailed and Final Specifications of the People, Ideas & Objects application modules. I propose the following on the basis that our $180,000 budget is raised through donations from producers. (Proposed time-lines.)

• Draft Specification                 Published August 1, 2008.
• Preliminary Specification        Publish May 31, 2009
• Detailed Specification            Publish November 30, 2009 (Commence Software Development)
  
• Final Specification.                Publish April 30, 2010

General overall task of the Preliminary Specification are to define the scope of the People, Ideas & Objects application modules.

• Geographic Scope.
• Minimum Scope: is established as North America and the North Sea.
  
• What other jurisdictions regulatory and compliance requirements fit within the minimum scope.
• Maximum
  Scope: is established as all jurisdictions that produce oil and gas and are willing to support their regulatory and compliance development costs for their jurisdiction.
• Scope of Functionality.
• What priorities and dependencies exist in bringing the application to market in its minimum form. (This is an iterative software development application.)
• What "scale" related issues will this application require in terms of
  
• Technology
  
• Architecture,
  
• User capability,
  
• Community development etc.
• Define in detail the functionality necessary for Release Candidate v 1.0.
• Organizational Requirements.
• Define how the People, Ideas & Objects communities are supported in their regions.
  
• What unique strengths and advantages does the firm and development provide.
• What are the weaknesses and threats of this development and firm.
• Define the expectations and demands of the producers in developing this application.
  
• Refine People, Ideas & Objects Business Model.
  
• Define roles and responsibilities of the Users in the development of this software.
  
• Who holds authority, whom reports to whom. What "hierarchy" is needed to organize the Users.
  
• Define the requirements in terms of policies and procedures of the "Community of Independent Service Providers" qualifications and capabilities necessary to support the software in the producer firm. 
• Process Definitions.
• Define and map all processes in draft.
  
• Algorithm Research.
• We have some algorithms in the modules that are state of the art. Particularly in the Accounting Voucher and Partnership Accounting.We need to establish a group that is focusing on those algorithms development. This Specification should detail the needs of that group.
  

Project Deliverables

This is a creative process in which these Users will be able to fill in areas where the Draft Specification has missing components. The Users are not limited in any fashion in terms of the numbers of modules and
the areas they need to develop.

Detailed tactical and strategic analysis supporting the commercialization of "Release Candidate 1.0".

Preliminary Unified Modeling Language (UML) based on analysis conducted. (Please note UML is also a deliverable in both the Detailed and Final Specifications. Users will have access to the Petroleum Producer Data Model (PPDM) operating on Sun Microsystems Project Hydrazine.

Please note I have purposely kept this Preliminary Specification detail as broad as I can. The People who are this community should exercise the judgment and authority necessary to further define the Preliminary Specification as they require. 

Technorati Tags: People's Algorithms Specification Development