Grasping at loosely coupled lightweight-ness

By January 8, 2009glue conference

I’ve been thinking about two different Glue topics along a similar line lately: identity and WOA. Filing this under “credit where credit is due,” my thinking has been largely inspired by the good folks over at Burton Group — as Anne Thomas Manes put up a barn burner of a post about SOA being dead, and Ian Glazer pulled me into thinking about SPML, SAML and that whole mess all over again.

I’m not sure how to deal with this exactly, so let me begin with the separate topic areas.

1. Identity: When I say “identity,” I know what that means to me. I helped to start Digital ID World, and spent a good amount of time being pretty heavily involved in understanding “identity.” But that “identity” sense is thick with enterprise requirements. Identity (to me) means things like SAML (security assertion markup language), and SPML (service provisioning markup language) and concerns around liability in federation, and BIG enterprise projects that take 36 months to implement, etc. That’s what “identity” has been to me since about 2002.

The advent of software as a service and the rise of things like OpenID are changing that a bit. I know when Brad Feld speaks about how screwed up identity is online, he’s referring something pretty different than my sense of identity. So what’s the difference? Is it RESTful identity vs. SOAP-based identity? In some senses, yes. But I think the defining characteristic isn’t a programming choice – it’s a “loosely coupled” choice.

My 2002-2008 sense of “identity” (and really I mean “identity management”) is VERY tightly coupled. When you implement an identity management system, or build a federation, that’s just the nature of the beast. Brad’s sense (or so I gather), and the sense of folks that are more on the SaaS and Internet Identity side of things is much more loosely coupled. And beyond that, probably much more driven by what you can *do* with identity versus simply managing identity’s properties and authorizations.

2. SOA: While I’ve never “worked” in the SOA movement, I’ve certainly followed it. My sense (as an outsider) is that SOA is falling along the same lines as my experience with identity. Which is to say that while SOA traditionally is very tightly coupled and technology/protocol focused. WOA (web oriented architecture) is much more loosely coupled and “what can we do” focused. (sidenote: yes, I know the irony of saying that SOA is “tightly coupled.”)

When I start to put those two pieces together, I can feel some of the “meta-themes” of Glue emerging: focusing on what we can do (versus a protocol-centric discussion), and really getting down to what it truly means to be loosely coupled.

1. What can we do focus: Have you ever worked in a big protocol group (an OASIS type of group) – you know a “standards setting” body? It’s an exercise in frustration. And they rarely work. Not that we haven’t had great things like SAML come out of bodies like that – we have. But it’s a slow, plodding, maddening exercise in rule making and engineering perfection seeking.

Contrast that with the feeling I get when developers just go “build something.” They grab pieces of what works and slap them together to achieve an endpoint of functionality as fast as they can. Why? Because they want to *do* something with what they’re building, not simply engineer the world’s perfect spec for authenticating third party sites around height and weight attributes (or whatever). That “do something” sense of urgency seems to result in a light-weighted-ness that will always evade the standards bodies.

2. Loosely coupled: do you know what “loosely coupled” means? I mean, I know it makes good copy for a tech article or a book title, but do you know what it means? Yea, I didn’t think so – me neither. Still, it seems that we now live in the era of the API — or maybe I should say the era of the badly done API (depending on your take). The stuff that happens between APIs, and the stuff that dealing with APIs means once we back into applications is really an unknown quantity in most corners. My suspicion (and I’m not a developer, so I might be way off) is that the essence of being loosely coupled lies in between our APIs somewhere.

Okay, so stir all of that up in your head for a minute. Now realize that when Glue seeks to address topics around “identity” or “web oriented architecture” (WOA), we’re both trying to A) wrap our heads around some emergent, meta-qualities that the topics have in common and B) simultaneously dive deeply into what it means to make those isolated topics work together in service of *doing* something.

Glue is not about topics for topic’s sake. We can’t be a “virtualization” or “cloud” or whatever confernece — because Glue isn’t about the static state of exploring the new tech buzzword. Glue wants to drive toward what happens between those topics — between the cloud and WOA and identity (and a whole host of other things). As I’ve said before, it’s the *between* that really matters here.

And maybe (just maybe), in the course of focusing on that, we’ll begin to uncover some emergent, meta-topics. I’ve badly phrased these first two (and rambled on for far too long), but call it a start.