Enterprise mashups gain traction at last

Driven by necessity, the idea of lightweight, Web-based data integration is beginning to take hold

This is an era where everything is getting lighter, beginning with just about everyone's wallet. And in some cases less substantial budgets force needed change. Old, heavy processes fall of their own weight and are replaced by agile ones that cost less. Customers turn up the heat on software vendors and lighten licensing costs. Here and there, you'll even see locally installed hardware and software replaced by cloud services so lightweight they require no maintenance by IT at all.

Mashups have always appealed to me as a lightweight, Web-based method of integration that could, for some purposes, provide a shortcut alternative to labor-intensive rollouts of middleware. But the so-called "enterprise mashup," first suggested about three years ago, has taken a long time to take hold. Recently I spent some time with John Crupi, CTO of JackBe, one of the few companies that appears too be doing pretty well in the enterprise mashup space.

Eric Knorr: When I ask IT managers about mashups, especially in large organizations, most immediately get nervous about control and security.

John Crupi: The number one question that we're asked is: Do you plug into our security? Nine times out of ten they mean: Can you plug into our existing identity management system? Whether it's LDAP or Active Directory or PKI. Because what they don't want to do is bring in a new technology and make people authenticate into that…when they've invested all this money and they already have the security infrastructure in place. We spent a lot of time making sure that we could plug and play.

The second thing customers are concerned about is, when users are authenticated, to control those users' access to everything. So we have authorization policies that we put in place at the service level. It basically says who can do what. And since everything comes through our mashup server, and the users authenticate and authorize on each request...then everything is very secured and governed.

Knorr: Due to the downturn, are you seeing people who had grand ambitious for integration or SOA (service-oriented architecture) turn to platforms like yours instead to accomplish many of the same things?

Crupi: Yes. What's starting to happen is that customers are looking at this whole SOA thing as a long term thing, as more of a best practice…we have some key services that are SOA enabled, they say. Those are the ones that we want to have access to. Quite frankly, they say, if you can give us access to and expose those as mashable services, then it's actually accelerating our ability to do SOA.

Knorr: The thing about SOA is that you never can really predict what people are going to use those services for. In this case what you're talking about is looking at the end state of the applications we know we want now and how much of this mashups can deliver.

Crupi: That's exactly right. Even though we plug into Siebel and SAP and those big systems, we find is that users don't want that, they want smaller pieces, and mashups give them the ability to do that.

Crupi went on to discuss some of his customers. One of them, surprisingly, is the Department of Defense -- one of the last customers I would have expected given the security bias against mashups. But the demand for data, and the inability of systems to talk to one another, has driven several government agencies to adopt mashups as the shortest distance between two points. As long as security is under control, that sort of imperative seems like it's starting to win the day.