More James McGovern Q and A

James was nice enough to ask more questions -  though I'm still curious as to how he thinks we specifically trail Microsoft in open-source contributions.

So here for the enjoyment of the readers is my response:

Maybe you could share on your next posting exactly how allowing closed source Oracle databases on the Amazon grid is open source?

[MEW]  I realize I should have clarified that point better. What I meant by this is that if you are a developer who needs to test your code against Oracle DB - there is not much easier way than using one of the pre-built EC2 images. Assuming you meet OTN requirements - you are probably only paying for EC2 fees. Which is still likely cheaper than having your own servers. I would think as an "enterprise architect" you would understand the value of this approach over having your developers having to become experts at installing Oracle database. And while sure you could have DBA's do that - it's still probably quicker/more flexible to do this (in particular for any research type work, or training on a new language/framework) than internally.

Likewise, there is a difference between open source and open specifications. Are you willing to say that all reference code will be of production quality?

[MEW] I don't know what you mean by production quality. I don't mean that to be sarcastically but rather a reflection that it is a relatively subjective question. What I can say is that code that we do contribute to OpenLiberty from our dev team will have gone through at least our base level software development process which includes design review, code review and automated regression tests. This is not to say that any identity attribute service on OpenLiberty will be 100% the same as Oracle's production version. Because we will be adding functionality to make it an actual product (such as UI and integration with Oracle audit/logging framework for example) that will not be part of the Project Liberty. But OpenLiberty is well, um, open - so you can participate as well.

Sun has open sourced LDAP. Would you as a product manager advocate the  same for virtual directories?

[MEW] Let's take a step back here. Sun did not open-source LDAP :). They have an open-source project that wrote from scratch an open-source ,storage-based LDAP server in Java. It's not the first open-source LDAP (UMichigan & OpenLDAP have that claim), nor the first open-source Java LDAP (even Apache isn't the first, but it's the longest-running) and heck even their C-based version was effectively open-source via the Fedora Directory Project. I am not sure why anyone at Sun thought starting from scratch was a good idea.  At the moment we are still able to grow the adoption of OVD (and OID), are able to improve upon the core product via customer feedback and have a plug-in API that allows for customers (whether themselves, partners or Oracle consulting) to extend the product to meet their needs - so I don't sense a valid reason to open-source OVD. I obviously cannot speak for any other virtual directory vendor/project.

OK, Kim Cameron of MS paid for implementations of Cardspace on other platforms in which MS is simply attempting to improve the ecosystem and won't make a cent off it. In many ways it actually competes with its own offerings. What is the Oracle equivalent?

[MEW] Microsoft has produced open specifications, a few examples and started the Information Card Foundation (which we are a member of) to help drive adoption of Information Cards.  I would argue we are on the same path on IGF via Open Liberty.  Except that since our work is done via Project Liberty we can avoid the need to create yet another foundation. The biggest difference is that since IGF is more middleware based, the visible bits have been slower to show though that is starting to change as you can see from Phil Hunt's (our lead technical person for IGF standard) DIDW presentation. And as mentioned in that presentation - we are releasing the IGF Attribute Service API as open-source (this is new code). The API will have at least 2 provider implementations - one using OVD (which I'm responsible for and is planned to be a core component of Fusion Middleware & Fusion Applications) and one based on Project Higgins. This is an open project - so you are welcome to go learn more.


One small correction: Microsoft did not start the Information Card Foundation. A community of architects and designers including the creators of the Higgins Project created the organization before inviting any corporations to join. The consensus of this community was that the visual metaphor of a digital wallet and cards shared by The Higgins Project (which included open source components contributed by engineers from Parity, Novell, Oracle, and IBM) Microsoft CardSpace, and other researchers, is the best way to present controls for identity and personal information to the widest possible user base. The merger of these efforts along with other components that can benefit from standards protocols now underway at OASIS, makes ICF a common effort by many forward-thinking companies who want to make the Internet a safer and simpler environment for all transactions. The decision by Microsoft to join the ICF was a great step for the industry to advance toward a common unified way for users to wield trusted verified claims.

Posted by Charles Andres on October 08, 2008 at 11:38 PM PDT #

Post a Comment:
Comments are closed for this entry.

This is the blog for Oracle Consulting Security North America team. Edited by Mark Wilcox - Chief Technology Officer for Oracle Consulting Security - North America.


« February 2016