Roger Sullivan Blog

I just returned from Oracle OpenWorld in San Francisco. Superlatives don’t really do it justice. There were so many people, so many sessions, and so much information to absorb that it was a bit overwhelming. If one didn’t focus on one’s objectives and agenda it would be very easy to get distracted and squander the opportunity to network and get informed. One of the best comments I heard was, “In past years there was a lot of marketing at Oracle OpenWorld. This is now a truly educational event.” Mission accomplished.

One cannot help but be impressed by the scale of Oracle’s worldwide business and comprehensive suites of technologies. Customers have confidence in Oracle’s ability to invest in products that fulfill the complete range of customer requirements. The companies that Oracle has acquired over the past several years have been best of breed technologies providing functional excellence in their particular space. Individually, these companies delivered high performance solutions targeted at solving particular business problems. The scale of Oracle allows us to integrate these products into a cohesive suite and provide synergistic benefits. Additionally, our adherence to industry standards and partnerships with leading third party organizations, allow us to deliver solutions that analysts recognize as superior to the competition.

The Moscone North keynote hall’s capacity was about ten thousand seats. It was highlighted by a twenty by three hundred foot high-definition media screen on which images continually flashed, presentations were displayed, and community comments scrolled by. The experience was a continual feast for the eyes. In the midst of the hustle and bustle, there was a unique oasis of calm. Before each general keynote address, Zoë Keating (warning: sound on this link) a cello soloist gave a performance that was entrancing, hypnotic, soothing and technically intricate.

When I first walked into the hall and heard the music, I wrongly assumed that Ms. Keating was accompanying a sound track that had been previously recorded elsewhere. In fact, she was using a technique of recording a passage of music and then looping that section over and over while recording more tracks on top of the preceding ones. Her album’s title “One Cello x 16” is fairly self-descriptive of what’s going on.

As I listened, it was very difficult to tell what was live versus the tracks underneath without carefully watching her fingering, plucking, bowing, and sometimes gently striking the instrument. I arrived early to one of the keynotes in order to hear how the music built upon itself in ever-increasing complexity. It was fascinating. If one closed one’s eyes, one would fully expect that there was (at least) a full string quartet on stage. Yet on looking, there was only the solitary figure bowed over the one instrument, coaxing from it the most beautiful sounds.

Listen to this selection from “Legions” on her web site and you’ll get a good – albeit brief – sense for how the melodies and rhythms build one upon the other in layers upon layers.

It was nice to have this relatively peaceful reflective time during the rush of Oracle OpenWorld. It gave me the opportunity to think about lessons learned, common themes and issues with which folks in the identity management communities are wrestling.

In general, I would say that there were three universal threads: 1. Have a plan; 2. Start with a good identity foundation; 3. Gradually build upon the foundation.

Virtually all of the presenters from enterprise organizations emphasized the importance of involving both business management as well as information technology management in the analysis and implementation of identity management systems. I listened to British Telecom, Cisco, National City, Chick-Fil-A, Monster, Mitre Corporation, and others who clearly stated that an identity management deployment must be a partnership effort between technologists and business people. The business people understand the functionality and governance issues that need to be addressed, while the technology folks understand the security and infrastructure requirements to make it happen.

The second common theme among these successful organizations was that they all made sure that their foundation for identity management was solid. By this I mean that they had made and implemented the critical infrastructure decisions regarding issues like whether to consolidate or leave alone multiple identity stores. In the relatively rare case where they planned to consolidate, they made the necessary forward-looking decisions regarding the definition and design of identity attributes before they simply replicated the pre-existing state of affairs. In the more usual case where organizations implemented Virtual Directory technology to create a common interface into their identity stores, they clearly understood how this design would support their access control implementations for which the system was designed.

More than once during the week I heard the admonishment of “don’t boil the ocean.” This was repeated both by customers as well as Oracle product managers with the experience of literally hundreds of successful implementations around the world. This means that a well-planned project should be executed in phases where success builds upon success. Identity management is not a simple concept and it has significant implications for both business and technology sides of the house. Taking a step-by-step approach, where each chunk of the project is thought out, planned, and incrementally implemented assures success building upon success layer by layer.

Odds and ends:
· Overheard on the airport shuttle: “Spammers are getting more sophisticated all the time. They entice you to click on the attachment and then, BOOM! You’re pfished.”
· Conversation with a seatmate on the Oracle OpenWorld shuttle bus when she said: “I found someone’s log-on credentials under a demo station. I had taken an ethical hacking class so I didn’t look at it and turned it into the booth receptionist.”
· Greenfield Opportunity: I had a conversation with a government agency during which they made it clear that they are in the process of completely re-architecting their identity management systems. Effectively, they are starting from scratch, redesigning identity repositories, creating proper access control, role management, and bridging to external partners and other government agencies via strong authentication and federation technologies. I’ll be speaking more with them over the coming months and am looking forward to the continued dialogue.
· Identity Scam: I was rushing along back to the Moscone from a customer session when a fellow appeared at my elbow fast-talking about no place to stay, lost luggage, needing cash and holding up an Alaskan drivers license as proof of identity. After giving him a few dollars and walking on, I realized that he had kept his finger covering the face on the license each time he held it up for me to see. Spoils one’s charitable instincts and emphasizes the need for multi-factor authentication even in mundane transactions.
· TSA screener at SFO after looking at my ID: “Hey, it’s almost your birthday. Congratulations.” Nice to know that they are paying attention.

It’s been a busy several months for identity solutions and yours truly. Since my last post, I’ve been in Sao Paulo, Stockholm, Columbia, Venezuela, plus cities around the U.S. talking to Oracle customers and prospects as well as working with identity standards activities about solutions in this fast evolving space.

Throughout my travels and discussions, I am continually reminded of the commonalities that tie the global economies together. Examples include the need for increased efficiencies in on-line transactions; the desire for closer and more convenient relationships with customers, partners, and social networking colleagues; and the overriding need for heightened security for business data as well as protection of personally identifiable information.

At the same time, these very issues have been reinforced in another context – that of identity industry standards.

The Liberty Alliance, has been leading the identity standards development effort since its founding in late 2001. During that time, Liberty has focused on a holistic approach to identity solutions by producing not only technical aspects, but also business guidelines and standards for creating secure, privacy-respecting identity meta-systems.

At the same time, the industry has seen other initiatives emerging that intend to address a narrower slice of the problem set. These solutions have met with more or less success (measured by actual deployments) depending on how well these initiatives have addressed the fundamental requirement of interoperability with existing standards.

As customers repeatedly tell me, the importance of interoperability cannot be underestimated. Customers need the ease of interchangeable solutions that can adapt to changing business needs. The core element that permits this is adherence to and interoperability with accepted industry standards.

Because of the proliferation of initiatives to solve unique problems, customers are rightly concerned that these initiatives will not interoperate within the customer’s existing infrastructure or, worse yet that these innovative solutions will require an extensive rewrite of existing applications in order to accommodate this new phenomenon. I’ve heard inexperienced vendors’ enthusiastic dismissals of these legitimate customer objections by saying something along the lines of, “These IT folks just don’t understand the new identity paradigm (cool word, huh?) that we’re offering. It’s gonna be hot! The whole world is gonna jump on the bandwagon and then the IT shops will just have to adopt it.” … Wrong. Solutions are adopted (as the word would imply) when they actually solve a legitimate customer problem.

Now some may read this as my dismissal of innovative approaches to solving real-world problems. Nothing could be farther from the truth. As I have said publicly for close to twenty years now, technology is the “wild card” of solution innovation. There are only so many ways that human beings can perform a manual function. Yet, when one applies the speed and agility that can be uniquely applied by computing power, one can address business problems in ways that are limited only by one’s imagination. Innovation like this provides sustainable competitive advantage

Technology innovation also needs the opportunity to incubate, take root, and flourish unfettered by cumbersome bureaucratic constraints. This need for free-form development has been the driving force behind several of the identity management initiatives. The difficulty arises when these initiatives need to ‘cross the chasm’ from pure innovation to more mainstream adoption. A fundamental requirement of mainstream adoption is that newer technologies must coexist with existing technology infrastructure investments. If the coexistence requires too much effort or ends up forcing the customer to create one-off proprietary integration points to close the gap, then chances are that adoption will be slowed or even halted.

To address this issue, a group of folks from the various initiatives have been discussing possible approaches. In full disclosure, this discussion was begun in the context of Liberty Alliance’s regular strategic planning review during which we discuss market conditions, customer requirements, and work – technical and non-technical - needed to address potential gaps. This year, we decided to expand the scope and solicit the active participation of key people in the identity community who were not Liberty members.

Those involved in the original sessions are to be commended on the open, candid, professional way that they provided feedback to us. We are grateful for their participation and have already seen very positive indicators that we are on the right track in this effort.

An immediate by-product was that Liberty formed the Web Services Harmonization Special Interest Group (WSH-SIG) whose members include a broad spectrum of Liberty and non-Liberty representatives interested in ensuring interoperability among technical standards that are vital for identity-based transactions.

During the strategic planning process, we conducted two-dozen formal interviews and many more informal discussions. In all, those who participated in the process over the past six months have devoted literally hundreds of collective hours in conference calls and face-to-face meetings. We gathered a wealth of thoughtful input regarding what’s working and what’s not working in the identity standards community as a whole – well beyond the Liberty Alliance’s activities.

The basic conclusion is that most of the various identity initiatives have unique value but are lacking a cohesive means to coordinate and harmonize their efforts with one another. Additionally, many individuals and companies have to invest redundant human and financial capital in order to participate in activities that are essential to their business objectives. This creates an unnecessary drain on large and small companies and slows the overall sector growth.

To solve this, we have proposed that these various initiatives seek a way to come together under a shared organization structure that will actively foster innovation, provide a mechanism for harmonizing various initiatives, and also provide a logistical support structure for shared services (like: IT, staff, legal, financial management, interoperability testing, etc.).

There is an active discussion that is taking place in Google Groups here. You will also find an overview presentation that lays out the initial vision, mission, structure, and operations proposals. The second slide of the presentation lists some of the individuals who were involved in this effort along with their company affiliations.

We are formulating the vision, mission, and principles of the proposed organization as I write this. And, we have deliberately delayed the naming of the organization until such time as we achieve consensus on its purpose. For the moment, we are simply referring to it as: IDtbd (i.e. IDentity To Be Determined).

We are very interested in achieving broad representation and consensus among the discussion participants. Moreover, we welcome any interested party to the discussion. These are fast moving formative times in the identity community. Identity solution adoption and deployment is growing rapidly while, at the same time, new and innovative approaches to solving business problems are emerging.

It is vital that we join together in open, collegial dialogue in order to create long-lasting, secure, privacy respecting, and interoperable solutions.

Please join the discussion.

*******************************

As a footnote, the kind lady who served as my interpreter in Caracas asked if my previous blog post about being offered free tickets to Grey Gardens in Times Square, New York was really true. Yes, it happened exactly as I recounted it. There really are nice people out there who practice random acts of kindness.

I have often thought about what it must have been like for early explorers setting foot on foreign soil for the first time.

In the case of the Pilgrims first encountering America on the shores of Cape Cod, I would imagine that profound gratitude at being alive to see the land after an arduous crossing lasting many weeks would have been the overwhelming emotion.  This would have been closely followed by acute anxiety about the coming winter months, the need for shelter, and lack of food and fresh water.  This was soon followed by fear about the Native Americans who were sensed more than seen until a skirmish ensued on First Encounter Beach.  It is important to note that the Pilgrims had pilfered the grain that the natives had gathered and stored after the harvest.  So, more than likely, the natives were justifiably angered that their early spring food stores had been stolen.

Consider other voyages and expeditions like Lewis and Clark, James Cook, Magellan, and Columbus.  What did they think when they arrived at their sought-after new land?  How did they communicate basic human needs?  How did they communicate more complex interactions like bartering for supplies, buying land, negotiating trade agreements between countries?

I would imagine that signing was extensively used in the early days.  However, as time went by, early entrepreneurs or opportunists who were linguistically inclined hired themselves out as interpreters.  Trust had to be a significant factor in these arrangements.  Each side of the transaction must have watched closely for any indication of double-dealing or less than accurate interpretation of the intended words.

During my schooling, I had a lot of formal and informal language training, having lived overseas in my younger years.  In order to get along with my elementary school peers in Germany, I had to quickly learn basic German if I wanted to participate at all in the local children's games.  Even younger still, I lived in Japan.  I believe that my love of the Orient was somehow imprinted on my impressionable mind and that simple phrases stuck in my mind's language memory banks.

Later, in high school, college, and in military service, languages came relatively easily to me.  In the U.S. Army, I was trained as a Thai linguist.  However, without continued exercise, the mind's language "muscles" atrophy pretty quickly.  This is especially true with tonal languages such as Thai, where the same sound (like "ma") can have five completely different meanings depending on whether it is pronounced with a low, medium, high, rising, or falling pitch.  To a Western ear, this is really hard to master.  Not a few of us in the class would confuse two particular pronunciations of "ma" -- one being "woman" and the other being "cow."  This would have the expected -- if unintended -- consequences with our female instructor.  Needless to say, she was not pleased with our clumsy progress.

Later, when I made the career transition to high technology, programming languages were my entry paths.  I spent my initial years with a low-level "macro" language used in programmable point-of-sale terminals.  It's been a long time since I did any computer coding, but my early spoken language training continues to serve me when I find myself  interacting with people from around the world.

Similarly, technical standards are analogous to the invaluable interpreters of early explorers.  Technical standards allow "foreign" applications, operating systems, and hardware to interact with one another.  Each element is valued for its own unique functionality that satisfies a need.  But, without a way of interchanging data and passing off functional responsibility to the next piece of the overall solution, these technical elements are simply a cacophony of competing proprietary interests.

Years ago, Oracle made a highly visible and public commitment to adhere to industry standards.  We further committed to supply our customers with products that are truly interoperable elements of comprehensive business solutions.  We committed that these elements would plug in cleanly through standard interfaces.  We did this primarily because it is what our customers want.  We also did this because it allows us to leverage acquired technologies more quickly and to assimilate them within our Oracle Fusion architecture, while at the same time allowing these products to interoperate cleanly with existing technical infrastructures within customer environments.

We have continued to follow through on that commitment, with last week's announcement of Oracle Authentication Services for Operating Systems.  This is a new offering within Oracle Identity Management, a component of Oracle Fusion Middleware. 

Oracle Authentication Services for Operating Systems is software that centralizes user management and authentication across major Linux and Unix flavors.  Traditionally, organizations have had to store and manage access and identity information locally on individual Linux or Unix servers throughout their enterprise.  With Oracle Authentication Services for Operating Systems, IT managers can now centralize this information in a single corporate directory resulting in improved management while end users can use their single sign-on login to access enterprise applications as well as Linux or Unix servers.

Organizations with Unix or Linux servers can benefit from Oracle Authentication Services for Operating Systems by being able to easily enforce consistent security and compliance policies across these systems.  For example, administrators and auditors can now centrally disable accounts or more easily report orphaned accounts, which helps ensure that administrator access is compliant with organizational policies.

Oracle Authentication Services for Operating Systems, part of the Oracle Directory Services offering, is based on open standards and includes the following features and complementary directory components:

• Tight integration with Pluggable Authentication Modules (PAM) on Unix and Linux operating systems, including Oracle Enterprise Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), Sun Solaris, IBM AIX and HPUX.
  
• Tools and scripts to configure both PAM and Oracle Internet Directory components for a simplified migration and native security between network endpoints. 
  
• Oracle Internet Directory, built on the Oracle Database, which securely stores and distributes data pertaining to users, groups, roles and entitlements across the enterprise.
  
• Oracle Virtual Directory, which accesses identity information contained in several identity sources and presents it to the application as a single data source.
  
• Strong and flexible password policy support that helps ensure users are selecting stronger passwords and changing them regularly.

Just as in the days of early world explorers, today's global business experience is "multi-lingual." To be successful, vendors must provide customers with products that operate in an ever-evolving heterogeneous environment.  This environment has a diverse range of products from a vast array of vendors.  If our solutions plug into this environment cleanly and perform well, then we will have earned our customers' confidence and will earn the privilege of providing additional products and services.

On an on-going basis, Oracle invests considerable effort and resources into global standards bodies.  We incorporate this out-bound activity into our core internal software development in order to produce the highest quality and most flexible solutions.  We are pleased to offer Oracle Authentication Services for Operating Systems as the latest example of this on-going commitment.

There's no getting around it.

I wrote in an earlier post about the rise and decline of the whaling industry in New England.  At the start, the point was primarily to feed one's own family from the meat.  If you'll recall, much of the early New England colonists' experience with whaling came from harvesting whales that had beached themselves on the shore.  Native Americans generously taught the early settlers how to flense the carcasses as they lay on the beach.

In addition to the meat, oil was boiled out of the blubber.  This oil was used to burn in lamps for illumination.  The only alternative at the time was to read by the light of the hearth fire or by using bundles of soft pinewood that burned hot and clear, but produced a very sooty black smoke.  The smoke dirtied all of the interior surfaces of the homes -- and people too!

Early recorded descriptions of the stranded animals tells us that most were "Blackfish."  These were also called a number of other names, but are commonly known today as "Pilot Whales."  The oil produced by boiling down the blubber made a far superior fuel for lamps than anything previously used.

As the early colonists became more skilled in the production of oil, they became more aggressive about actively pursuing blackfish off the shores of Massachusetts and Rhode Island rather than simply waiting for the occasional beaching.  As they went farther out to sea, the whaling industry as we know it was born.

But we're getting a little off the point of the story.

Anyone at all familiar with the story of the American Revolution knows the story of the Boston Tea Party.  This was not really a party at all, but rather a flagrant act of defiance of British authority.  Parliament had imposed an expensive tea tax on the Colonists who had no representation in Parliament and therefore had no means of appealing the legislation.

However, as it turns out, the independence-minded colonists didn't only object to British rule, but also to that of the Massachusetts Commonwealth's central government.  For you see, the colonists living along the shoreline weren't the only ones in Massachusetts to recognize the bounty of the sea that occasionally washed ashore and yielded valuable barrels of oil.  The Commonwealth had also recognized this and demanded its "fair" share of any whale that washed up onto town land to help defray the costs of the central government.  The Commonwealth share was roughly 30 gallons of oil from each animal.  This would be sent to Boston and sold to merchants for shipment to England where it was highly valued.  The cost of the supply from the Colonies was much less than from the alternative supplies from other European whalers.  The products and natural wealth of the Colonies were seen as the rightful entitlement of the British Empire.

The key qualifier in the rule about owing a portion of the oil to the Commonwealth was that the whale had to be found on town land.  In those early days, the shoreline basically fell into three categories: town owned, Native American owned, or unclaimed.  How would the local town constable or clerk know if one were to lash a rope to a whale's tail, tow it a hundred yards off shore and down the beach a ways?  When the rising tide erased all traces of the stranding (and subsequent towing), there would be no record at all to dispute the ownership of the sea's bounty.

This poaching extended across to Long Island.  The New Englanders on the southern coast of what is now Connecticut, Rhode Island, and Massachusetts would regularly sail across the Sound, seize stranded whales on the Long Island beaches, tow them back to their homes and claim them as their own.  As you can imagine, this created a very hostile relationship between Long Islanders of New York and the poaching New Englanders.  This attitude lives on today between the followers of the respective Boston and New York professional sports teams.

Today, the rules for complying with government regulations are not so simply eluded.  To the contrary, we are required to report out increasingly more precise operational details of our business.  Who, had access to what data at what period of time and for what purpose?  Was that person authorized?  Did that person have simultaneous access to data and applications in violation of segregation of duties policies?   

Answering these essential questions as demanded by outside auditors has become increasingly more expensive for global companies.  Change to business procedures that comes from within an organization in order to meet a strategic objective is relatively inexpensive to achieve.  On the other hand, change which is imposed from outside the organization, whether by changing customer needs, competitors' threats, or government regulations is the most expensive for any business to accommodate.  That is because these imposed changes do not take into account the existing infrastructure of an organization as a starting point.  Rather, they start with the end objective and force us to make systems comply in ways for which they were never designed.  This requires that any solution must be rich in its functionality, highly flexible to integrate cleanly with this infrastructure, as well as economical to deploy.

Oracle has spent a good deal of time over the past months listening to our customer requirements for Governance Risk and Compliance (GRC) solutions that are more comprehensive yet easier to deploy and operate.  Among other requirements, our customers tell us that they need solutions that provide:

• More functionality for flexible attestation reporting.
  
• Additional reporting templates to address common audit requirements.
  
• Graphical workflow design capabilities to more easily construct business rules for provisioning and approvals.
  
• Updated connector wizards and SPML support to more quickly and easily integrate new compliance functionality into heterogeneous IT infrastructures.

Oracle is pleased to announce the immediate availability of Oracle Identity Manager and invite our customers and prospects to visit here for more information.

As requirements for reporting audits become ever more demanding and sophisticated, our ability to easily assert successful compliance with government requirements will be ever more important to efficient operations.  This representation of the quality and discipline of our companies will not only meet these regulated mandates, but will also build a positive reputation for our companies with our business partners and customers.  Increasingly, companies will use high quality GRC best practices as competitive differentiators against those who must still rely on manual audit practices.

At Oracle, we listen closely to our customer requirements in one-on-one sessions as well as at public events.  As I've participated in our Security Summits over the past weeks, I know that GRC compliance is foremost in our customers' minds and I believe that this new release of Oracle Identity Manager will be welcomed as a valuable product to help companies spend energies on running their business and competing in the global markets and less effort preparing for an audit. 

There's a pond not far from my house.  I pass it each day on my regular walking loop.  This time of year, one can gauge the depths of the winter by observing whether the surface is iced over - and how thickly.  Years ago, this was an ice pond, meaning that teams of men would saw blocks of ice from the surface and horses would drag the blocks to a nearby icehouses for storage.  In the pre-Freon days of yore, winter ice was the only way to preserve perishable food during the hot summer months.

In the 1800's, icehouses lined the shore of the pond.  Each of them was insulated with winter grass in the walls and between the layers of ice.  Remarkably, these large blocks would last well into the summer months.  There was even a cargo of ice carried to the Far East by one of the New England clipper ships.  Exactly how much of the cargo actually survived the journey is not recorded.

Several years ago, a nearby boat club repaired a culvert under a road near their boat docks.  The stream through the culvert is now more of a torrent than anything else.  Twice a day, at the peak of tidal flow, the water roars through the culvert as thousands of gallons of seawater ebb and flow to and from the tidal marshes on the lee side of the road. 

Unforeseen at the time was the impact that this water action would have on the ice pond situated just at the edge of the marsh.  While the pond is fresh water spring fed, the fresh water content has now been overwhelmed by the tidal action.  The pond water is now brackish and also has tidal movement of about six to eight inches.  Thank goodness for modern refrigeration.

 -------

Each year, my wife and I try to get down to New York City a couple times a year for a long weekend.  What with family activities and other obligations this year, our usual trip during the holidays didn't happen.  One of the primary reasons for going is that we love Broadway theater and have been fortunate to see some great performances over the years.  The BEST way to do this is to take advantage of the opportunity is through the "TKTS" booths off Times Square and South Street Seaport.  TKTS sells same day, deeply discounted tickets for almost all of the Broadway performances.  If you are patient (the lines can be daunting) and go with a list of options, you can get really good seats and see great theater.

It's just as well that family commitments intervened, as the stagehands strike in late 2007 darkened the lights when we otherwise would have been able to go.

However earlier in 2007, we made the trek down on the Amtrak Acela Express from Massachusetts to Penn Station one Friday morning.  Given that it was more of a spur-of-the moment trip than long-planned, we hadn't researched the available shows ahead of time.  So, we ambled over to the TKTS booth Friday evening to see what was listed.  We intended to grab a bite to eat and wanted to discuss the options over dinner.

As we were reviewing the list, a woman approached us and asked if we wanted free tickets.  Now, I admit to an increased sense of personal security wariness and buyer's skepticism when in New York's Time Square, however the magic word ("free") pretty well got my attention and immediately engaged me in the conversation.

"What show?" I asked.

She replied, "Grey Gardens."

At this point, the TKTS person commented on what a great show this is.

"Did you say, 'FREE'?" said I -- still obviously stuck on the magic word and less concerned with dramatic quality.

She explained that she had purchased too many tickets and simply wanted to offer the extras to someone.

Long story short: I gave her some cash (random acts of kindness should be recognized).  We sprinted to the theater.  (The TKTS transaction took place 10 minutes before curtain rising.)  We found ourselves in the orchestra, eleventh row center section -- outstanding seats.

Very rarely does one have the opportunity to see truly great live performances.  This evening was completely and unexpectedly one such time.  Here's a synopsis from the web site:

"Grey Gardens [NB: LINK HAS SOUND] brings to life both the delightfully eccentric aunt and the cousin of Jacqueline Kennedy Onasis.  Once among the brightest names in the pre-Camelot social register, these two women became East Hampton's more notorious recluses, living in a dilapidated 28-room mansion.  Set in two eras -- in 1941 when the estate was in its prime and in 1973 when it was reduced to squalor -- the musical tell the alternately hilarious and the heartbreaking story of two indomitable women, Edith Bouvier Beale and her adult daughter 'Little' Edie."

Christine Ebersole played Edith Bouvier Beale (Mother Beale) in the First Act and the adult Little Edie in Act II.  Mary Louise Wilson played Mother Beale in the Second Act.  Both actresses won well-deserved Tony Awards for their performances.

After the show, we promptly bought the cast recording CD and have listened to it many, many times.  (Can you wear out a CD?)  It's not often that I'd see a show twice -- actually I've never done it.  But for the fact that "Grey Gardens" ended its U.S. run in July 2007, we would see it at least once again.

The heartbreaking story line unfolds in the Second Act when the effects of Mother Beale's controlling influence on the young Edie become apparent.  In Act II, when both are living together in the ruins of the once-grand home, Edie sings "Around the World" during which she alternately remembers once-precious "memorabilia" in wistful longing for good times past, and rages in anger against her present circumstances.  This was a powerful performance by Ms. Ebersole.

Another memorable Act II scene for me was "Another Winter in a Summer Town" during which Edie aches at the loneliness of her life and longs for happier times when she was a wealthy New York society debutant engaged to Joe Kennedy, Jr. before it all went so very badly.

As I've mentioned in previous postings, I live in a "summer town."  During this time of year, the opening refrain of the song is particularly poignant:

"Another Winter in a Summer Town

The renters go home
The maple goes from crimson to brown
Oh God, my God
Another winter
In a summer town
The beach is empty
They covered the pools
The patio umbrellas come down. . ."

Until I heard Ms Ebersole sing this, I never thought of winter as a sad or melancholy time.  I have always thought of it as a season for rest, reflection and preparation for Spring and Summer activities.  The show brought a new meaning to this time and this place for me -- all because of a chance encounter with a generous woman in Times Square.

I'll be going back to the City in a few weeks to participate in one of the Information Security Symposium sessions that Oracle is conducting.

During this event, I'm sure we'll discuss some of the unintended consequences of IT projects and how proper application of Security and Identity Management solutions can solve some of these problems.  Please consider registering for one of these events nearby.

I look forward to seeing you at this or another session.

Safe travels

I have always had a love of sailing.

As a young married couple, one of the first "investments" we made was a 14 foot Glastron Alpha sail boat.  Basically, it was an oversized Sunfish, familiar to anyone who has visited a seaside resort.  It had a modified gaff rigged sail arrangement.  The controlling lines were simple and easy to understand -- one to lift the sail and one to trim it in or out to catch the wind.  The setup was simple and allowed for a single person to rig and launch.  My wife was a good sport about it at the time, but later pointed out that we didn't have a spare nickel and had little business buying a boat.

The great thing about this boat was that, with no lessons at all, one could learn the ancient mysteries of powering a vessel by the wind.  By learning to tack, one could actually sail in the same general direction from which the wind is blowing.  Further, one could move fairly fast, heel over and generally evoke squeals of delight (or terror) from the crewmate along for the ride.

This style of boats is also forgiving of mistakes.  And, in any event, there's a short drop to the water when the inevitable gust of wind catches one by surprise.  Always wear lifejackets, boys and girls.

Despite my wife's initial misgivings, we owned the boat for close to twenty years.  Each summer we'd tow it behind the car down to Cape Cod.  Each of our three children learned to sail on it -- a wonderful skill to be able to provide them.

So, I suppose you can guess where this is going.  As life moved along, we (really I) concluded that a 14 foot day-sailer wasn't nearly big enough for the family.  As luck would have it, a 27 foot Catalina came on the market in the next town over.  The first of the two happiest days in a boat-owner's life soon followed: the day you buy it.

The Catalina is a very nice family boat.  This one happened to have been completely upgraded for racing.  High performance winches, really good sails, electronics, and the list went on.  The owner was moving to Utah and was, as they say, "motivated" to accept the only offer I could afford.

We sailed out of Salem harbor on Massachusetts' north shore.  This is a well protected, yet large harbor area with Manchester to the north, Baker and Misery Islands to the east and Marblehead Neck to the south.  Occasionally, if the wind was right and the day promising, we'd head further south toward Boston harbor or southeast off Gloucester.  It was a great family experience.

My first and last sails were with my oldest son.  On the first, we foolishly picked an ominous day, with low clouds scudding across the harbor and foam spraying off building whitecaps.  Wisely, we didn't last long.  On our last day, we had sailed south to Boston on a broad reach and then came about to head home.  We were close hauled on a port tack and had the boat trimmed so well that we could take our hands off the tiller and she didn't veer even one degree off course.  The boat was happy and we were thrilled.  Although more than ten years ago, I remember the moment as yesterday.  It was truly magical.  We sold her shortly thereafter (the second happiest boat-owner's day).  The last of our children had left for college, I lost my crew, and the time had passed for sailing.

I build wooden model ships as a hobby.  I've done three thus far.  These are referred to as "plank on frame" construction from kits where the individual hull planks are bent, one by one, usually in two layers, over a frame.  Following this, the superstructure is built (railings, masts, deck hardware, cannon carriages, etc.), followed by rigging the masts.  The last step takes many, many hours to complete.  The standing rigging consists of a hundred or more lines, each one takes about ten to fifteen minutes to dry-fit, place, and tie off.  The finished model is anywhere from twenty to thirty inches in length.

I find it very relaxing, but can only do it for relatively short stretches of time.  It takes a lot of concentration, and even with magnifying goggles, the eyestrain counterbalances the relaxation after a couple hours.  The first one I made was from scratch using solid hull construction.  Next came "The Wasp" from a kit about 15 years ago.  Once I finish my current project, the "Half Moon," in a couple more hours work, my next will be the "Charles W. Morgan."

Other than the pure pleasure of building the ships, I also frequently find myself imagining what it must have been like to actually sail a square-rigged ship.  They were vastly more complicated than either of the two I sailed, even though the basic principles of moving a vessel through the water with wind power are identical.  Some clipper ships had over twenty sails.  Even slower working ships like the whaler "Charles W. Morgan" would have more than a dozen. 

Each of these sails would have upwards of nine or more individual lines to lift, trim, and set to the wind.  In Eric Jay Dolin's book Leviathan: The History of Whaling in America, the author describes the novice deck hand's experience:

One of the most daunting tasks was becoming fluent in the language of the sea.  Every part of a ship had a name.  The green hand not only had to know where to find the bowsprit, the jib boom, the catheads, the lower deadeyes, the fore-topgallant mast, the spanker, the booby hatch, the lashing rail, the hawsepipe, and the mizzen yard, but also what they were for.  Every one of the ropes in the rigging, which at first glance must have looked like a distressed spiderweb, had a name and a function, which had to be memorized, as did all the many sails the ship carried.

This book, by the way, is a gripping history of the New England whaling industry from early on-shore harvesting of stranded pods, to multi-year journeys yielding thousands of barrels of whale oil, to the declining days precipitated in no small measure by the indiscriminate decimation of the Pacific whale population.

The experience of sailing one of these ships was at once exhilarating and terrifying.  Running before a stiff wind, galloping across the peaks of the ocean waves with the sun on one's face must have been thrilling.  That memory would have faded quickly when the seaman was clinging to a bucking spar thirty or forty feet in the air, during a freezing, howling gale, chopping ice from the lines and sails in order to set them while passing through the Straits of Magellan around Cape Horn.  On the outward leg, they were sailing east to west into the prevailing wind of the "Furious Fifties" -- latitudes below 50 degrees -- where the storms are frequent and seamen with careless footing or hands too frozen to grip the mast were quickly swept away in the frigid water before they even reached the Pacific whaling grounds.

For the past several months, I have been visiting U.S. cities to present Oracle's strategy for Oracle Fusion Middleware to current and prospective customers.  I really enjoy interacting with customers, learning of their business challenges, understanding what solutions they are seeking, and relating Oracle capabilities to these requirements.  The objective of the presentation is to map our Oracle Fusion Middleware strategy and directions directly onto the challenges that our customers experience and urgently need to solve.

While on the plane traveling to and from these meetings, I've had a bit of time to reflect on how history and the human experience tend to repeat.  You have doubtlessly heard the expression: "Those who don't study history tend to repeat it."  However, I believe that our very human nature requires that we solve problems in ways that are intuitively familiar.

Square-rigged ships solved the problems of power versus speed versus variable wind direction by creating an assembly of specialized sails -- each designed to a specific purpose to compliment the whole for optimal effect.  The same principle applies to software today.

Years ago, I worked for a small New England software company that created a truly leading-edge workflow product.  It was messaging based, utilized a graphical workflow creation interface, and had easy integration capabilities.  While somewhat successful, it never really achieved "breakout" status.  I've come to understand that the reason for this was that it was, fundamentally, a stand-alone, niche product.  It was, while unique and attractive, a single-purpose tool.  It functioned well enough and was easy enough to deploy.  However it lacked the sophistication and power that comes from being well integrated within a larger suite of complementary functions.

Today, Oracle offers a BPEL (Business Process Execution Language)-based workflow function well integrated within Oracle Fusion Middleware.  Today, I use many of the same words in my presentation as I did years ago to describe the business solutions for which this workflow is well suited.  Yet, a dramatic difference is the synergistic power that is realized when such a tool leverages other equally powerful and complementary features throughout the suite.  This synergy is one of the primary reasons why the Oracle BPEL Process Manager has been so rapidly adopted by our customers.

This is made possible through Oracle's strong adherence to the principles of Service-Oriented Architecture in our product design.  By doing so, we enable our customers to leverage a vast array of functional capability in ways that is only limited by the imagination.

Years before the workflow product, I worked on Wang's Document Imaging products.  We had originally intended to create specific vertical market "applets" for Medical Records, Insurance Claims, Loan Origination, and the like.  A very smart industry analyst told us, "Spend the effort to make the product as flexible as possible.  Your customers will leverage that flexibility to build solutions that you never dreamed of."

Now, years later, Oracle Fusion Middleware is providing exactly that kind of flexibility because of its rich functionality, slavish adherence to industry standards, and integration with Oracle's business applications and database.

An area of the Oracle Fusion Middleware that is of particular interest to me is Identity Management.  Because of the flexibility of the suite and our compliance with industry standards, customers have been able to select the particular solution they require and then gradually expand to other areas as the initial "pain point" is addressed.  I continue to marvel at the momentum with which our acquired Identity offerings hit the ground.  History has repeated itself again and again, as these highly capable stand-alone products achieve synergistic leverage with the rest of our Identity Management suite.

As a result, I think that we will see some emerging trends in the coming year:

• Enterprise deployers will have integrated "identity silos" through Virtual Directory access methods.  These deployers will have achieved significant benefits from establishing disciplined Single Sign-On and Access Management practices.
  
• These deployers will continue to leverage automated provisioning to achieve more rapid user productivity and more rigorous controls over user access to applications and data.
  
• Enterprise deployers will turn their attention in a more focused way on compliance solutions addressing industry and regulatory requirements.  These solutions will begin to reverse the reactive position that many companies have been in with respect to compliance issues.  This reversal will enable them to use their compliance practices as competitive differentiators of a high-quality organization.
  
• This last point will impact partners of these market-leading firms who will be required to measure up and prove their own best practices to maintain their partnership status.
  
• Finally, because we are in a connected world, these practices will drive a global trend towards rigorous compliance audit reporting across all industries, as well as private, and public sectors.

We all need to overcome obstacles in order to be more productive in our work.  Whether it be sailing into the teeth of a gale, or competing fiercely in a twenty-first century global market segment, we need to use the same principles today as before: assemble a suite of flexible tools that meet the challenge in ways that are unique to strengthen one's own competitive position.

My family has always had a close connection to Cape Cod.  For all the years when our children were growing, we vacationed on "the Cape" as it's known to anyone in the five New England States.  It was nearby, inexpensive, family-friendly, and familiar.  It has great beaches, restaurants, and affordable rental houses close to the water.  Also, we have always admired and felt closeness to the hearty sprit of the year-round residents.

Throughout the years, Cape Codders have always been "hard core" New Englanders.  They were, after all, the descendents of the first pioneers off the Mayflower.  There is not much at all to sustain a local economy on the Cape.  Therefore, the locals have had to rely on their own ingenuity and hard work to secure a steady revenue source to provide for their families.

Three notable examples of such industries were whaling (discussed in an earlier post), manufacturing salt through a complicated evaporation process, and cranberry bogs.  The salt works were used primarily for preserving meat.  Finding cheaper salt sources by mining and the advent of refrigeration made the process obsolete.  Cranberry bogs are still scattered here and there, however large-scale cranberry farming has moved to other states that have vast tracts of available land near the sea.  Most of the Cape's seaside land has sprouted another indigenous phenomenon -- the "trophy house" with million-dollar views and price tags to match.  These are far more appealing to developers than a few bushels of cranberries.

We had a small sailboat that we would trailer down and launch from the town ramp in Sesuit Harbor in East Dennis.  "Harbor" is perhaps a bit misleading, considering the small size of the place.  So, I was surprised to discover recently that previous occupants of that same harbor would have dwarfed my little boat.  Moreover, I have since learned that the place is steeped in sailing history that I never would have imagined could have come from such an unassuming place.

As will happen, innovation was born of necessity.

In late 1848, a discovery on the other side of the U.S. continent would again provide an opportunity that innovative "Capers" would seize upon -- gold.  When the California Gold Rush began, the supply of men looking to find instant wealth lying in western mountain streams far outstripped the supply chain to provide these men with sustaining provisions.  Many arrived by jumping ship from whalers or by horseback, having nothing but the clothes on their backs.

The challenge was to provide flour, meat, shovels, picks, nails and other construction necessities to these thousands of men in a way that was both timely and profitable.  Overland routes were useless.  It would take six months or more to get material from the eastern U.S. to the West using wagon trains.  Even then, many mountain routes were impassable in the winter months.  The only realistic way in this pre-Panama Canal era was to sail around another Cape -- Cape Horn, at the southern tip of South America.  This cape is the southern-most of all the Earth's continents and is wickedly treacherous to sail because of the extreme weather and sea conditions.  This route was far longer, and, in many ways much more dangerous than going overland.  However, a fast ship with an experienced captain and crew could make it in a matter of weeks.

Seizing on this opportunity, the three sons of the accomplished sea-captain Asa Shiverick, David, Paul and Asa Junior decided to make their contribution to Cape Cod's sea-faring tradition by building ships that other captains like their father would sail.  Thus was born the Shiverick Shipyard.  They would build not just any ships.  Rather, they would build "clipper ships," the greyhound cargo vessels of the sea.  These were large, heavy ships with sleek lines and many sails to drive them as fast as possible.  Lots of sails made for complicated and expensive rigging.  In some ways one could think of these builders as early venture capitalists.  They had to find the money to build and outfit the ship.  Find a competent crew.  And most importantly, find a captain to whom they would trust this huge investment.

Eight ships were built and launched from the yards during the years that it operated: Revenue, Hippogriffe, Belle of the West, Kit Carson, Wild Hunter, Web foot, Christopher Hall, and Ellen Sears.  These ships were world-renown as the fastest of their kind.  So much so that the most important "competitors" in the world -- British ship-builders from England -- sent engineers to examine the lines of the ships and to try and discover what made these boats from a humble Cape Cod ship-yard, situated on tiny Quivet Creek in Cape Cod Bay so incredibly fast.  One of the Shiverick Clipper ships fully paid for itself on its maiden voyage; so lucrative was the California trade.

At the dedication of the commemorative stone and plaque that marks the site of the Shiverick shipyard, Captain Thomas Franklin Hall, one of the last surviving clipper ship captains said:

To understand clearly the high standard reached in developing those ships, it should be remembered that they were built during the years when the American Mercantile Marine was in the very zenith of its fame and glory. . . .

When, therefore it is realized that ships from the Shiverick yard were not only equal, but in some technical respects, superior to any in the American fleet, it is more than gratifying to local pride;. . . It was a masterful undertaking. . . to establish such an enterprise in such a quiet spot, on the banks of such a small stream.  Yet it is due entirely to the modesty and reticence of those giant intellects that this village is not renown for the masterpieces it sent out. . .

Those were great years; great events; great men.[1]  

The gold rush was an inflection point for shipping technology.  Prior to 1849, long-range shipping to the Orient was important to be sure.  However, there was not the urgency required of cargoes of silk and spices that equaled that of flour and shovels for the "Forty-Niners," as the gold rush participants came to be known.  Clipper ships were known to be fast, but now they needed to be even faster and built in greater quantities to meet the market demands.  That market need drove shipping technology to the next level in order to meet the need.  Ship builders started to "standardize" on similar building designs, techniques, and rigging in order to maximize efficiency across the entire development and operating process.

The Identity Management (IdM) market is at a similar inflection point. 

I was privileged to host a "Concordia" workshop at the recent Catalyst Conference in San Francisco.  Concordia was initiated by the Liberty Alliance as a neutral forum to discuss deployers' needs for interoperability among various identity management technologies.  Concordia is named for the Roman goddess of marital harmony.  We hope she will be an inspiration for similar harmony in the IdM space.

Participating in the workshop were five deployers: AOL, The Boeing Company, the Canadian Province of British Columbia, General Motors, and the U.S. General Services Administration.  Each of these organizations described their experiences in deploying IdM, difficulties that they had to overcome because of lack of standardized interoperability, and some of their forward thinking plans for additional deployments. 

On the technology panel listening to these deployers' needs were experts from the leading IdM standards space: WS-*, Liberty Alliance/SAML, and OpenID.

I think it is fair to say that these future roll-outs are somewhat impeded by the lack of existing clean interoperation among these technologies as well as a lack of clear direction for how these initiatives with work in harmony with each other in the future.

Permit me to use this venue to sincerely thank all of the participants -- both on the deployer panel as well as the technology representatives.  I was impressed by the collegiality of the discussion.  I was glad to see that all of the panel participants as well as the audience were thoroughly engaged and were genuinely interested in how to solve the issue going forward and willing to commit to work toward that goal.

Those of us who organized the workshop encourage everyone to review the deployer presentations that have been posted, common requirement themes that emerged from the sessions, as well as the key next steps that were captured as desirable outcomes of this effort.

We also encourage everyone interested in this dialogue to join the discussion on the Concordia wiki site.  Suggest approaches to solve the issues along with concrete next steps that Concordia should take.

This is an exciting time for IdM standards development.  The presence of these leading IdM deployers and implementers in one venue to discuss common requirements and expectations is also an inflection point for the IdM marketplace.  Harmonization among standards is essential for implementers and deployers in order to grow the market and achieve the potential that we all seek.

It's been very cold and dry where I live -- and very quiet as well.  Early in the morning last week I saw a coyote walking down the middle of my street.  A few days before, a red fox preceded me on my walk.  Every hundred feet or so, he'd stop and look back as if to make sure that I was paying attention to him.  His coat was beautiful and glowed in the sunlight.  After a quarter mile or so, he took a right turn and I took my usual leftward way home.  It was a nice and peaceful experience.

Although it's been unusually cold (after an unusually warm stretch), we haven't had any snow to speak of.  Nature seems to be a bit turned on its head this year.  I've been up North to spend time together with the family while the younger of the clan skied and we wiser ones awaited their return in the warmth of the lodge.  But around my home the ground is bare.  Not even enough for a sleigh ride through the woods.

The thought of sleigh rides got me to thinking of another New England industry during the early 1800's -- whaling.  The term "Nantucket Sleigh Ride" refers to what happens after a whale is harpooned.  The whaleboat, a little over twenty feet in length was dragged behind the whale, sometimes for miles, out of sight of the mother ship.  It was wild and extremely dangerous work that was repeated a hundred or more times during each voyage.  Since many of the whale-men were from coastal New England towns, the name of this breathtaking ride was ironic, yet familiar.

So, I spent some time this weekend in New Bedford, Massachusetts, prowling through a few antique stores and spending time at the New Bedford Whaling Museum.  What a great set of exhibits!  My favorite was the Lagoda.  This is the largest ship model in the world, built in 1915-1916 and is lovingly cared for by the museum.  It is built to one half scale and is authentic down to the deck planking nails.  I also "discovered" that the height of the deck "skids" where whaleboats were stored overhead, helmsman shelter, and Captain's quarters were also to accurate scale by regularly bumping them with my head.  Nevertheless, it was very interesting and well worth the visit if you are in the area.  It's only a little over an hour from Boston.  At its peak in the mid-1800's, New Bedford was the fourth largest port city in the U.S. and a very wealthy town -- all because of the whaling industry.

It was also a sad day in the museum.  Later that day, the New Bedford fishing community was scheduled to hold a reception after the memorial service for the fishing crewmen recently lost at sea.  Across the street from the museum at the Seaman's Bethel, one is reminded of these tragedies that have reoccurred with regularity for the past two hundred years or more in this town (among others) whose livelihood has been so closely linked to the fruits of the sea.

This is the same Bethel made famous by Herman Melville in Moby Dick.  It is generally accepted that the story of the great white whale ramming and sinking the Pequod was inspired by the true story of the "Essex." This whaler was indeed rammed and sunk by a sperm whale in 1920 leaving the crew stranded in the middle of the Pacific Ocean in whaleboats.  The whale repeatedly raced into the side of the ship and then the bow with its huge head, driving the ship backward as seawater poured over the stern and filled the hold.  The story of the Essex was well told in In the Heart of the Sea: The Tragedy of the Whaleship Essex by Nathaniel Philbrick.  A very simplified version is here.

Whales were hunted (almost to extinction) in the early-to-mid 1800's for three primary by-products: whale oil,  baleen, and spermaceti.  Ambergris was another more rare by-product primarily used in the manufacture of perfume.

Whale oil was valued as smokeless fuel for lanterns and was far better than tallow candles for indoor lighting purposes in those pre-petroleum days.  As the industrial age was kicking into high gear, spermaceti from sperm whales was used as a very fine lubricant for clocks, watches and factory machinery.  Baleen from right whales was the plastic of its day, used primarily in corsets, parasols, and buggy whips.

Whaleships were constructed with keen awareness of the ships' primary purpose: to bring back as many barrels of whale oil as possible.  The decks are less obstructed than other sailing ships in order to be most efficient when doing the messy work of flensing the whale and boiling the blubber into oil.  Here are photographs of the "Charles W. Morgan" at Mystic Seaport Museum, a fabulous recreation of a New England sailing town during the 1800's showing the deck relatively free of clutter.

This was dangerous work indeed.  The walls of the Seamans Bethel are lined with memorial plaques dedicated to the memory of men lost at sea.  Many men were poor with no other options, runaway slaves, or fugitives from the law.  Still others had sea-faring in their blood, having come from long lines of sea-going men.  Signing up for a whaling voyage meant that you were at sea from three to four years.  Common sailors lived crammed into quarters with a ceiling height too low to stand fully erect. 

An individual whale might yield a hundred barrels of oil.  Returning with two thousand barrels was considered a good voyage.  On one of its last voyages, the "Sharon" produced over 5,000 barrels with a market value greater than $100,000.  The owners took 50%, the captain 25% and the rest was allocated by seniority and value of the man's work.  The common seaman would earn perhaps 1/100 share or less.  On the Sharon's voyage, this would have been serious money in 1851.  However, the typical voyage yielded far less results, earning only a couple hundred dollars for the seaman after all that time at sea.  From these earnings were deducted food rations, clothing, and any advances that the seaman had negotiated in order to feed his wife and children while he was away.  And, these advances were often lent at usurious rates of 25% to 100%.  In some cases, the life was one of virtual indentured servitude.  The only escape for many common sailors was desertion on a South Pacific port of call -- or death.  Typical of many men, Captain Nathan Smith went to sea as a teenager, spent 35 of his 51 years alive at sea and, during his sailing career, was only with his family for a total of five years.

Provisioning in those days was a serious business requiring detailed allocation of space, balanced against the storage requirements for the full barrels.  On the outward leg of the voyage, the ship's hold was filled with necessary goods for the anticipated three to four years at sea when the ship would have to be almost completely self-sufficient.  The hold would have been filled with spare parts: spars, lines, sails, food, as well as barrel staves and hoops.  The barrels for storing the oil weren't actually assembled by the ship's cooper until the whales were captured.

 </