William Vambenepe has some keen observations about requirements here in this post about Cloud computing:
There are three types of user requirements. The Animoto use case is clearly not in the first category but I am not convinced it’s in the third one either.
- The “pulled out of thin air” requirements that someone makes up on the fly to justify a feature that they’ve already decided needs to be there. Most frequently encountered in standards working groups.
- The “it happened” requirements that assumes that because something happened sometimes somewhere it needs to be supported all the time everywhere.
- The “it makes business sense” requirements that include a cost-value analysis. The kind that comes not from asking “would you like this” to a customer but rather “how much more would you pay for this” or “what other feature would you trade for this”.
When cloud computing succeeds (i.e. when you stop hearing about it all the time and, hopefully, we go back to calling it “utility computing”), it will be because the third category of requirements will have been identified and met. Best exemplified by the attitude of Tarus (from OpenNMS) in the latest Redmonk podcast (paraphrased): sure we’ll customize OpenNMS for cloud environments; as soon as someone pays us to do it.
I can absolutely attest to point number one as it pertains to standards groups. But its point number three that I wanted to highlight as it relates to a theme I have been discussing a lot lately. Namely that IdM is messy because enterprise software vendors in general won’t externalize identity in their products beyond AD authentication.
Now I am not implying that enterprise software vendors are lazy. Rather it’s a matter of priorities. Enterprise software vendors typically have a backlog of feature requests and fixes that they need to work on. The ones that they get asked for the most, or that they feel will give them competitive advantage, that will get the priority.
Like William says, it’s not whether the customer wants a feature, but how much are they willing to pay for it and what other features would they give up in exchange.
Dave Kearns believes that if there is an IdM roadmap laid down, vendors that implement it will “reap the rewards” and those that don’t will be destined for “where are they now”. Perhaps Dave is right. But history shows us quite the opposite. Look at strong authentication for example. Despite dramatic reductions in cost and increased options, despite all the experts’ advice, and the presence of a solid roadmap, the vast majority of authentication in enterprises is password-based. And very little enterprise software supports strong authentication out-of-the-box.
So what will it take to spur enterprise vendors to support externalized identity? I really don’t know. Yet.