Monday, March 19, 2012

Identity Management on a Shoestring - eBook Published by InfoQ Today


I've written before about the white paper on Identity Management that I co-authored with Umesh Rajbhandari. We have been in discussions with InfoQ about publishing it as an eBook, and after a long edit process (mainly due to delays from my side), this has finally made its appearance.

Anyone interested can download the PDF here after (free) registration.

According to the publishing agreement, we have to point back to the InfoQ site for the soft copy, so I have removed all links from my blog to the original site where I had hosted the white paper. The latest version has some additional material that wasn't in the original white paper, so it makes more sense to go to the InfoQ site in any case.

I hope this book will prove useful to practitioners embarking on implementing an Identity and Access Management (IAM) system for their organisations. We believe we have pioneered a loosely-coupled approach to IAM that is unique and delivers significant benefits compared to off-the-shelf commercial alternatives, and we call this LIMA (Lightweight/Low-cost/Loosely-coupled Identity Management Architecture).

Thursday, March 15, 2012

My "Goldilocks Logic Quadrant" as a Superior Alternative to Gartner's Magic Quadrant


I must confess I don't have a great opinion of Gartner, Inc., or indeed, most technology analyst groups. It is my belief that analysts overly complicate technology to appear expert, and collude with vendors to move kit by convincing customers that they need the useless bells and whistles that vendor products feature. [As a particular pet peeve, I will never forgive Gartner for overcomplicating and fatally crippling SOA, with their reference models, the baroque cathedral of "SOA Governance" and execrable offshoots like SOBA and SOMA that nobody can understand or explain. Which is why I wrote the Practical SOA white paper in collaboration with WSO2. Update 28/11/2012: I've also written a white paper on SOA Governance.]

Lest this appear too broad a criticism, here is a more nuanced picture of what I think of Gartner's contributions overall:

1. Their categorisation and classification of players and sub-domains within a technology domain is usually very comprehensive, and useful in acquiring a quick mental picture of what the domain represents. It would be churlish on my part not to thank them for aiding my understanding on numerous occasions.

2. Their Hype Cycle is moderately useful, because (in addition to the concept of a Hype Cycle itself being valid and very insightful) it helps to position current and future technologies, even if the specific placements of some of them on the curve are often questionable.

3. Their predictions about the future (along with the ridiculous probability figures attached) are often plain wrong. Their crystal ball is in fact a rear-view mirror. [In the previous decade, Linux and Open Source left them with egg dripping from their face year after year, and they were obviously playing catch-up with reality.]

4. Their Magic Quadrant is positively harmful to customers.

It's the last of these that I want to talk about today.

The Gartner Magic Quadrant is an article of faith among corporations (including most of my employers over the past decade). It is the first port of call when evaluating products for purchase in a given category. There are many reasons why thinking architects hate the malign influence that the MQ has over corporate drones. The Gartner MQ is a convenient and backside-covering way to outsource one's brains when embarking on something as risky as sourcing a new technology. Just like nobody ever got fired for buying IBM, it appears nobody ever got fired for selecting a vendor from the Leader quadrant of the Gartner MQ.

It wouldn't be so bad if the MQ actually did a good job of analysing and categorising the vendors in a given market segment. It doesn't. It's horribly biased and reactionary. Many good technology options never get on the diagram. It doesn't consider hybrid end-to-end solutions, which are often the best answer for a customer. And I won't even go into the industry whispers about vendors buying their way onto the diagram, though that's a fairly common complaint.

For those who aren't already familiar with it, the Gartner Magic Quadrant has two axes, as shown below.


On the x-axis is "Completeness of Vision". Call me cynical, but I see this as a euphemism for "Overly complex and a checklist-ticker's dream".

On the y-axis is "Ability to Execute", which I see as a euphemism for "Big vendor".

The four quadrants represent Leaders, Visionaries, Challengers and Niche Players.

The Leadership quadrant, which is supposedly the unadulterated goodness of the IT industry crammed into one little corner, is nothing but the collection of the most bloated and expensive technology sold by the most rapacious corporations. That's what I mean by the unholy alliance of analyst and vendor.

I propose a more useful variant on the Gartner Magic Quadrant. I call it the Goldilocks Logic Quadrant, with tongue firmly in cheek. But though the name is whimsical, I'm deadly serious about the tool itself. I use the name "Goldilocks" because of its focus on what is "just right", as with all of Baby Bear's things. Qualities on either extreme ("Papa Bear" and "Mama Bear"  characteristics) are both undesirable in comparison.

In place of "Completeness of Vision", I would use "Capability Fit". Unlike with Gartner's MQ, more features aren't necessarily better in the Goldilocks Logic Quadrant. What we prize is the minimal capability that will meet our needs. Anything more increases the complexity of our ecosystem with no additional benefit, so it earns negative points. This is about "just enough IT", as a good friend of mine puts it.

Similarly, in place of "Ability to Execute", I would use "Solution Viability". I don't care if a vendor can do this or that. What I'm interested in is whether the technology when deployed within my environment can sustain itself without giving me headaches. In other words, is it supported now and into the foreseeable future, and is such support inexpensive? Unlike with Gartner's Magic Quadrant, a popular Open Source technology with a thriving user community and lots of third-party organisations willing to support it commercially at competitive rates would score highly on this axis of the Goldilocks Logic Quadrant.


If a technology solution is minimally adequate (it does the job with no frills) and is supportable at reasonable cost, then it represents Value for Money.

If it is minimally adequate but inadequately supported, then it could be considered a Quick-and-Dirty solution. If minimally adequate but overly expensive, then it's an embarrassment to justify to the bean-counters. Such solutions are therefore either Risky or a Rip-off.

If a technology solution is viable and inexpensive, it tends to remain in place because there is no economic incentive to remove it. If it is functionally inadequate, it's viewed as a Tactical Stopgap. If it is overly complex, then it tends to be cursed - a Whipping Boy, Either way, it's an Irritant because the business case to replace it is hard to make on account of its favourable economics.

There are many ways in which the worst aspects of Capability Fit and Solution Viability intersect. A functionally inadequate solution that is inadequately supported is little more than Demoware. If support for such an inadequate solution is overly expensive, then such criminal waste could even be viewed as a Sackable Offence. On the other hand, an overly complex feature set if inadequately supported is a ticking Time Bomb, because the understanding required to maintain it simply isn't there. If an overly complex technology is being maintained at great expense, then it's a White Elephant. In all these cases, this combination of bad features can be considered a Train Wreck.

I see the GLQ as a useful tool for thinking IT folk who are willing to stick their necks out by doing independent research into the options they have, and choosing one that represents the best value for money for their organisations.

And as you can see, the Goldilocks Logic Quadrant offers value to customer organisations but tends to disadvantage big vendors. That's OK, because I don't have Silver Lake as my holding company, nor do I call Bill Gates, Michael Dell and Larry Ellison "limited partners". The best argument in favour of the Goldilocks Logic Quadrant over Gartner's Magic Quadrant is that it has no axe to grind.