IBM hosted a mashup summit in their San Francisco office today, featuring a number of companies enabling enteprise mashups or interested in expanding into that area. In attendance was:
The goal of the day was to bring together companies and people in the mashup space and identify some areas we could work together to define and refine what could be called a mashup stack. I had to leave a little early to get to a meeting at Microsoft but from the presentations in the morning and afternoon there were two very obvious areas for collaboration.
The one topic that came up in every presentation was security, or more specifically the lack of an integrated and federated identity management, authentication, and role management service offering that mashups could take advantage of to avoid having to manage user credentials and authentication.
This is a significant area given the fact that mashups depend on being able to authenticate 2 or more service components from multiple vendors. What this means is that the mashup platform holds the responsibility and risk for maintaining the integrity of user supplied credentials, and that’s if users are comfortable giving them to you in the first place. There’s no getting around this, we as an industry need to embrace a better security model to enable reliable and secure access to web services without requiring users to store their usersnames/passwords on someone’s site in order to do it.
The other topic that was less thoroughly talked about but is very important to this whole concept is data formats. People are quick to say "well it’s XML so the schema travels with the data stream" which is all true but misses the point that it’s still denormalized and someone has to do a data tranformation in order to get it from one service to another. In a way of thinking, mashups are an evolution of ETL as much as SOA.
Current data formats are not adopted across a broad range of services so they are neither accepted nor ad hoc standards. Web service vendors are more or less left to their own devices to develop data formats and that is currently an inhibitor to delivering more complex mashups. Microformats.org is a place to start but ultimately it will take web service vendors actually embracing these formats and putting them to work.