Changing the delivery of IT

Tony Bishop

Subscribe to Tony Bishop: eMailAlertsEmail Alerts
Get Tony Bishop: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: RIA Developer's Journal, Enterprise Mashups, Apache Web Server Journal

RIA & Ajax: Article

Foundations for Building Enterprise Social Networks

Traditional business models have focused on a process and interaction model that hasn't changed for more than 100 years

This is a broad category for all documents including PDF, PowerPoint, and Word along with files such as images and video. Many organizations have a standard deployment for document management or enterprise content management. Documents are an enabler to social networks when they are shared, thus the sharing and publishing capabilities of the content management system are extremely important. Several key feature considerations include:
• Simple sharing model to easily grant access to everyone including specific users or groups.
• Search integration to categorize and quickly find relevant documents is essential.
• Rich publishing components with expiration and approval capabilities built in.
• Versioning of content so that changes can be tracked for regulatory and compliance reasons.
• Large volume storage and retrieval as everyone in the organization will need access.
• Document sealing so that only privileged users can gain access and read the content.
• Policies and business rules for archival and storage of documents.
• Easy authoring of documents similar to the previous description of wiki pages.

In order to be able to write one application but integrate any corporate standard for content management like Oracle, Documentum, or Sharepoint, Java Content Repository (JCR) 1.0 is key to insulating the developer and user from the back-end system. Leveraging another key standard, JSR-227, insulates the developer from having to connect the user interface to this back-end JCR standard.

Quite obviously, organizations need a place where users can share ideas and refine their thoughts with others' input. Discussions provide a mechanism to keep their thoughts and feedback organized. Many users today see e-mail as the system to easily carry on discussions. This is why online discussions need tight integration with e-mail to help manage these ad-hoc conversations in a threaded or related way. In addition to e-mail, there are a set of Web services that allow developers to integrate threaded discussions directly into their applications.

Instant Messaging and Presence (IMP)
Easily locating information workers and communicating with team members and subject matter experts is essential to making everyone in the organization more productive. They need to have the best communication methods available to everyone when they need to accomplish a task. This information must be available right at the point of interaction. Users don't want a portlet of all the users or buddies known; they want to know the presence of the owner of the document they need for their customer. Both SIP and JSR 116 provide a standard way to find someone's presence. And a specialized JSF tag allows developers to embed presence directly in their application without needing to be an expert in the SIP protocol.

Notifications, Worklist, and Tasks
With all the enterprise and custom applications that users interact with each day, there is no easy place to find an aggregated list of all the tasks they need to accomplish. Users have to visit one application to submit and approve expenses. Then visit another application to administer their benefits programs. Yet another application enables them to order new supplies and products. But they don't have any single place to track all these actions and their current status. BPEL and an aggregated worklist are essential for users to get a handle on all their processes, orders, tasks or actions. Then when you combine personal and team-based tasks, the user has one area to go to find all their deliverables. This worklist has to be easily configurable to connect to all the different BPEL engines that are deployed for each and every application within their company.

Scheduling team meetings or events is one basic capability within social networks. Whether the meeting is an in-person meeting or an on-line meeting, teams need an easy way to schedule meetings (both personal and team based) with the right participants. As these team meetings are scheduled, each participant needs to be notified and will then accept or deny the invitation. The two key standards in this space are iCal and CalDAV. They both provide an easy way to integrate the existing infrastructure with these new social networks.

Tags are a bit of information that each user is able to attach to any object in the social network to help classify the information and make it easy to find. It is a way to classify all information but from a user's point of view. Not limited to a prescribed organizational structure defined by a developer or business users, information workers can create a user-driven categorization or Folksonomy. Combining the power of these user-defined tags with some of the other services mentioned above, the information and people can be linked and easily discovered. There are few standards in this area; however, the requirements for enabling social networks are twofold: a storage model for this metadata with appropriate Web services and a JSF tag to allow developers to easily add this service to their applications.

Empowering information workers to take control over how new and existing enterprise information is organized is critical for the success of these social networks. Creating connections or links between information such as linking a document to a discussion forum or a document to a page is a key enabler. An architecture where each of these services can easily be added to the system is required. The second half is to provide a simple user interface for business users to be able to link tasks with a specific document or to link a team event with a set of documents. But rather than copying this information from one location to another, it should be easy to link it directly. The requirements here might not be as obvious but they have to leverage all of the standards mentioned previously and provide a simple JSF tag to allow developers to quickly get all related items to the object in view. Tags and Links really bring all the services together to provide a rich social network of people and information.

Key Social Network Considerations
Adaptive Services Model
All of these enabling technologies must also fit within the existing infrastructure choices that have already been put in place for each organization. Too often, Software as a Service (SaaS) offerings rely on their infrastructure to enable all of these technologies but they don't fit with the rest of the enterprise architecture. The alternative is the need to "upgrade" to the new solution that replaces all of the back-end servers that were already in place. In order for these new technologies to provide real business value to the organization, they must provide an adaptive services model to allow any back-end system to participate in these dynamic social networks. In addition, this adaptive services model must be componentized in such a way that only the services required are plugged into the system. For example, if a company has made a dedicated choice to not include presence and instant messaging within their infrastructure for compliance or regulatory reasons, then the UI that is designed and the rest of the services should still work unchanged. An architecture (as shown in Figure 2) allows for all these enabling services to be accessed via standards and then using JSR-227 binding to a user interface is made very simple. This way developers build their applications once, and at deployment or at runtime, the back-end connection can be configured to work against existing systems.

Figure 2: Adaptive Web 2.0 Services Architecture

Customization Architecture
In an enterprise, there are many stakeholders for a typical application. There must be a balance of application control for all these stakeholders. Information workers must have the ability to participate in a simple way that doesn't stifle the social network growth. Business users need control over the information that is published and the application evolution. IT needs to easily roll out new applications, and manage upgrades and application patches. Managing all these desires places a rigorous demand on the application infrastructure.

Customization patterns are quite common in the consumer Internet with sites like iGoogle and MyYahoo, where users can create their personal homepage and views of information. Although these features have been typically targeted at personal productivity, they enable information workers to rapidly share knowledge and evolve the application. Developers create the initial application and enhance it over time. Business users and lines of business like HR may also customize the site. Therefore, it is important that all changes to these pages be effectively managed. Avoiding over-lapping customizations is not possible, so an effective strategy for choosing which customizations "win" is important. In order for this type of information sharing to successfully enable a social network, information workers must have confidence the customizations they put in place will remain. For example, if they customize a component on their shared home page and then IT releases a new version, it must not discard or overwrite their customizations. Figure 3 shows how each of these services and standards can work together to provide a dynamic, integrated customization architecture.

Figure 3: Customization Architecture

Although the enterprise may adopt consumer Internet technologies, it can't adopt the same level of free spirit that the Internet enjoys. Not all knowledge should be shared with the masses, so social networks in the enterprise face a difficult challenge. Out of all the links between people and information, security policies are arguably the most important aspect of these social networks. An information worker must never discover information that they don't have access to and also must not discover its existence. Security must be enforced, but these new Web 2.0 capabilities must remain simple, otherwise there is no gain in productivity for the users and these social networks risk dying a slow death. Some common security concerns for an enterprise social network are described below.

As mentioned earlier, information linking is an important aspect of any informal social networks. If all this information was in a single place, applying security policies would be straightforward. Since this is not practical, technologies that enable linking information are required to store parts of this information outside of the normal security policies, even if it is as simple as a linked URL. If someone were to link a public page to a document on M&A, any knowledge of the existence of that page must not be discoverable by users without access permissions. Here are a couple of practices to consider.

1)  The link resolution can rely on query time filtering. When the links from the page are requested, all the links are queried to discover if the requesting user has access. Those that aren't accessible are discarded from the results. This approach has a high level of security and for items that have small miss rates can be a very acceptable approach. However, this implies that there are two queries that get executed for each user access: one for the content and a second for the access permissions. There are query optimizations to be done but it will impact performance in some way.

2)  Another approach is to keep the original security policies with the link repository. This produces more efficient queries, with the downside that the security policies must be kept in sync with the original repository. Normally, this would result in a small window of security mismatch. It is important to understand how much of a burden you place on the end user to understand the underlying security models. Take for example a user creating a page and adding a document to it. If the security for the page and document are coming from the same infrastructure, then the model exposed to the user is consistent and simple. If they are separate, the application must either keep the two in sync, or the user must understand the page security and the document repository security in order to share information with others.

There are some best practices that can be implemented when considering how to secure information in a composite application.
• Using formal social networks to define information access rights, thereby ensuring that the information itself is secured. In order to gain access to the information, users must be part of a specific group and be authenticated as such.
• For an even greater level of control, information rights management products may be utilized. These products encrypt the actual information such that only those with access rights can access it. This has the added measure of security so that if the information leaves the repository, the initially defined access rights (emailing a document, for example) are still enforced.

Discovery or Search
All information must be integrated with common discovery or search infrastructures. The primary integration mechanisms involve one or both of the following:

1.  Integrating information artifacts within a single search index.
2.  Federating real-time searches to the underlying information stores and returning an organized result.

Primary discovery mechanisms include search, tag clouds, pivoting/lateral searches and links navigation. Many of these discovery mechanisms are blending together. The typical usage pattern for weeding through the plethora of information in a Web 2.0 world generally involves combining search and navigation together. A user could start searching for a document he/she remembers as relevant from several months ago. After viewing the initial results, they may want to filter the results based on the author they recall wrote the document, they may want to simply start pivoting on tag words related to the search terms used, or they may want to follow links for a document that seems related.

Since many of the discovery connections and end points may be a person, the means to interact with the person in-context such as instant messaging/chat, phone and e-mail should be considered key components of the Enterprise Social Network.

For social networking technologies to be successful within the enterprise, adoption is a key requirement. Ensuring that personal productivity tools are built into social networking features can be a way to significantly increase adoption. Information workers' primary focus is accomplishing their tasks in an efficient way with disparate information. The better social networking technologies are at facilitating an individual's own information organization, the more likely they are to be utilized in the enterprise. For example, if a user is able to effectively mange their shortcuts to information with tag words, they receive a primary benefit of this technology and will use it. The fact that other co-workers may now discover information deemed important by a subject matter expert is a benefit to the company.

At the heart of a successful social network lies the ability to easily connect information and people together based on a whole set of industry standards. Bringing Web 2.0 features to the enterprise that leverage existing enterprise information and application infrastructure allows companies to tap into all users' expertise and experience, which makes everyone more productive.

More Stories By James Owen

James Owen is a senior group product manager with Oracle WebCenter, responsible for page composition, social networking and content management technologies. He has been a featured speaker at industry conferences such as JavaOne, holds several patents in the content management space and was an active participant in the JSR-170 expert group.

More Stories By Vince Casarez

Over the past 12 years, Vince has held many key positions at Oracle. Currently, he is Vice President of Product Management for WebCenter, Portal, and Reports. He also has responsibility for managing the WebCenter development team handling the Web 2.0 services. Prior to this, he focused on hosted portal development and operations which included Oracle Portal Online for external customers, Portal Center for building a portal community, and My Oracle for the employee intranet. Previously, he was Vice President of Tools Marketing handling all tools products including development tools and business intelligence tools. Prior to running Tools Marketing, he was Director of Product Management for Oracle's JDeveloper. Before joining Oracle, Vince spent 7 years at Borland International where he was group product manager of Paradox for Windows and dBASE for Windows.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
Mark Wiseman 08/09/07 06:14:28 PM EDT

Thanks for a very thoughtful and interesting article.