Curated for content, computing, and digital experience professionals

Day: February 21, 2005

RedMonk’s Look at Compliance Oriented Architecture

I will start with an analogy.

A long time ago, before XML had been invented and when SGML was a new, radical idea, I often found myself having to explain how SGML was different from the kinds of typesetting codes and other markup that were already familiar to people in publishing. The reason that I was in this spot was that my business partners and I had created a product that produced SGML markup. But nobody, as yet, knew why they would want SGML, much less our product.

The analogy that seemed to work best had to do with cakes and recipes for cakes.  If I give you a cake, all you can do is eat it.  But if I also give you the recipe for the cake, well, then you can bake one for yourself, or
make a bigger one, or a sweeter one, and so on.  SGML was like having the recipe.

Well, it is a wonder that anyone knew what I was talking about. Maybe the pitch worked  because people liked cakes. I suspect that some of them got stuck on the image of eating a cake and then came away with warm feelings about our product. Anyway, what I was trying to get after was the value of abstracting rules. You can deal with the thing (the cake), but you have a lot more power and  flexibility if you deal with the rules for making the thing.  Control of product is great, but control of process is even better.

Which leads, of course, to compliance.

James McGovern sent me a trackback ping from one of his blog entries in which he references a paper by Stephen O’Grady of RedMonk titled “SOA Meets Compliance: Compliance Oriented Architecture.”  The paper came out last summer, but was new to me, and may be new to you.  It is a good read.

You should read the whole paper (it is free), but here is the argument in a nutshell:

  • Many companies are taking a “project” approach to compliance requirements.  So, SOX compliance becomes another Y2K problem. And HIPAA (Health Insurance Portability and Accountability Act) compliance becomes an entirely different project–yet another Y2K.  At least with the real Y2K, there was only one of them …
  • This is bad news, since, unlike Y2K, SOX or HIPAA are never “over.”
  • This is also bad news because each compliance “project” tends to stand alone–separate resources, costs, and headaches.
  • But, in fact, many of the same kinds of information and views of that information are required for the different compliance efforts.

So, the RedMonk paper proposes a “Compliance Oriented Architecture” or “COA,” — a specific instance of a services oriented architecture — so that companies can address different compliance requirements with a single investment in compliance services.

The proposal is another instance of the importance of focusing on the recipe, not the cake.  Rather than rushing off to the store to get all the ingredients for one cake, and then heading out a second time to buy more ingredients for a second cake, you realize instead that there are common ingredients.  With a little planning, you can maybe even bake both cakes at the same time.  (I’m hungry already …)

O’Grady describes the COA as emerging from a “radical–even heretical–notion.”  The heresy is the assumption that there are services that are common to the different regulations with which companies must comply.  The heart of the paper is a table in which O’Grady sketches out a starting list of such core services along with vendors and products that offer these services.

He may be a heretic, but I am sure that O’Grady is right about his core assumption.  Using the old arguments for SGML as an analogy again, the key here is to enable “reuse.”  Companies must move toward
architectures that can support many compliance applications with from a single system.  As with SGML, the key to value is in looking at the process, not the product.

So, it is a good paper.  But I have a misgiving about the focus on “compliance” in “Compliance Oriented Architecture.”  I can see where O’Grady is going … wanting to get companies to stop thinking of SOX, HIPAA, and other compliance requirements as separate projects — seeing them instead as instances of one, bigger thing.  But I wonder whether we shouldn’t perhaps go for something even larger … “Governance?” “Internal Control?”   My discomfort is with “compliance” as a primary objective.

Another analogy:  When driving a night, I “comply” with the 45 mile an hour speed limit on the five miles of narrow road leading  down the peninsula to my house because I want to have the car under control when a moose steps out in front of me.  (So far, I have been able to stop.) Compliance is a good idea, but it is a side effect.  The primary goal is to be able to stop the car in time.

It seems that some of the same thinking applies here, and so I am not sure about “Compliance Oriented.”  But that is a small detail that does not subtract from the real value of O’Grady’s paper.

Open Source Products and Compliance

James McGovern, writing in his February 18th  IT
toolbox blog
, asks for more analyst engagement and coverage regarding open
source options for users.  He suggests …

Maybe the next step is to get several analysts who blog to expose themselves to a vocal audience. Maybe they could ping this entry’s trackback and let the dialog begin. Online audiences routinely discuss, debate and refute industry analyst research.

I think that would be great.  Sign me up … I would be happy to
contribute.  But, what what would be even more useful, for me — certainly
more useful than discussions of industry analyst research — would be hearing
more about what open source platforms and tools are turning out to be most
valuable as companies implement compliance solutions.

In my own work as an analyst/writer over the last decade I have discovered
some things that match up–at least in a rough way–with McGovern’s
concerns.  I started out sizing markets, projecting growth, figuring up
market share, and so on.  I learned a couple of things after a few years of
this.  One is that it is hard to predict the future.  A second thing
was that the methodologies available for estimating current market size and
market share in markets that are relatively young and still emerging are subject
to a lot of error.  You can do it for toothpaste or cola, but there is a
lot of guesswork and making of assumptions when you are looking at something
like "content management" or, heaven forbid,

But perhaps the most striking, humbling thing that I learned is that the
market sizes, growth projections, and so on that I worked so hard to create are
typically not useful to the people and firms that actually USE technology. 
It is critically important stuff for technology vendors … but
technology users are more concerned about what works than they are with
the size of the market. 

So, I don’t do market size estimates anymore.  I am much more interested
in finding out what people are doing and what works.

As I look at Sarbanes Oxley and other compliance issues, the question of
"what works?" seems more important than ever.

So, James, I really like the idea of using trackbacks and other tools to get
a discussion going that brings more open source tools to the forefront. 
But, rather than worrying about what the analysts think, I would be more
interested in finding out more about what companies are using, for what
applications, and what is working. 

I see that James
Governor of RedMonk
is also interested in joining the conversation.  (I
will say a bit more about RedMonk’s interesting thinking about "Compliance
Oriented Architecture" in a separate post.)  With James on board,
along with some people who are using open source approaches to compliance, I
think we could have a conversation that would be both interesting and really

Syntext Updates its WYSIWYG XML Editor

Syntext, Inc. announced the second version of its Serna WYSIWYG XML Editor. Serna’s WYSIWYG XML editor incorporates on-the-fly XSL-driven rendering technology that allows users to work with XML documents close to their “print appearance.” The new functionality includes very large document support, graphical CALS table support, on-the-fly document profiling with switchable XSLT parameter sets, advanced XML-aware Find & Replace, instant setup of enterprise-specific configuration settings, C++ API, and many other features. The PDF Publishing Package for Serna allows authors to generate high-quality PDF documents right from Serna with just a single button click. This package utilizes the Antenna House XSL Formatter. The key features of Syntext Serna include: out-of-the-box support of XML standards such as DocBook, DITA, TEI, XHTML, and NITF; on-the-fly XSL rendering and document validation (based on XML Schema); support for XML catalogs; XSL-FO and CALS table support; multilingual spell checking; and availability for Microsoft Windows (2000, XP), Mac OS X, and Linux.

telerik Launches Sitefinity

telerik announced the launch of telerik Sitefinity – a Web Content Management System for ASP.NET that introduces the notion of “100% WYSIWYG” site construction. Featuring telerik r.a.d.controls, the application establishes a environment that enables non-technical business users to build sites, contribute content, and perform workflow tasks in a visual manner. Sitefinity, however, is built with the developer in mind. Its modular architecture and a fully-exposed API enables developers to modify the provided out-of-the-box functionality, reuse existing code from non-CMS driven sites, and add new modules in the form of standard ASP.NET controls. The cornerstone of the environment is a modified version of the r.a.d.designer control, which is responsible for the page layout and content visualization. Layout templates can be created and managed directly from the browser, which eliminates the need for a desktop IDE and file transfer. There are no preview buttons the user workspace is the actual web-site, so that content authoring can be made in-context and on-the-fly. All modifications pass through the approval and publishing stages of the workflow. Sitefinity is offered with a 30-day free trial and 5 commercial licenses, depending on the number of site administrators and the supported database. A server license with unlimited users and unlimited implementations is also available.

Mambo Announces Version 4.5.2

Mambo has released Mambo Version 4.5.2., a significant update to its open source point-and-click website publishing software. This is the first maintenance release on the 4.5.x series and it addresses many usability enhancements, sports many library updates and the addition of the patTemplate templating system. Mambo is released under General Public Licence courtesy of Miro International PTY. Mambo requires a Unix, Windows 2000 or XP server, running Apache 1.3 or above, MySQL 3.23.55 or above, PHP 4.2.1 or above. Users should be browsing the net with Internet Explorer 5.5 or higher, Mozilla 1.7 or higher or FireFox 0.9.3 or higher (Firefox is best supported for Macintosh). You can read more about Mambo and download the latest version of Mambo at,

New Gilbane Report Covers Knowledge Management

We published our lastest report KM as a Framework for Managing Knowledge Assets to subscribers over the weekend. Here is our Intro:

As long-time readers know, “knowledge management” (KM) is a topic we have mostly avoided, especially during the peak of the hype surrounding it in the mid-nineties when even CRT displays were being marketed as “knowledge management solutions”. We also did our best at the time to convince document management vendors that repackaging themselves as KM vendors was a big mistake. Eventually, vendors ended-up adopting the other, more reasonable choice, i.e., “content management”. (For more on this evolution see Vol 8, Num 8: What is Content Management?).

In spite of the mostly negative things we had to say about KM, we did recognize there was a real, identifiable problem that a combination of business practices and processes, with the help of a little technology, could address. In fact, and this was part of the cause of the vendor frenzy, businesses thought of many of their information management problems as knowledge management problems. You can argue that the concept is flawed, but you can’t tell the customer they don’t have a problem.

Today, the idea of KM is much more respectable – there is less hype, and a lot more understanding of the role technology can legitimately play in helping companies better manage their knowledge assets. Contributor Lynda Moulton is one technologist and KM expert that has helped KM become reputable. Her advice in this issue is valuable, current, and hype-free.

© 2024 The Gilbane Advisor

Theme by Anders NorenUp ↑