CMIS Face to Face at Microsoft in Redmond

Dave Caruana and I just finished participating the in the first Face to Face of the OASIS CMIS Technical Committee here in Redmond, WA. Companies participating in person were IBM, Oracle, EMC, Alfresco, Exalead, OpenText, SAP, Day, Nuxeo, Dennis Hamilton (representing himself), and of course, Microsoft. Gary Gershon, Julian Reshke from Greenbytes and Betsy Fanning from AIIM participated by phone. (Sorry if I missed anyone.) Virtually everyone in the Enterprise Content Management market. The tone of the meeting was very cooperative and collaborative. David Choy from EMC is the chair of the committee and did a good job of staying neutral on the issues. Al Brown from IBM/FileNet is the secretary for the bindings and Ethan Gur-esh from Microsoft is the secretary for the data model. All three did an excellent job keeping things on track and discussing all the open issues. Most of us have all worked together before in both the JCR meetings and iECM meetings and that made collaboration a lot easier. Dennis and I even go back to ODMA and DMA - over 15 years ago.

(BTW, I micro-blogged what was going on Twitter. CMIS Tweets are below. You can follow me on http://twitter.com/johnnewton)

The CMIS effort so far has been use case driven with the main use cases being collaborative content management, integration into portals, mashups and search. There are a number of use cases that explicitly out of scope, such as records management and web content management. Some use cases lie in between where the main application may not be addressed, but we want to allow developers to create applications that may access the information that may be created by other out-of-scope applications. An example that we discussed a lot was records management. We don't want CMIS to be so complex that you can build a records management system, but you may want to access records information for the purposes of eDiscovery.

These use cases that are in-scope seem to be clear and compelling enough that we all agreed that we urgently want to get CMIS to market to get people building these applications. Although this was one of the last thing that we discussed, it is the most impressive outcome of the meeting. There was so much agreement and consensus in the meeting that we all felt it is important to meet the deadline of having CMIS complete before the end of the year. David Choy did a great job outlining the OASIS process and what must be done. The bureaucracy (and I mean that in the nicest possible way) of the OASIS process is such that the minimum time that it takes to get from public review to standard is 6 months. So we all agreed a timeline that would get this done. This means that the spec will be ready for public review by the end of Spring. That's a mean feat, but all agreed doable with few obstacles in the way. It also means that the 0.5 spec going into the OASIS process was pretty solid.

That doesn't mean that there wasn't plenty to discuss. It was a three day event after all and we used it all up. The most controversial issues were around security and what is truly RESTful. The Security proposal was presented by SAP who have a real need to secure documents consistently with the SAP system. This was an excellent use case and provided a real-world example from which to work and focused on Access Control Lists. Most of us have been involved in round and round discussions on security and I'm not quite sure how we got to a general consensus. We are not quite done, but we all seem to have a great deal of agreement. A subcommittee will work on this some more. I had proposed a more abstract Policy interface prior to OASIS submission based upon work that we have done in iECM and JSR-283. After discussing this with David Pitfield of Oracle, I think we need to think about that one some more. (Sorry James McGovern, but XACML was shot down in flames. For the reasons why, please see this IBM article on implementing ACLs with XACML and look how horrible ACLs look. http://www.ibm.com/developerworks/xml/library/x-xacml/)

David Nuescheler, who is the chair of the JSR-283 committee and CTO of Day Software, presented a couple of discussions in collaboration with Julian Reschke. Julian is also on the WebDAV committee and brings a unique perspective. David presented some of the thoughts that originated with Roy Fielding, also from Day, on whether the REST binding is really RESTful. Although there are arguments to not call the Atom Pub protocol REST bindings, we all felt it was important to communicate our intentions toward REST. In the end, we will call the protocol support RESTful Atom Pub bindings or something like that. David suggested perhaps exploring protocols other than Atom Pub, such as WebDAV. Apparently, these were ruled out quite a while ago and there are already WebDAV standards bodies. Decision is to continue with Atom Pub. Julian, who also seems to know HTTP extremely well, logged many issues around how CMIS uses / abuses HTTP and most of his recommendations are being incorporated into the spec.

David also raised the issue of reference implementations. In the end, we all agreed that we are all making progress on our own implementations and that a reference implementation wasn't necessary. There was interest and probably continues to be interest in an open Test Compliance Kit (TCK), but we all agreed that a clearer spec should be the primary point of reference rather than a TCK. It may be up to us, the open source vendors, to come up with a TCK. We have already created both a Java and .NET test harness to test CMIS access. Even Microsoft said that if you need a free CMIS test platform, you can get Alfresco. :-)

As the spec has developed, we have all been prototyping our implementations. The early implementors (Alfresco, EMC, IBM, Microsoft, OpenText, Oracle and SAP - in alphabetical order :-)) participated in an interoperability session or "plug-fest" at a Redmond interop lab in August prior to making the spec public. And it worked! It is a real testament to the fact that this is becoming a real standard. In other words, it works. This is part of the reason that there is not as much demand for a reference implementation. It is also part of the reason that it continues to develop and have such momentum. By working with each other to test each others implementations, we are discovering what needs to be tweaked in our software and what needs to be fixed in the spec. Another interop session is planned sometime around AIIM as well as a demo that the AIIM conference is organizing and sponsoring.

In addition, we were able to demonstrate our integrations with CMIS. IBM showed Quickr accessing CMIS. Day showed a prototype that they are working on that sits on Jackrabbit. Dave showed some new components that we are working on with Share and the Joomla and Drupal integrations with Alfresco using CMIS. Microsoft and EMC had shown their integrations in previous interop sessions.

There were a few other issues that we discussed. OpenText presented hierarchical properties. I presented a proposal on how to deal with Aspects or Mixins. A little more than half the systems represented, some like Oracle and IBM had more than one, support some notion similar to Aspects - think of them as data type plug-ins. The vendors that have broad search requirements had a great deal of interest in Universal Search (really a new use case) and want to see access to change logs to simplify indexing new or changed documents in ECM systems. However, I think we all agree that we don't want any of these to hold up a 1.0 of the specification and getting CMIS out to market.

CMIS has momentum. It will be a real specification. We all seem to agree on what we want and what our customers need. Companies are implementing it. IBM, EMC and Alfresco have released 0.5 implementations. Microsoft can't talk about what they are doing, but they will. (They would probably have to kill me if I knew exactly what they are doing. ;-)) It could be more and it can probably be better, but CMIS that is out there and implemented will be better than the perfect spec coming out much later.

Microsoft were gracious hosts and provided with good facilities and food. (Just replace the projector bulb. :-)) Thanks very much Ethan!

If you are interested, CMIS Tweets follow:

• Discussing CMIS use cases: Collab Content Mgmt, Portals, Mashups, Search
• Open use case issues: Observation, tagging, data dict., better REST bindings - less verbose
• Can't use MSN Messenger inside of Microsoft on their guest network. Bizarre.
• Going thru introductions, including favorite color. (Hmm.) Should note that SAP and OpenText are also here.
• Interesting discussion on reference implementation. Decision that Tech Committee will not implement ref impl.
• TC agrees that we need well documented test cases. Lots of interest in a Test Compat Kit.
• Show and tell coming up. Day and Lotus.
• Tomorrow will be REST design (with input from Roy Fielding via David Nuescheler), schema design and various issues.
• Now discussing REST issues. David Nuescheler is bringing up the issues first raised by Roy Fielding who first described REST.
• Discussed REST at length. Staying with Atom Pub, but will look at browser-based Javascript libraries.
• Gary Gershon is reviewing the SOAP bindings for CMIS.
• David Nuescheler: "There is no such thing as a REST binding. REST is an architecture."
• It is very difficult to concentrate on the minutiae of SOAP web services. (zzzzzz)
• Ethan (MSFT) now discussing unified search.
• Long discussion on universal search and relationship to observation. Universal search indexing looks like a MUST. Obs is SHOULD.
• Dave Caruana is demonstrating Alfresco SURF and CMIS.
• Dave Caruana just demonstrated Joomla and Drupal integrated with Alfresco thru CMIS.
• Just got caught out. I'm supposed to talk about data dictionaries and I don't remember what the issue was. :( Jet Lag!
• Long discussion on ACLs proposed by SAP. No appetite for XACML. Sorry James McGovern. Keeping it very simple.
• I was very surprised at Microsoft's interest in content crawling and Universal Search. Lumped into Observation discussion y'day.
• Just finished presenting how to do Mixins / Aspects in CMIS. Some want to model as related objects. How would you do it?
• Just finished OpenText proposal on "Hierarchical Properties"
• Question on the table - What do we need to do to finish the proposal?
• After lunch, group photo! Courtesy of Dennis Hamilton.
• Now batching.
• Discussing timeline for CMIS and flowcharted process. We are remarkably close! But min 6 months.
• Let me clarify. Get to public review in under 6 months.
• Closing out most open issues on spec from the Technical Committee.
• Would love to see Adobe here.
• Successful CMIS face to face complete! :-)

Alfresco Labs 3 Special Inaugural Release

 

Photograph: Win McNamee/Getty Images

"It has been the risk-takers, the doers, the makers of things -- some celebrated, but more often men and women obscure in their labor -- who have carried us up the long, rugged path towards prosperity and freedom." - President Barack Obama, January 20, 2008

How do you put out a release on one of the biggest days in history? The answer is you don’t, you wait until the day after and create a new beginning.

I’m pleased to announce that the final release of the open source Alfresco Labs 3.0. Alfresco Labs 3 has been our most important version of Alfresco yet. Combining new technologies, new techniques, new standards and new levels of ease of use, we have been fulfilling a lot of the vision that we had when we started Alfresco four years ago. This release combines the stabilization work that we have been working on in the enterprise release with new innovations specifically for the open source community.

The Alfresco Labs 3 releases that started in summer of last year have been aimed at expanding our collaboration and social computing initiatives and to providing an open source alternative to Microsoft SharePoint. In doing so, we have introduced a number of new capabilities that have not been seen in either commercial or open source systems:

• The first implementation of the new CMIS specification that is now in the standardization process with OASIS and promises to become the SQL of content management. Both the REST-based Atom Publishing Protocol and SOAP Web Services are provided.
• The first ECM implementation of the Microsoft SharePoint protocol after publication of the protocol by Microsoft in April 2008.
• New SURF, REST-enabled web runtime to provide an AJAX-enabled set of content management and collaboration components that utilize the rich Yahoo YUI AJAX libraries.
• Alfresco Share, which is a new collaboration application built using our WCM technology and provides on-demand collaboration sites integrated with SURF collaboration and Microsoft Office integration through the SharePoint protocol.
• New SURF collaboration components including wikis, blogs, forums, calendars, discussions, and social tagging.
• A new document management experience with the SURF-based document library that includes thumbnail and preview generation to avoid long downloads and eliminates the need to have the application locally with a Flash-based preview.
• Continued innovation of our WCM platform introducing features from the most recent enterprise release including web farm deployment, virtualization and reuse of assets between web sites. We have also converted much of the WCM functionality into Web Scripts that are accessible from you SURF applications.
• Multi-tenant capability to create virtual instances of Alfresco from a single machine.
• Managing in-bound email to collaboration sites for email-based collaboration.
• Integration of native PHP interpretation with the Caucho Quercus interpreter for integration of PHP applications and development of Web Script and SURF components in PHP.
• The new Web Studio drag and drop web site development tool designed to develop SURF sites and applications.

Perhaps most important is the fact that the enterprise and open source lines were merged to provide bug fixes found by our customers or through the certification process on a multitude of platforms. Since the majority of our enterprise customers start using Alfresco as a result of using the open source version first, it is in our interests to have a viable, robust open source implementation of Alfresco. We also believe that ultimately the primary reason people are buying the enterprise subscription is for support, warranty and indemnification and the fact that Alfresco is open source is what draws them in the first place. We therefore recommend that the community upgrade to this version of Alfresco as soon as possible.

There are still new features being introduced for the first time as part of this release. Web Studio is new separate application using the new SURF web framework to provide a drag and drop design experience to build SURF web sites and applications. Web Studio allows you to work with and view the web site you are developing, but uses the Yahoo YUI AJAX libraries. Web Studio is also designed to develop and edit web sites safely by using the new WCM REST-based Web Scripts and is fully interoperable with the Alfresco WCM application.

With the economy in the dumps, this is a particularly propitious time to release the stable open source version of Alfresco 3.0. Open source should thrive in this environment. Where companies and IT organizations may not even take a call from a traditional enterprise salesperson, they will download open source software. We want to be able to build market share in the ECM market with open source that is robust and thriving.

Adobe embeds Alfresco Repository

It's been quite a while in the making, but I am very pleased with the news today that Adobe will be embedding Alfresco technology as part of its LiveCycle Suite. A while ago, I wrote a blog about embeddable content repositories. It was clear then and more clear now that the old generation of content repositories is not really designed to be embedded as part of content-oriented applications. Yet, we all know that there is more information in content than there is in databases. Why can't applications use a set of services for managing content the way they manage data in embedded databases?

On this particular news, ComputerWorld reports Raja Hammond, Group Manager for Adobe LiveCycle, as saying, "Alfresco has a fantastic lightweight installation. It is J2EE server-based, so it is very much aligned with our architecture. We're able with this release to totally embed it. We've done extensive customization to the UIs to add additional capabilities to them. We've integrated them tightly with the various solution components within LiveCycle."

At InfoWorld, Brian Wick, Director of Product Marketing at Adobe said, "It's much easier, much quicker for our customers to build LiveCycle apps with the content services piece built in." This should be the sentiment of any product manager whose product handles content. This clearly the case of LiveCycle which handles potentially huge numbers of PDFs and forms.

Over at CMS Watch, Alan Pelz-Sharpe, a long-time ECM observer, blogged on the announcement that, "It's been a while since there was a big product announcement in the ECM world, but today's announcement by Adobe that they will be embedding Alfresco into their LiveCycle Enterprise Suite will doubtless garner a few headlines. Alfresco, the UK-based open source ECM company, has certainly done a great job of marketing themselves since their launch a couple of years back, stealing some limelight from more established and much bigger vendors such as Interwoven, Vignette, and OpenText. The question we have to ask is whether this announcement is another marketing   triumph, or whether it suggests something more substantial. First off is the fact that it is a real OEM (Original Equipment Manufacturer) deal, and the technology will actually get embedded into the Adobe offering, so it is more than simply a paper partnership."

It is also significant that the Alfresco platform is open source. Open source allowed Adobe and our dozens of other OEMs to try out Alfresco before even approaching us. Open source also provides a level of comfort and confidence in a platform for services like content services and content repository. It is much better than providing code in escrow. it actually provides a community as well to ensure the long-term success of the platform.

We look forward to a fruitful and simbiotic relationship with Adobe. We believe that this is the beginning of looking at content management as a peer of database management of an essential component of any enterprise-class application. Congratulations to Adobe on all the hard work and the new release.

A Manifesto for Social Computing in the Enterprise

Investment in the infrastructure of the internet has dramatically increased bandwidth to everyone in the developing world and created home computers that are not only inexpensive, but very powerful. This change has expanded the usage of the internet exponentially and introduced new demographics and generations of users that had not used computing prior to the expansion of the internet. These users have themselves created the content and applications that feed the internet and have set expectations of the applications that we use in web browsers and new mobile devices. The increased bandwidth has made this experience much more interactive and visual experience encompassing video and visual elements. Web properties such as YouTube, Google, Amazon, Facebook, MySpace, and Flickr have set the benchmark for expression, accessibility and social interaction of computing systems.

Dubbed Web 2.0, this revolution in computing has shifted the face of software from a logical, linear, and introverted science to an expressive, graphical and social art. New designers of web sites, unschooled in traditional software techniques, are nonetheless able to create software that scales to millions of users and billions of objects of information and still meld those users into an artistically aware community. The next generation of enterprise employees who started using the internet in their early teens have only known this evolving culture of free and creative development of the internet and now demand better of the enterprise software that they meet. Older employees also know that that the software that they use on a day to day basis can be better. Enterprise 2.0 seeks to emulate the success of Web 2.0 in the creation of new software for the enterprise.

Social Computing

The shift of computing power from business logic and calculation to socialization and people-orientation has been dubbed by some as Social Computing. The term Social Computing has been used interchangeably with Enterprise 2.0 or Enterprise Social Applications, however, IBM and Microsoft have created Social Computing research centers and Forrester has started to use the term in describing next generation enterprise collaboration. Social Computing is the use of technology to support sharing of information and enabling collaboration through social networks and to tap into the value of the “Wisdom of Crowds”, a concept made famous by James Surowiecki in 2004 to explain how many people are smarter than individual experts. Social Computing exploits software oriented toward people and Social Networks, the extended relationships of individuals, to connect to more people and access the Wisdom of Crowds.

To tap into the wisdom and awareness of social networks and empower people to collaborate at any time or place, Social Computing platforms need the following capabilities:

• People - Support information about people, their preferred communications, their relationships and affiliations, since social networking is all about people rather than just systems, data and objects. The more information available about other users, the more likely they can be found as a source of knowledge.
• Context of Networks - Social networks organized around projects, teams and departments provide the context of work and relevance of information as it spreads from creation to the people that need that information. Social networks, especially networks extended beyond the enterprise, provide the greatest differentiation of social computing from previous generations of collaboration.
• Social Collaboration - Provide an environment where people can share ideas, contribute knowledge and solve problems in creative, unstructured socialization as opposed to rigorous workflows that are required for control of information. Next generation tools use techniques developed by Web 2.0, particularly those tools that empower social knowledge, such as social tagging, integration of communication and awareness of changes in social networks.
• Content as a Service - Content is the container of knowledge and information and is core to the socialization of information. Content needs to be accessible everywhere, not just in large, monolithic applications. Content capabilities need to be accessible as reusable service components. Social computing can happen inside the enterprise or outside and a channel can be a web site, web application, mobile device or even external web platforms such as Facebook or Google applications. Mashups can occur inside the enterprise or outside and the channel will require content as a service that can securely be accessed wherever it is needed or wherever it is contributed.
• People-centric Tools - As Web 2.0 has spread new paradigms of user interaction, the consumerization of software has created expectations that enterprise software becomes easier and empowers user to contribute, correct and classify content and information within the context of social networks. AJAX and next generation rich internet application interfaces such as Adobe Flex will provide users with a much richer, more intuitive user experience and the ability to scan much more social knowledge to find ideas and solutions. These tools should themselves be componentized and accessible as a service so that they may be mashed up with other sources of social knowledge.

This does not mean that the need for traditional enterprise content technologies such as document and records management goes away. They are still repositories of the truth and verifiable information and thus play an important role in sharing knowledge within social networks. However, these traditional technologies lack the usability, empowerment, and breadth of reach that Web 2.0 sites provide. They lack the collaborative nature that invites in people without barriers and restrictions to contribute to the sharing of knowledge and information. Web content management for creating a richer Web 2.0-style user interface becomes even more important to this collaboration to provide a compelling face to the interaction and to simplify the access and navigation of shared information. Enterprise Content Management cannot become one of the principle platforms of Social Computing unless it addresses the requirements of Social Applications.

Use of Social Computing

The balance is shifting from contained and controlled companies to engaged and empowered collaborative enterprises driven by Web 2.0-inspired social computing. At the center of the shift from old models of computing in the enterprise to new social models are companies that are inspired to innovate or to engage more with their customers. This includes companies not just using their internet or intranet web sites, but engaging in social networking channels such as Yahoo, Google, YouTube, Facebook and MySpace. Those using social computing are interested in engaging people, such as customers, employees or partners. They are using new people-centric tools and facilitate creating or extending existing social networks.

Major ECM vendors are all planning their Social Computing efforts and to a large extent are being dragged in this direction by their more forward-looking customers. Enterprises that have discovered the value of Social Computing are:

• Consumer-oriented companies that particularly address a younger demographic must engage their customers as part of both the marketing process as well as the development of new products. For example, games and film companies that engage their viewers in plot and scene development do much better than those that keep everything under wraps until the game or film is ready.
• Enterprises hiring a new generation of knowledge workers who grew up on the internet must provide tools as empowering as those available from Web 2.0. Turning these tools off forces these workers to seek employment elsewhere and forcing them to use tools that do not meet their expectations of usability and engagement.
• Financial Services firms are leading the shift in usage of these technologies. Financial Services have always been innovators in developing new technologies and investing in providing better service for their clients. Speed in innovation in these services becomes a major competitive advantage where churn of clients can be very high in turbulent times. Internally, competition for talent is intense and providing better support is important for attracting and retaining employees. In particular, young and ambitious brokers and managers are more likely to be sociable themselves and seek out Social Computing inside and outside the enterprise.
• Government and Non-Profit organizations that provide services and citizen feedback online find increasing their IT budgets much easier than those that merely arbitrated by a front-line service. It is now inconceivable for an American politician to run for office without an extended internet presence such as Facebook or YouTube.
• Enterprises that have faster cycles of product innovation, especially high tech, are looking to their customers and partners to participate in the development of new products and services. In previous generations, the field acted as a filtering mechanism of new customer requirements and ideas. However, today technology can provide a frictionless way of getting the entire enterprise to exchange ideas and improvements with the customer communities.

Integrating Social Computing

Because Social Computing is unlikely to come from a single source, especially because of the diversity of sources of knowledge and social networks available on Web 2.0, it is extremely important for the enterprise infrastructure for Social Computing to be integrated with those sources. This means bring these sources into the enterprise and bring the enterprise sources out to Web 2.0. No matter where the people collaborating are, the tools they want should be available. To facilitate this, the Social Computing should be:

• Open Source - Through being developed through social computing paradigms and sharing best of breed components with the open source community, open source systems have evolved rapidly and encompass social computing capabilities developed by the open source community. Social tools such as MediaWiki, the wiki that powers Wikipedia, and WordPress, the most popular blogging software were developed using open source.
• Integrating the Inside Out - By providing content as a service and enabling light-weight, Web-Oriented scripting development, the Social Computing platform should quickly integrate content services into external channels and web sites, such as Facebook and iGoogle, to allow enterprises to engage customers, partners and home workers.
• Integrating the Outside In - If the Social Computing platform is modular and supports a Web 2.0-style mashup-oriented architecture, it enables users and teams to integrate external open source tools and social networking web services, such as Facebook, LinkedIn or other Open Social-enabled properties, to tap into the wisdom of crowds available on the internet and to make customers and partners part of team collaboration.
• REST-style Architecture - A Web 2.0-style or REST-style of architecture using easy, light-weight scripting languages and integrated through internet standards-based APIs can easily mash-up content services into any web-oriented application or web site. These architectures should be scalable, fault-tolerant and high performance to meet any enterprise or internet requirement.
• Choice - The Social Computing platform should be based upon open interfaces developed by the open source community to provide choice of operating system, database, application server, content authoring tools or APIs.

Over the past year and continuing into the coming year, Alfresco is dedicated to expanding its architecture and applications to enable this vision of Social Computing. We will work with partners and open source community to provide best of breed open source tools for enabling this architecture. We will integrate with external Social Computing properties such as Facebook and the Open Social alliance to expand the breadth of social networks and the ability to collaborate through those networks. We will be expanding the Alfresco system’s understanding of users as people and facilitate sharing of information and content through their networks. We will be open in the process and seek and encourage your feedback and participation.

What's Happening at EMC World?

This week is EMCWorld in Orlando and encompasses what used to be Documentum Momentum. Unfortunately, I don’t think I’m invited anymore. :-( However, it is definitely worth tracking what’s going on and I am trying to find out what was going on there by reading the news and blogs. I am also trying not to be so hard on Documentum and have acknowledged their leadership and innovation in integrating the ECM stack. At the conference, Balaji said:

"The future of content management is no longer just about securing, accessing and storing content," said Yelamanchili. "It is about driving new levels of collaboration and knowledge management through deriving more intelligence and context with information. It is also about managing all types of business processes and allowing connections to be made within and across different business environments. As a leader in ECM, EMC is in a great position to drive innovation in these key areas."

As far as I can tell, the big news on the Documentum side in terms of innovation seems to be TaskSpace, Based upon the description, it seems to be more focused on scanning and capture and “transactional content”.  There is a data sheet on EMC’s Taiwan web site.  What is surprisingly is that there are no screen shots, so it is really hard to tell what is different about this product versus the collection of technologies that they already had. There was this quote from Whitney:

“TaskSpace is designed for high-volume, content-rich task processing, providing sophisticated capture and business process management (BPM) capabilities. A user experience built specifically for managing transactional based content and processes, TaskSpace enables organizations to streamline transactional business processes and improve end user productivity.”

In addition, there is some talk about Web 2.0 streams that will allow developers to mash Documentum content with internal and external web content. This is great news. Again, it would help if there were pictures or more details.

I also noticed that Craig Randall presented the Documentum Foundation Services, which I would suspect contains their long awaited web services interfaces.

It’s a shame that there aren’t more people blogging about EMC World. Given that there are somewhere between 6000 to 8000 people depending on who is writing, I wish there were more people who blogged. A search on Technorati yields about 136 posts, but I can’t find a lot about Documentum in those posts. Let me know if I have missed anything.

Take AIIM on Security

I am off to the AIIM (Association for Information and Image Management) Conference in Boston right now. This is perhaps the largest Enterprise Content Management conference there is. I will be speaking tomorrow on Web 2.0 and ECM with Wilson D’Souza of MIT. Looking through the agenda of the conference, I was looking for sessions on security.

James McGovern has constantly asked me and other ECM vendors to solve security issues for ECM using the standards that have already been developed for web services, such as XACML. Looking at the agenda at AIIM, it doesn’t look like the vendors are taking it quite as seriously as James. James is an enterprise architect and his role is to look at stuff like this.

Trying to address security in some of the standards groups such as AIIM’s iECM initiative and JSR-283, the successor to JSR-170, has been politically tricky. It is difficult to figure out what a common view of security is given all of the different models of security such as Access Control List, Role-based Security and Policy-based Security used in Records Management, let alone all the different vendors’ implementations of each. However, looking at this problem going forward, without addressing and standardizing security, we are creating huge barriers to interoperability and not meeting the requirements of new models of interaction on the internet.

In looking at how new Web 2.0 companies are starting to mash-up and integrate different services, it is hard to see how we can extend these capabilities into  more secure and sensitive services such as eCommerce or bringing these services into the enterprise without a common notion of identity, role, entitlements or membership. As vendors, we either address these issues or, like so many time before, they will be addressed for us by others on the internet and we will be forced to catch up.

I have been doing some background thinking on this and here are some important points that I think ECM vendors need to consider:

• Common identity. There needs to be a common way of addressing identity between different services whether those services are in the enterprise or outside. As we start to bring customers and partners into the process of serving themselves or helping us design new products and services, we can’t just rely on internal directory services. OpenID is the only standard that I am aware of that provides a neutral way of identifying users and is not dependent on any single vendor.
• Common Models for Rights Management. The big, looming problem in content is the fact that huge numbers of users are adding, accessing or updating an even larger number of pieces of content. This calls for a model that controls content through definition of context such as time, location, metadata or role. XACML could very well fit this model. However, users need to understand this model as they set up the controls on the content.
• Distributed Directory Services. Identity is not sufficient for determining roles or entitlements. There needs to be a more open way of integrating multiple directories without revealing sensitive information. This is the same problem we are trying to solve for content and directories need the same mechanism to define access.
• Mashup Frameworks for Security. Mashups, the integration of different systems at the browser level, represent the fastest-growing and easiest mechanism to weld systems together. Almost all mashups have no notion of security and only work on public systems. In addition, they introduce security holes that require code running on other systems since JavaScript security features in browsers prevent parts in a web page from executing between two domains. Google has introduced a mechanism for Gdata and other mashable components to execute code. This type of mechanism needs to be standardized and a model of trusted sources needs to be integrated.
• Search and Security.  As search becomes increasingly federated, such as through the OpenSearch API, managing identity and entitlements on content becomes very problematic. The search sources should filter out any content to which the user doesn’t have access. However, that requires some cooperation with the software that is doing the aggregating and the content sources. ECM systems will probably control the most sensitive information, but this will need to be aggregated with public sources as well to create effective search applications for the enterprise.

Help the process by asking your vendor how they expect to address these types of security concerns. If you are at AIIM, bring the issue in relevant sessions. I don’t have all the answers nor does any vendor. People in the middle of this problem like James can help by bringing up their use cases. If we start asking the questions, then perhaps we can collaboratively answer the questions and solve this problem. If you think standardizing this is hard, try imagining building next generation systems without standardizing these security needs.

Add Salesforce.com to the Enterprise Content Management List

Today, Salesforce.com announced that they will be getting into the ECM business by acquiring Koral, one of our neighbors here in Maidenhead. Some of the guys there are our friends and we wish them luck in this new turn in the ECM market. They scored a real coup showing up at Demo last year and it obviously got the attention of Salesforce. The system has not been around long, but they have added some interesting Web 2.0 twists. It is focused on document management and was born out of the efforts of BuildOnLine, a specialist online content management provider for the construction industry that has recently merged to create CTSpace.

This is a significant shift for both Salesforce.com and for the ECM market. As we all know, although most of the Fortune 1000 have ECM, penetration into those accounts can generally figured in single digit percentages and practically non-existent in smaller organizations. Increasingly, ECM will be delivered either as a software or physical appliance or as software as a service in a utility like form. Smaller enterprises or organizations that have generic content management requirements will find this service useful. This will allow Salesforce to leverage its brand and start with the sales organizations. It also give Salesforce a means to expand its business beyond the sales and marketing organization. It also further validates the Software as a Service model for simple utility functions.

Although everyone is looking for simplicity, not everyone will be looking for a utility-like approach to ECM. It is up to the ECM vendors to simplify the installation and set up process to make it as easy as flipping a switch, but keeping the content inside. Organizations that are not comfortable putting their documents outside the firewall, such as financial services and government organizations are more likely to look for an internal system. Also, as the BuildOnLine guys found out, once you move to the area of specialist content applications, the sale gets much harder and configuring systems becomes even worse.  Records management, engineering applications and specialist publishing applications fall into this category. It will be entirely up to each organization which makes sense for them.

Software as a Service is a model that Salesforce.com didn't invent, but has become its biggest proponent and greatest success story. This acquisition will raise the profile of SaaS as a model for ECM. Salesforce will not be alone in delivering content management services as others are developing their solutions with systems like Documentum and Alfresco. Likewise, Microsoft is taking Sharepoint on-line with the Office Live offering. Other companies are now looking at providing an SaaS model for web content management and collaborative content management as well. No doubt we will be seeing feature by feature comparisons between these various solutions soon. Depending on the breadth of functionality, integration with internal systems and scope outside of sales and marketing content, we will see how Salesforce does.

How to Discount Your ECM System without Really Trying

If you are a customer of Documentum, FileNet, IBM, OpenText, Vignette or Interwoven, there is a really easy way to get deep discounts in your next license negotiations. Just follow these 3 easy steps:

1. Download Alfresco here
2. Install it in less than 5 minutes
3. Walk through the Alfresco Tutorial here

Even easier, try a hosted trial here.

That’s it. If you say you are using Alfresco and that it is so much easier and cheaper, these ECM guys are offering massive discounts. The steps above will give you all the information that you need to have the upper hand in negotiations. Alfresco is even cheaper than their annual maintenance, because it is based upon CPUs, not users, so you can use it in negotiations for annual maintenance.

If the discount isn't massive, it is because they don't think you are strategic. It really shows what they think of you. In the strategic accounts, they are definitely discounting just to keep the business. If you still want to do business with them, it could be worth some free extra training or some free consulting time.

The secret to negotiation in enterprise software is to be confident and know that you can get a better deal elsewhere, even if you have no intention of doing so. They are often willing to match our support costs, but you can’t beat free. That's all it costs to try Alfresco out. The sales guy may appear to be confident in his negotiation, but he’ll be thinking, “Oh no! Not again.” You’ve got him where you want him.

Oh and by the way, try this at the end of the quarter. Right about now would be perfect for Q1 targets when things are pretty tough for them anyway. Having flushed their pipeline to get their annual commissions in December, they are much more flexible right now.

“The Departed” - Dave DeWalt and Documentum

Being a co-founder of Documentum prior to starting Alfresco, it is only natural that people are asking me what I think of Dave DeWalt’s departure from EMC to become CEO at Security Software firm McAfee. EMC is also one of the largest players in enterprise content management after acquiring Documentum and so we should have an opinion.

I actually owe quite a bit to Dave DeWalt. I worked with and for Dave while at Documentum. He and I are actually very different. He is a tall, aggressive Olympic wrestler who runs triathlons. And me - well, I saw a triathlon or something like that on television once. Documentum’s turn-around after the recession in 2001 has a lot to do with Dave’s determination and competitive nature. Dave is also very smart and very ambitious.

I made a bet with someone in EMC that Dave would be CEO of EMC within two years. Dave’s progression from his initial entry in Documentum to his current position as the CEO of McAfee has been remarkable. Dave began at Documentum to head up the web content management group when Documentum had no solution. The early success transformed the Documentum brand and set up the all time high market value for Documentum. Jeff Miller, the CEO of Documentum at the time would frequently say that Dave would make a great CEO one day. Dave took on the role of running product operations, then became COO and then CEO in relatively quick succession. Not bad for something like a three year run.

It was around the time that Dave was COO that I left Documentum. Six years of travelling to the US once a month to be at the center of power in Pleasanton got to be too much. That was the price that I paid for choosing to live in the UK and still have any influence. However, I wouldn’t leave Documentum when it was low, but Documentum was on a high and it had been 11 years since starting it with Howard Shao. It wasn’t long after that the stock market crashed and Documentum stock with it.

Dave taking the reigns as CEO did a great job in recovering the stock price and for that I am extremely grateful. Dave’s management style was seemingly to do everything and he was at the center of most major projects. You can’t fault the job he did though. Documentum stock went from strength to strength as the rest of the enterprise software world was collapsing. As he moved up, he still held responsibilities for the core product and sales. Howard Shao was behind the acquisitions with good execution by Rob Tarkoff. But Dave glued the pieces together building a loyal cadre of people to run the business.

I had expected Documentum to be acquired by Oracle in the 2002 to 2003 timeframe. According to Oracle PowerPoint slides released as part of a DOJ anti-trust investigations indicated that Oracle was thinking the same thing. However, it was EMC that made the winning offer. What I had heard was that Dave, who used to work for Oracle, was not interested in working for Larry Ellison. (Could you blame him?) The price that EMC paid was one that neither Oracle nor IBM were willing to pay. I didn’t hold on to my new EMC stock because I knew nothing about the hardware business.

Dave, coming from the aggressive “only one of you will come out of here alive” culture of Oracle did very well in EMC, especially since EMC essentially left Documentum alone. The senior managers on the hardware side lacked Dave’s charisma, enthusiasm and customer engagement style. Dave moved from CEO of the Documentum business to co-head of EMC software to President of the software group. EMC was proud to declare that had one of the top 10 software businesses. Dave taking over the Legato group was a real coup, no really, a *real* coup. The acquisition of Captiva has been particularly lucrative for EMC. As I have said many times before, EMC was busy consolidating the Enterprise Content Management industry through acquisition.

Joe Tucci probably won’t be around forever. I really believed that Dave’s career would continue its trajectory to become CEO of EMC. Taking over World-wide Sales was an indication that it was in the cards. What I have heard was that there was concern about Dave’s lack of experience in hardware and lack of discipline at various company events led to him to be not taken seriously to run a $6 billion per year business. You can see Dave thrive being the boss and not getting the top job would lead him to look elsewhere.

Anything could have happened to cause Dave to leave. However, there are indications that EMC did not expect it. As of today, March 9th, Dave DeWalt was still on the EMC Executive Team web page. In addition, having two people in charge of the software division, Mike DeCesare and Balaji Yelamanchili, is consistent with Tucci not making a decision of who is charge or just letting things sort themselves out. However, having both in charge of an important division that must be close to a $1 billion business is a tacit admission on the part of EMC that they neither are up to the job either. There are a couple of events that Dave should have been at and EMC just had to cancel, even though really shouldn’t have. It could be that Dave was asked to look elsewhere or that he was just plucked from the air by McAfee. Knowing Dave, it’s likely that he got frustrated at the fact that he wasn’t going to get the top job and just went and looked elsewhere.

Dave commands a great deal of loyalty because he respects and rewards loyalty. He was more than a hands-on manager as he took on responsibility to sell and drive product strategy himself. Of course, there is the Dave that I knew pre-2001 and people have said that he has grown, but Dave’s personality and drive will only change so much.

I would expect some significant hiccups without Dave at the helm. Ironically, sales for EMC could go smoother, although the shift from an extrovert, aggressive, technologically savvy executive to Bill Teuber, EMC’s CFO until last August, is a very stark contrast. The software division will have a big whole in it. The looming threat of SharePoint 2007 is a big one for Documentum. The merged IBM and FileNet will be coming out of their massive integration sometime this year. I won’t even mention open source.

   
DeWalt and Teuber must have very different styles.

Without the bond of personal loyalty that Dave built up, I really wonder what will happen to that layer of next generation of executives that came on board after I left. Can we expect to see heads move from EMC to McAfee? Did EMC give him a golden goodbye to not take anybody? Now that Howard Shao has retired and Dave DeWalt has left, who will drive that vision of what Documentum and the combine entity that is EMC software will be? Technical decisions will be ably handled by new CTO Razmik Abnous, one of the original engineers of Documentum, but what about the business side?

This will be an interesting turn in the further consolidation and commoditization of the ECM market.

Ian Howells: With Open Source you can't be half-pregnant

My colleague, Ian Howells Chief Marketing Officer at Alfresco, has posted a blog on how Geoffrey Moore's marketing models describe what is happening with the commoditization of the ECM space and how the network effects of open source are accelerating the pace of commoditization of enterprise software. He quotes Geoff:

"Enabling technologies commoditize extremely well, allowing them to proliferate into markets far afield from the original starting points and generate a high degree of network effects. These in turn put pressure on the overall marketplace to standardize exclusively on a single set of components driving market shares to extraordinary levels …”

Ian sites Alfresco move to GPL as embracing this network effect and that companies should embrace open source whole heartedly. Ian says:

"You can’t be 'half-pregnant' and similarly you can’t be half open source and half proprietary. It is open source, not hybrid models that will drive true disruption, commoditization and benefit most from the network effect. The GNU General Public License (GPL) is the ideal license to drive forward this industry disruption and accelerate the network effect. That is what drove us to move to GPL."