Mashing Up Wisdom: Jeff Hanson Speaks Up About Enterprise 2.0 Techniques
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Prolific author and software thought leader Jeff Hanson has penned a significant work tied to one of today’s hottest IT topics: mashups. In Mashups: Strategies for the Modern Enterprise, Hanson provides insightful clarifications on the whys, whens and hows to masterful mashup use in the enterprise.
He knows the topic intimately. Hanson has more than 20 years' experience as a software engineer and architect, including working as CTO for Max International, senior architect for Financial Fusion, chief architect for the Zareus SOA platform, and chief architect for eReinsure.com. Over the course of his career, he has designed and implemented systems for retail banking, global markets, mortgage lending, newspaper publishing, reinsurance, and others. A member of both the expert group for the Java Management Extensions Remote API specification and the International Association of Architects (IASA), Hanson has written articles and books, including Messaging Technology for the International Association of Software Architects' (IASA) skills library.
Pam Baker chatted with Hanson about the finer points and tips his latest book reveals:
Baker: Mashups can render some incredibly useful representations. Or, some incredibly bizarre disasters. Can you give us examples of the good, the bad, and the ugly in enterprise mashup attempts?
Hanson: Good examples can be found at Salesforce.com, Bigcontacts.com, Dopplr.com, and Zillow.com. Bad examples of enterprise mashups can be found at organizations trying to replace sophisticated data integration personnel with a mashup tool. Ugly is in the eye of the beholder.
Baker: What can companies do from the outset to successfully map their way through a mashup?
Hanson: Specifically:
- Discover business needs in terms of data intersections.
- Build relationships with trusted third-parties from which services, data, and UI artifacts can be shared.
- Involve sales, marketing, and executive management in the process of understanding how your organization’s mashups can be applied.
- Think in terms of flexibility, governance, and security throughout every step of the development process.
- Put into place a process for continuous evaluation and refactoring of mashup components.
Baker: Your book is a comprehensive exploration of the creative world of mashups. It seems that there are very few limitations as to what an enterprise can achieve with mashups or in how they design them. Can you briefly explain the differences between presentation-oriented, data-oriented, process-oriented, and hybrid mashup styles?
Hanson: Presentation-oriented mashups are concerned with mixing and matching UI artifacts, such as widgets, HTML snippets, on-demand JavaScript, etc. Data-oriented mashups are concerned with transformation, augmentation, and integration of data using semantically-rich data formats such as RSS, RDF, and XML. Process-oriented mashups are concerned with building services and processes from existing processes, typically on the server. A hybrid approach involves two or more of the above.
Baker: Your book is incredibly useful in creating an enterprise mashup with its step by step instructions on design, identification of services, and data sources, among other things. And it’s a big help in creating effective frameworks for mashup mediation and monitoring. But how can readers decide where to start? How can companies best identify the optimal uses for mashups in their environment?
Hanson: When I talk with companies about migrating to a mashup environment, I stress the importance of discovering the business needs of each individual organization in terms of data-sharing, such as sales reports, employee data, and financial data. Once an organization understands the points at which their data intersects, they can make intelligent decisions concerning UI artifacts, services, and coarse-grained data models.
Baker: Securing mashups -- i.e. validation, HTML sanitization, protecting iframes, and avoiding common attacks, such as cross-site request forgery -- are important issues. Can you give us an idea of the difficulties inherent to mashups?
Hanson: Security problems are compounded with mashups because data, services, and UI artifacts are often used from arbitrary, external sites. Consuming data, services, and UI artifacts from trusted third-party sites is essential to enterprise mashups. In Chapter 6 of my book, I discuss techniques and technologies for securing JSON, on-demand JavaScript, etc. within a mashup environment.
Baker: Building mashups with third-party tools for Google, Oracle, Salesforce.com, and Amazon adds another dimension of ease and choices to mashups. Which of these third-party tools do you find most versatile and useful to enterprises in general?
Hanson: Salesforce.com and Google present the most mature environments at this point in time, in my opinion. Amazon has always blazed new trails into community-oriented development, so I see them as a future front runner.
Baker: Developing an open, Agile environment that supports rapid, flexible development of new mashups is easier said than done. Got any tips to share?
Hanson: Methodologies supporting loose-coupling and separation of concerns are a great start. Experiences with SOA and component-oriented programming should transfer nicely. Mashups bring to the table on-demand JavaScript, widgets, REST, semantically-rich data formats, etc. Put these to use within loosely-coupled, service-oriented environments.
Baker: You have authored many articles and books. Congratulations on this latest one and all the ones that came before it. Can we look forward to a new book soon?
Hanson: At this time I am considering possibilities for a follow-up book/booklet that delves deeper into security implementations for enterprise mashups.