Richard Soley's On The Road Blog

On March 11th, 2011, a "millennial" earthquake struck Japan, followed shortly by a killer tsunami (as many as 26,000 dead) that peaked at up to 9.3 meters in some places.  In fact, the highest tsunami unfortunately spent its energy in the worst possible place—in Fukushima, where Fukushima Daiichi Nuclear Power Plant quietly produced 4.7 gigawatts of power for Tohoku (eastern Japan). The plant went quickly off the grid, and at this writing is not expected to ever come back online.  Worse, due to the incompatible electrical engineering standards in western and eastern Japan, while western Japan still has plenty of power, Tohoku is badly starved for power.  I've been to Japan a couple of times since the terrible quake, and the oddity of summer in Tokyo with no air-conditioning has no cognate in Kobe, where power is available in abundance.

This blog entry, however, isn't about the quake—you've heard about it already, you've seen the terrible pictures, and I hope that you’ve donated to Red Cross to support Japan’s recovery (as I have). It's not about the displacement and destruction, which is unfortunately very obvious in my family too (we have friends and family in Japan, and in fact in Chile where a similar quake struck just a year before, on February 27th, 2010). No it's not about destruction; it's about what has happened since, and the amazing resilience of the Japanese people. Though the Kan government from the time of the quake has fallen (partially due to perceived communications failures and lack of rapidity of response of the government), Japan is bouncing back with a speed nothing short of a miracle.  When I visited soon after the quake (in April), aftershocks were continuing every night (it is a little disconcerting to wake up in the middle of the night to find your bed skittering around the room during a 5.0+ aftershock, and hard not to think about being on the 19th floor while you race under a doorframe).  While I didn't feel any further aftershocks during my late June trip, visiting both Tokyo and Kobe (which suffered the killer Hanshin quake 16 years before) left me with the odd juxtaposition of the dark Ginza and Tokyo tower, against Kobe's brilliantly lit night.

The struggle in Tohoku is never far removed from thought in Tokyo however, as evidenced by the background at the conference at which I spoke.

Kobe is a lovely city, in which normalcy reigns:

and in fact, the key theme I'd like to remind you is that normalcy reigns throughout Japan, except in a small area around the failed Fukushima plants. Life goes on, radioactivity in Tokyo is at the same background level to be found all over the planet, and despite minor cultural changes (ties became no longer de rigeur in fashion-conscious, but sweltering summer Tokyo this year) Japan is just as wondrous as always. Nearly all of the 52,000 homes destroyed by the earthquake and tsunami have been replaced already; life goes on.

So, join me in giving to the Red Cross to help those displaced by the terrible events of March 11, 2011. But also join me in marveling at the resilience of the Japanese nation, and the Japanese people.

Information sharing is a tough problem. Besides the obvious technical issues of differences in computing platforms, instruction set architectures, operating systems, programming languages and the plethora of choices in data formats, there are difficult legal and just plain human issues. Do I have the right to see your data?  Do you have the right to share data?  How long can I keep data, whether it's personal data, trading data, air route data, energy use data or something else?  The apparent “intelligence failures” that failed to avert the September 11^th, 2001 terrorist attacks in Pennsylvania, New York & Washington were acknowledged to be information sharing issues, though not necessarily “failures” given the enormous quantity of information pouring into the relatively large number of American intelligence agencies. Could that information have been coordinated better? How about integrating intelligence information from American allies in Europe, the Far East and Middle East?

These are the top-of-mind issues that were on the table this week at the Workshop on Information Sharing and Safeguarding Standards (WIS³, colloquially known as the “Standards Palooza”) in Washington, DC.  Hosted by the Program Manager for the Information Sharing Environment of the U.S. Office of the Director of National Intelligence (a mouthful to be sure, but still better than ODNI/PM-ISE!), the event featured over 200 attendees from two national governments, US state leadership, small and large IT vendors and solutions providers, academia and IT and government industry analysts.

After a brief welcome by Kshemendra Paul, the Program Manager, Information Sharing Environment (and a longtime friend of OMG who will be giving a plenary address at the next OMG Technical Meeting in Santa Clara next Wednesday), I moderated a panel discussion to help clarify what the challenges facing standards-based information sharing really entail. I was joined by Kshemendra, and Kathleen Turco, Associate Administrator, Office of Government-wide Policy, GSA and Scott Bernard, Federal Chief Enterprise Architect, OMB. After we had that discussion, we moved into breakout sessions and got to the real meat of the conference. (See below for some photos from the event, courtesy of Jean Borman.) Topics included:

• Supporting Standardized Information Exchanges Across Government
• Identity and Access Management Across Government
• Federated Information Sharing Frameworks and Services
• Translation of Business Requirements into Solutions

 Presenters and moderators hailed from organizations such as the Royal Canadian Mounted Police, OGC, DoD, ACT-IAC, AFEI, Protiviti, Booz Allen Hamilton, OASIS, Los Angeles County Information Systems Advisory Body, IJIS, DCGS, Global, CBP, ODNI, SAIC, No Magic, PKH Enterprises, and ASMG.

After refueling, the group reconvened to hear about the Department of Health and Human Services, Standards-based Information Sharing (showing that the problems of integration obviously extend past the intelligence and defense communities to provision of health services, to State Department embassy and consular communications, etc.). A panel moderated by Paul Wormeli, Executive Director Emeritus, IJIS, covered Standards Challenges and Solutions. Joining him were Anthony Hoang, Managing Director, NIEM PMO, Mark Reichardt, President and CEO, OGC, Scott McGrath, COO, OASIS, Dave Usery, President and CEO, URL Integration and myself.

The leaders of the breakout group sessions presented their findings in a panel session moderated by Amy Maida, PM-ISE. Laura Thibodeaux, ACT-IAC, Dave Chesebrough, AFEI, Steve Ambrosini, IJIS and Larry Johnson, OMG (co-chair of OMG’s Government Domain Task Force) talked about the next steps needed to reach the next generation landscape for their respective topics.

To wrap up the conference, Kshemendra moderated a “Senior Leaders” panel, where the participants (Al Tarasiuk, Intelligence Community (IC) CIO, Donna Roy, Information Sharing Executive, DHS, Glen Johnson, Director of Messaging Systems, DoS, and Neill Tipton, Director, Information Sharing & Partner Engagement OUSD(I)) provided their perspectives on standards-based information sharing and brief responses on the breakout session results presentations from earlier.

All in all it was a packed schedule with a lot of information exchanged (forgive the pun). OMG is already working to address some of the challenges of information sharing with the UML Profile for NIEM, which is in progress now. The goal of the UML Profile for NIEM is to represent the semantics of NIEM while being agnostic of its structural representation, to leverage standards and standards based tools, to reduce complexity and lower the barrier for entry and to facilitate reuse of NIEM models and as a result schemas. For more information on the UML Profile for NIEM click here.

Keep an eye on this space for a report late in 2011 (or perhaps early in 2012) outlining the “low-hanging fruit” that this group plans to pick & present in 2012. And see the sort of thing that groups of dedicated people can agree to in the report from the 2010 event, now set to be an annual event for the foreseeable future.



David Saul, Senior Vice President and Chief Scientist of State Street, the chair of the Cloud Standards Customer Council’s (CSCC) Financial Services working group and an all-around nice fellow, invited me to Hangzhou, Zhejiang Province, People’s Republic of China last month (does anybody know of another bank that has a “Chief Scientist”? – State Street is an interesting bank).  Those of you who know me know I’m not too good at turning down a trip to a place I’d never been before, even a “small city” like Hangzhou (with “only” 8,000,000 inhabitants, the Chinese consider Hangzhou small).  The invitation was to keynote the 11^th International Conference on Information Technology for Financial Services (ICITFS), organized by the Zhejiang Provincial Government and State Street.  I have to say, it was a fascinating event, ranging from discussions with high-level officials on the future of retirement pensions in China and elsewhere, to improving business processes and innovation, to improving software quality and processor utilization. My keynote address, “Two Faces of Financial Services Standardization,” introduced OMG (of course) and focused on the FIBO semantics work being carried out by the Financial Services Task Force as well as the software quality project being carried out by CISQ.  I also had the opportunity to chair the closing keynote panel focused on innovation – a key success path in the financial services arena.  Cloud computing came up of course, but so did the problems of managing incentives, recognition and integration of innovation.

Keith Yuen, John Busch, Dapeng Li, Lie Shi & Li Yu on the closing panel

It was great to have the opportunity to speak with this diverse group, which included financial institutions, university students & professors as well as government officials, about the standards work OMG does that benefits organizations around the world. Our FIBO standards joint effort with the EDM Council, for example, is designed to make it easier to report derivatives trading information to regulators in many countries, to enable trade surveillance that will warn of upcoming bubbles like the market crisis of 2008. I also had the opportunity to talk about our CISQ program. The Consortium for IT Software Quality (CISQ) project was launched just two years ago as a joint project of OMG and Carnegie Mellon University’s Software Engineering Institute (SEI). Please see my previous blog entry for plenty of information about CISQ and software quality.

Software quality is obviously a big concern for companies that outsource development work to organizations in China. And just as obvious, the outsourcers themselves need to be concerned about meeting their customers’ quality expectations, and differentiating their offerings with clear, objective, automatically-derived quality metrics. CISQ’s efforts, along with OMG’s established Structured Metrics Metamodel, make it possible to make software quality measurable, something all organizations will benefit from.  The first set of metrics are due to be delivered next month, don’t miss the opportunity to participate at the Santa Clara, California, U.S.A. meeting in December 2011.

And as you think over how you can contribute to, or get value from, automatic, objective, repeatable and easy-to-use software quality metrics, you can see some pictures from the burgeoning city of Hangzhou.  The perpetual haze mars the view a little bit from atop some of the great downtown hotels:

Looking east to West Lake

Bin Shen, Richard Soley, David Saul & Shangping Li

Main pool area, looking at the main lobby at the Four Seasons Hotel

Nearer to the lake the magnificent scenery blankets the hills, where I spent a couple of hours with old & new friends over Hangzhou’s rightfully famous, delicious green longjing (West Lake Dragon Well) tea.

Bin Shen & David Saul relaxing over tea at Hangzhou Xihu State Guesthouse

Grounds of Hangzhou Xihu State Guesthouse

Software... Quality?

When I entered this industry, computing was in its (comparative) infancy. The first stored-program computers had been built in the 1940’s; the first commercial computing devices date to the 1950’s. When I came along in the 1970’s, computing was still a young field—compared to older technology industries like aviation, electric lighting and railroads, anyway. Nevertheless, in those bygone days, when a computer failed, it was big news—everyone noticed, and somebody had trouble on his or her hands. I distinctly remember a mainframe failing (due to a rare software bug) at a customer site; the customer was an automobile manufacturer. The screaming went right up to the chairman of the auto manufacturer, over to the mainframe manufacturer for whom I worked, and back down the chain to one of my colleagues (not me, thank goodness!). Programmers in those early days were far more careful, on average, to ensure that software worked.

Fast-forward to today, to the modern computing industry with billions of devices carried on our persons, settled in cloud data centers, or somewhere in-between. It’s a mature industry in every way now, except one: we are no longer surprised about computers failing; in fact we expect them to fail. Computer industry maturity has brought tiny size, enormous computing capability, low cost, and a terribly low level of software quality. This is despite decades of experience in software development methodology, powerful modeling & simulation capabilities, enormously complete and integrated software development tooling, and detailed maturity models for measuring and increasing the quality of our software development methodologies.

What went wrong?

We could easily blame the “new generation” of developers—but computing is their birthright, and they grew up with their fingers on keyboards. So there must be something missing—and there is: an engineering component, a standard way to measure the quality of their products. Mechanical engineers not only use models (blueprints) to guide their projects, they have well-defined measuring devices and industry-accepted metrics not only for measuring the processes used in the design and implementation of their artifacts; they have devices for measuring the implementations as well. Mechanical engineers have their calipers & micrometers, electrical engineers have their multimeters, chemical engineers have their pipettes, and the engineering world is littered with tribometers, manometers, katharometers, eudiometers and dynamometers and the like to measure engineering artifacts. Where are the software-o-meters for us?

This is in fact the exact arena in which the OMG Structured Metrics Metamodel (SMM) plays. The SMM is a model for software metrics—it originally came from the need to capture information about legacy systems and their coding practices to steer system modernization, the original core mission of the OMG’s Architecture Modernization Platform Task Force.  But we can do more, much more—we can measure security and code quality based on an understanding of code size as well as known good and bad coding practices. While perhaps not as perfect a metric as consideration of a code base by an expert with years of experience, an automated software quality metric is much more objective, more repeatable, lower cost and a far more scalable solution.

This is precisely the intent of the Consortium for IT Software Quality (CISQ) project, launched just two years ago as a joint project of OMG and Carnegie Mellon University’s Software Engineering Institute (SEI). When Paul Nielsen, Executive Director of the SEI, and I launched this initiative with a series of Executive Fora all over the world, we envisaged a world of high-quality software, delivered by well-trained developers using tools that provide feedback not only for process quality improvement, but code quality improvement. This approach would be a natural extension of OMG’s standards for software modeling, as well as SEI’s existing and successful process quality improvement measures. The CISQ consortium has been managed by OMG for its members since the first members joined two years ago, and has been focused on proposing these static code-based software quality metrics for the OMG SMM. CISQ’s Director, Bill Curtis, has managed the technical process with drive and finesse since those first members joined.

As we come to the end of 2011, I am delighted to announce that the first metrics will come into the OMG standardization process this year, including for the first time in the industry a consistent, objective code-size metric not based on lines of code. OMG and SEI expect the first tools to implement these metrics to appear in 2012, likely integrated into both commercial and open-source development tool suites. Obviously, static code-based software quality metrics (and automatic bug discovering software) already exist from some commercial vendors; the difference in 2012 will be repeatable, automatable measures delivered from competing vendors with consistent results based on the open, freely-available OMG standards.

So are we done?

Of course not—the CISQ consortium will continue, and grow, to meet the demands of software developers in many different vertical markets. We expect hundreds of new software metrics to appear over the coming years, to solidify a world in which standards govern quality—the same way one can expect the tracks of two rail systems to interconnect painlessly, and switches and lamps from different vendors to work together seamlessly.

At the same time, the “CISQ second wind” will focus on methodologies and tools to help companies adopt consistent, open, standardized software quality metrics. We’ve already heard from companies that will volunteer to discount their products and services for CISQ members, and the growing CISQ membership base is already proposing new metrics for adoption.

Software project completion statistics are still awful, and software quality is still all over the map. Your organization spends millions, perhaps tens of millions, developing or fielding broken software, and cleaning up the inevitable mess afterwards—and yes I’m talking to you, the financial institutions, the insurance carriers, the manufacturers and the transportation companies, not just the software companies. So join us and help make poor software quality a thing of the past and combine the best aspects of 1970’s computing with the exciting advances of the 21^st century!

Type “cloud” at Google these days and you get 580,000,000 hits.  Okay, the second hit is a Wikipedia entry about a “visible mass of water droplets” in the sky; but the first hit is the Wikipedia entry for “cloud computing”!!!  Apparently IT trumps natural weather phenomena any way.  (By the way, the hit count at this writing for “cloud computing” is a measly 70,000,000).  With all that attention, you’d think that all cloud issues are dealt with, that everyone who wants to use “the cloud” is already doing so, that Nick Carr’s “The Big Switch” has sold more copies than the latest Tom Clancy thriller. 

In fact, that’s not the case.  Plenty of organizations that could get value from an organized, focused, enterprise-wide approach to cloud computing aren’t doing so.  Most surveys cite a strong concern about a perceived lack of security, performance or standards; more often, when I talk to CIO’s, I hear that they simply don’t know where to start.  Should I shut down my data centers and just move it all to the cloud?  Is there a halfway point so I can try one project out?  Just how do I deal with the changes in performance, and what standards will help me avoid vendor lock-in and give me choice?  The voice of the customer just hasn’t been loud enough to date in the development of the cloud computing industry.

Just a couple of weeks ago, using the same end-user focused model for information-sharing organizations we used when we developed the SOA Consortium and the Business Ecology Initiative, OMG launched the Cloud Standards Customer Council (CSCC) with more than 45 participants and founding sponsors CA Technologies, IBM, Kaavo, Rackspace and Software AG.  At a recent conference (IBM’s IMPACT 2011 event in Las Vegas, yet another opportunity to spend a week in the desert) I was asked many times, “aren’t there enough cloud organizations already?”  The answer is clearly “no” since the number of participants has tripled since the organization was founded.  More importantly, in the mold of the SOA Consortium, CSCC is not a standards organization; rather, it’s composed almost entirely of end-user organizations (rather than vendors), and is focused not on standards but on how end-users can get value out of cloud computing through shared development of best practices; exploration and publication of cloud-computing case studies; and yes, the shared development of requirements for cloud standards (that can be sent off to cloud-computing standards organizations like OMG, DMTF, TMForum and the like for development of detailed technical standards).  After all, migration to the cloud is less of a technical problem than a business-process and management issue.

Taking advantage of IBM’s highlighting of cloud computing at their desert event, an informal first meeting of the CSCC took place at IBM’s IMPACT conference (see below for some photos from the launch at IMPACT) and was lead by Mel Greer of Lockheed Martin, who has agreed to serve as interim Steering Committee chair until formal elections are held at our first face-to-face meeting on June 22 in Salt Lake City, UT.   IBM’s Robert LeBlanc and Marie Wieck and others were kind enough to draw the attention of the thousands of attendees to the CSCC, which generated tremendous interest.

At the kick-off meeting, after introductions around the room, Mel Greer invited Angel Diaz, VP, IBM Software Standards and I to kick off the meeting with the presentation:  Cloud Standards Customer Council: Making Cloud Standards Customer Driven.  If you are interested in viewing it, the presentation is available on the Council’s wiki http://wiki.cloud-council.org. I won’t go into all the meeting details, but the members have already agreed to an aggressive timeline and are getting excited about our first official virtual meeting on May 18. (There’s still plenty of time to get involved and participate in this first, official meeting. Membership is free to qualified end users. For an application, go to http://www.cloud-council.org/application.)

The most important item to come out of the meeting is a call for participation. The first order of business is the creation of a Roadmap and we need volunteers to help draft it. This Roadmap will directly impact the working groups that are formed, the deliverables that they will produce and the overall direction of the group’s efforts.  We are also soliciting use cases from all CSCC members to help guide the authors.

Once Mel opened the discussion to the floor, it became clear that technology transfer—getting the requirements the group develops into standards organizations—is going to be a key to success. Let me again stress one, very important point: CSCC is not; repeat not, a standards organization. CSCC members are consumers of cloud services. They are pooling their expertise to spread the work of developing best practices & requirements for successful cloud computing, whether that be best practices or cloud standards requirements documents, across the entire group. That’s where technology transfer comes into play. Many CSCC members are also members of actual standards organizations, OMG being one of them. These members will champion the requirements the CSCC develops into actual standards processes at these standards organizations. OMG has a lot of experience working with other standards organizations through liaison relationships just like this so we are highly confident in the process.

Now that CSCC is officially launched and ramping up, we are working on next steps. Discussion groups are being created, web content is being posted, we’re gathering use cases and getting ready for our first meetings. We hope to have a draft roadmap in place before our first face-to-face meeting in June, where we’ll also be holding elections for the steering committee. We’ll start forming working groups and accepting volunteers for various tasks at the May 18 virtual meeting. Things are moving quickly so if you are interested in participating, now is a great time to sign up.

As I mentioned above, the next meeting of the CSCC will be a virtual meeting on May 18, 2011.  We’ll be posting details on the CSCC website shortly. If you are interested in participating (free for end-user organizations) send an email to info@cloud-council.org and be sure to visit our website, www.cloud-council.org.

IBM coming aboard the CSCC

Robert Leblanc of IBM Software (Senior Vice President, Middleware Software) introducing me.

Slides from the presentations.

Using a Standards-Based Approach to Deliver the Information Sharing Environment

I think we can all agree that sharing information is a good thing, but can also present a challenge. Do you and I speak the same language? Do we agree on terminology; do we both mean the same thing when we say the same term? Do we agree on how we’ll share information and in what format? For government agencies needing to share a wealth of information, especially sensitive information that helps keep everyone safe from modern threats, this is an especially critical challenge. OMG organized a workshop in October at the White House Conference Center in Washington, DC, USA to address the challenges of defining an Information Sharing Environment (ISE).  The event was focused on the use of the global community of standards organizations as leverage. Several countries manage a very important anti-terrorism mission, spanning Defense, Intelligence, Homeland Security, Foreign Affairs and Law Enforcement. An Information Sharing Environment is not just about US Federal initiatives, but state/provincial, Federal/national and international initiatives involving many governments and as well as inter-governmental organizations like United Nations and NATO.

We were fortunate to have the participation of representatives from several prominent organizations (see the end of this post for some photos), including:

• The U.S. Government’s Program Manager for the Information Sharing Environment, a unit of the Office of the Director of National Intelligence (PM-ISE), –  Mr. Kshemendra Paul
• National Information Exchange Model (NIEM) Program Management Office (PMO) – Ms. Donna Roy
• OMG – John Butler (representing the OMG Government Domain Task Force), other OMG leaders like Mike Abramson, Bob Daniel, Joe Bugajski, Probal DasGupta and Cory Casanave, and myself
• Integrated Justice Information System (IJIS) – Steve Ambrosini
• Department of Health & Human Services (HHS) – Mary Forbes & Doug Fridsma

The outcome of the workshop was a set of four recommendations:

• Immediately Leverage Existing Standards
• Prohibit “Data Lock Down”
• Drive Standards
• Build Community

IMMEDIATELY LEVERAGE EXISTING STANDARDS – NIEM IEPD – Definitions provide the centerpiece of the semantics of DHS/ISE/DOJ data interchange. The articulation of the work already done in support of NIEM by the NIEM PMO, IJIS, HHS, DoD and others, including other standards development organizations (SDOs), can be further formalized and enhanced in portability and interoperability by applying a number of OMG standards, in particular:

• Semantics of Business Vocabulary and Business Rules (SBVR) – Defines the vocabulary and rules for documenting the semantics of business vocabularies, business facts, and business rules using natural language (English), which is also computer consumable. SBVR facilitates the sharing of information between domains with common concepts, but differing vocabularies.
• Business Process Modeling Notation (BPMN™) Release 2.0 – Defines the method and visualization for capturing business process models in support of business process reengineering and business service development and orchestration. Like SBVR, BPMN is also computer consumable. BPMN readily links business vocabularies and business rules, is well aligned to SBVR and BMM and supports defining the roles and responsibilities for information sharing.   DoD has already established the BPMN 2.0 Analytic Conformance Class to ensure standard usage of BPM techniques and representations.
• Model Driven Message Interoperability™ (MDMI™) – Automates interoperability among disparate systems by providing the ability to define standardized maps for message format owners allowing message transformation to diverse environments (Very successfully applied to the Finance Industry with its diverse payments systems, in energy trading, and other arenas). MDMI provides a declarative, model-driven mechanism to perform message data transformation – not only to handle the movement of data between different message formats, but also to support versioning by providing a mechanism to map information between a new and an older version of the same message. Thus, MDMI can help reduce the barriers that prevent the introduction of new versions of NIEM and other messages and thereby greatly reduce the cost of change and providing a mechanism to for transition to NIEM by organizations not currently using NIEM as their primary messaging capability. Along with SBVR, MDMI provides a very powerful way to declare and operationalize interoperability between systems.
• Business Motivation Metamodel (BMM) – Is used for scenario planning and requirements realization. It has been used in the Metamodel for Performance-Driven Government (MPG) sponsored by the OMB and in standardization processes at OMG. BMM provides a structure for developing, communicating, and managing operational plans in an organized manner and will be very useful in the development of NIEM IEPDs.
• Unified Modeling Language™ (UML^®) – Provides capabilities through which the semantics and structure of a domain (e.g., DOJ, DHS, etc.) can be captured in a Platform Independent representation. The model can then be mapped to one or many Platform Specific Models and Architectures (e.g., Web Services, XML, Java, C++, SOA, Cloud computing models), allowing for NIEM implementations that are designed once and implemented using multiple platform technologies. In addition, the large ecosystem of UML tool providers and vendors can be mobilized into service in support of NIEM IEPD development through a standard NIEM profile that will essentially provide a UML Specific language for NIEM and IEPD definition within UML tools, overnight creating a large NIEM tool ecosystem.
• Meta Object Facility (MOF™) and the XML Model Interchange Standards (XMI^®) – Assure that models developed for NIEM will be portable across many modeling tools assuring vendor independence and re-usability by providing the portable & interoperable underpinnings for UML based tools.

PROHIBIT “DATA LOCK DOWN” – “Data Independence,” also sometimes called “data interoperability” or “data portability” is a lynchpin of most efforts at technologically-enabled data sharing and, equally important, of technologies to protect privacy and civil liberties. There was broad agreement among and between participating government leaders and industry representatives that standards and technologies enabling such data independence must be acquired, implemented, encouraged, and further developed. Conversely, technologies, standards, policies, and commercial business practices that discourage or prevent such data independence must be prohibited: in standards development and implementation; in federal acquisition regulations; and in federal contracting requirements. Software and other products whose purveyors seek to “lock down” departments and agencies’ own data – though, e.g., the use of proprietary xml or other coding or through license restrictions or other restrictive business practices – attempt to prevent data from being portable from one type of analytical platform, technology, or software, to others, should be prohibited to the greatest extent possible. There was wide agreement also, including among industry competitors participating in the conference, that implementation of a “level playing field” across the federal government, so that technologies can robustly compete but not by attempting to lock down customer data, should also be advanced as quickly as possible. The PM/ISE’s office, the NIEM program, OMB, ODNI, and other key USG entities, should work immediately with industry leaders to develop federal acquisition standards, contract clauses, and other methods to ensure that these goals are met as rapidly as possible. Specifically, there was agreement that the federal government should:

• Modify procurement and acquisition rules to require that all government customer data always remain fully transferable and interoperable regardless of what new or legacy software or other platforms are used;
• Ensure that Requests for Proposal and other government contracting vehicles prohibit any technological, licensing, or other means to “lock down” customer data;
• Include in such contracting vehicles a 90-day demonstration period to ensure that promised data independence/interoperability is actually delivered, with the ability to void the contract if the technology fails in this regard; and
• Ensure the government’s ability to void any procurement contracts if the required degree of data independence/interoperability is not actually delivered.

DRIVE STANDARDS – Standards organizations derive their agenda from that of their participants; therefore it is critical that PM-ISE, the NIEM PMO, OMG and other stakeholders in information sharing participate in standards efforts. Standards accelerate innovation rather than impede it; participation stimulates directed innovation in support of the mission. It is important to direct efforts toward the solution of ISE challenges.

• Immediate standard focus: UML Profile for NIEM – OMG's UML provides the capability of defining other modeling syntaxes through its profiling mechanism. The definition of this standard would provide the immediate benefit of making any of the many UML tools a NIEM modeling tool for defining IEPDs. While there already exists such a profile, it has not been standardized and, therefore, isn’t widely supported in the UML ecosystem.
• Immediate standard focus: MDMI reference dictionary for NIEM – As noted, MDMI provides an interoperability mechanism for diverse protocols, but it requires a shared reference index or dictionary; in the case of NIEM, it already exists, as the NIEM Domain Models and IEPDs already developed constitute a shared model. Capturing this as a standard will make the transition to automated information sharing much faster.
• Intermediate focus: OMG is in the process of defining the standards for a policy-based messaging Information Exchange Framework (IEF) whose architecture includes a Policy Vocabulary, a Policy Manager, and Policy Enforcement Capability. The IEF will allow for the creation of alternative implementations that retain NIEM-based interoperability while ensuring that local privacy and security considerations are maintained.
• Long-term focus: Led by the NIEM PMO, with significant support by the PM-ISE, join relevant standards organizations that support data modeling, automated data translation and data security, and drive them to specific results that are of value to ISE and NIEM. Examples are OMG, W3C, and ISO. OMG maintains strong liaison relationships with those organizations and many more.

BUILD COMMUNITY – Starting with the attendees at the workshop, build a Community of Practice dedicated to sharing ideas and rapidly solving problems as they come up in the information-sharing arena:

• Leverage this group – We have a great start in building a diverse community of government, industry, standards development organizations, vendors, and academia by bringing together PM-ISE, the NIEM PMO, OMG, IJIS, HHS and other organizations in the workshop already held; this existing group will be maintained as a discussion group for future problem-solving and for the identification of new or revised standards. It should be expanded as necessary to include organizations that have not yet moved to NIEM, but are considering doing so, and organizations that have significant lessons learned that should be considered. This will be accomplished through additional regularly scheduled workshops, which OMG will develop and manage.
• International Standards Community – OMG is an ISO PAS (fast track) organization as well as having long experience in supporting ecosystems with Communities of Practice.
• Open Source Community – Support and drive the development of open source solutions for standards that can be used in government and elsewhere to implement information sharing solutions. Eclipse Foundation stands out as a great place to start. Eclipse is a well-established open source group and has a full stack of OMG compliant modeling tools that can support PM-ISE and NIEM PMO objectives in information sharing, standards-based tools development, SOA and Cloud Computing. An addition important community and resource is ModelDriven.org, which is focused specifically on open-source implementations of modeling tools.
• Practitioner Community – Build awareness among and equip the NIEM practitioner community in applying these standards, in leveraging open source technology resources, in promoting standards-engagement opportunities, and by identifying professional training opportunities.  Provide feedback mechanisms for the practitioners to offer new ideas, best practices, challenges, priorities, and comments back to the standards organizations and associated communities of practice.

So what now? How do we move forward? We’ll start by continuing the dialog, as mentioned above, and work on showing how this will work in the real world by defining prototypes of well-executed examples of information sharing that could ultimately become reference implementations. We’ll define pilots based on the prototypes and get them deployed. And of course we’ll have to make sure all of this is done in such a way that privacy and security are addressed. Because this is such an important task, we’ll be inviting interested parties in both government and industry to look at the results and we’ll work with vendors and industry to encourage them to provide implementations that serve the needs of the community. This work won’t just benefit governments; all organizations can profit from the work we’ll do here. Let me know if you want to join us!

Here are a few photos from the event:

Me (Richard Soley) at the podium.

Suresh Katta, Donna Roy, Doug Fridsma & Kshemendra Paul

A view of some of the participants.

In his two-year-old book The Big Switch, Nicholas Carr talks about the coming age of cloud computing.  He uses as a basic analogy the history of the adoption of electric utilities in the United States in the early 20^th century (this becomes clear when you look past the first three words of the title to the post-colon – the full title is The Big Switch: Rewiring the World, from Edison to Google). As a student of technology revolutions myself (especially the adoption of rail travel, telephony and electricity), I found the book excellent, though lacking in one important respect – it brushes rapidly by the fast-changing character of electric utilities. Where the late 19^th century and early 20^th century saw the success of Westinghouse’s large, centralized electric utilities pumping power over long distances (a success, it should be noted, over Edison’s own short-distance direct current plans), the early 21^st century is slowly seeing a change toward more distributed, local generation & storage of electric power, especially involving renewable sources like wind and solar.

It suddenly struck me last month that we’re seeing the opposite trend in another kind of grid – in fact, the computing utility grid that Carr talks about, or more du jour, cloud computing.  Where computing has gone from some level of utility focus in its early days (think of Telenet and other shared-mainframe computing services, including my own Multics background) to very local, small-scale computing with the personal computer revolution of the 1980’s, the nexus of broadband Internet access, cheap and broadly adopted virtualization, and standard information sharing protocols has led us to shared cloud computing.  Just don’t think it’s a particularly new idea – at the centennial of my alma mater, MIT, a young professor (later to be quite famous as a founder of the field of Artificial Intelligence) said

Computing may some day be organized as a public utility, just as the telephone system is a public utility.

That was 1961, by the way. Some people are just prescient. I like to think that OMG had some part in that too, with our now two-decade old (and still growing) invention of the standardized middleware market (and in fact the term “middleware”) with our first standard, CORBA, in 1990.

What made me think of the relationship between smart electric utility grids, and smart computing utility grids, was a fascinating conference I attended in December 2010 in Chicago. The first week of December I attended the annual Grid-Interop conference in Chicago. This conference brings together the leading US organizations in the smart electric power grid space, both public utilities and energy infrastructure providers. The primary movers on US grid standards are two organizations:

• The Department of Energy's Gridwise Alliance ( http://www.gridwise.org/); and
• The National Institute of Standards and Technology (NIST)'s Smart Grid Interoperability Standards Project (SGIP, http://www.nist.gov/smartgrid/), funded by 2010’s mammoth U.S. American Recovery and Reinvestment Act (ARRA).

The US Congress deemed this important enough that they directed the President to create a new “czar,” the National Coordinator for Smart Grid Interoperability — in the person of George Arnold (late of Lucent & ANSI). George and I spoke at some length at the conference, and he made it clear that standards are going to be very important in this effort and said, “We need OMG to participate in this effort.” We certainly intend to honor that request!

The following week at the OMG Technical Meeting in Santa Clara, we held an initial meeting specifically on Smart Grid standards. John A. Teeter, Chief Scientist of People Power Corporation, led the meeting. Attendees took a look at the status of the Smart Grid Interoperability Standards Project (SGIP) and undertook a review of relevant standards, with presentations from Stan Schneider, Real-Time Innovations; Joe Hughes, then of the Electric Power Research Institute; and Michael Leppitsch, Gridata, Inc.

There are many things OMG can bring to the table for Smart Grid — not only do many of the key players in this effort already use UML extensively, but various bits of smart energy grids require rule systems, component and systems modeling, control protocols, and so forth — all areas where OMG has domain expertise if not standards already in place. Plans are already moving forward to put together an Energy Task Force at OMG, which could focus on a number of things — home control, home-to-utility protocols, rule systems for load shedding & sharing — there are many possibilities. Interested parties are already holding conference calls to get the effort launch formally at OMG. The first Requests for Proposal are already being drafted. Interested in participating? Contact Ken Berk or +1-781-444 0404 to learn more.

Thinking through the issues, however, brought me back to OMG’s distributed computing experience (especially CORBA and DDS), and more importantly, OMG’s activities in cloud computing. As world energy grids move to take advantage of wider distribution of energy storage and generation, the computing world is rapidly going the other direction, moving computation into utility service centers, delivered by the worldwide Internet. It will never be a 100% move – not with the price and size of computational power continuing to drop like a rock. In fact I’m typing this without access to the Internet at the moment (yes, I know, you’re surprised, I’m in an airplane, currently halfway across the Pacific Ocean, headed to meetings on healthcare in Australia and systems engineering in Japan – but that’s for a later blog entry!). I’m typing on a wide screen, with a 2.6GHz processor and a 500GB hard drive in a package that could be even tinier if I didn’t have to be able to see it and type on it! Likewise, my car has dozens of tiny processors in it, and cannot be in a position to need Internet access at all times. So I’m pretty sure we’re going to have a mix of local, distributed and cloud-based computation for a very long time.

So what’s OMG’s involvement in cloud computing? First, some history; OMG has been involved in cloud standardization issues for over a year now, in two distinct areas:

• We cofounded an informal group called Cloud-Standards.org (http://cloud-standards.org/) in which we, and a dozen or so other standards groups, cooperate closely on cloud standards to ensure limited overlap and maximum utility. We hosted the first few physical meetings, and participate on the biweekly teleconferences to keep in synch with other groups. This is critically important as it helps manage the huge resources going into cloud standards; but it also provides a very visible place for OMG (and OMG members) to take leadership roles in cloud standards. We participate and contribute also in Cloud-Standards.org outreach all over the world, from the US National Defense University to the European Commission.
• Our particular standards focus, as always, is on modeling—specifically, modeling deployment of applications on various cloud infrastructures. I believe that our biggest contribution will be in the area of modeling service-level agreement (since we already have active work in software quality, assurance and other related fields), but I imagine it will be broader than that. There have already been wide-ranging discussions about other deployment-modeling issues, including security management.

In addition, we have held a few events to learn requirements and sharpen our focus on user needs not already represented by other partners in the cloud-standards world; in fact, just last month we held a very successful workshop on cloud standardization.  Starting at the next OMG meeting, in March we’ll be putting in place new leadership for the effort – a major vendor and a major systems integrator have put their names forward for leadership positions.

I’m personally looking forward to these two efforts – energy grid modernization standards and computation grid modernizations (cloud computing) standards – especially as we learn the analogies, similarities and differences between the two. It’s an exciting time to be building networks!

Notice that tree on the right with no leaves? That's right, it's winter here, not summer; it was 33 degrees Celsius in Boston when I left on Sunday, and 10 degrees here. Today it's cloudy and colder, but at least calm and quiet. Flying through Santiago's Arturo Merino Benítez International Airport (SCL) it was nice to see the repairs well underway after the horrendous 27 February 2010 earthquake, 8.9 on the Richter scale. The main terminal is completely usable, clean and efficient, with the construction continuing apace.

Tomorrow I'll give a keynote on software quality standardization, focusing of course on CISQ. This has been the topic of at least a third of my talks in the last few months, with quite a lot of interest being generated worldwide—not only from traditional outsourcing companies, but from other software vendors and quite a few software users and buyers. The reality is, every software development contract (whether internal or across company boundaries) has some sort of acceptance criteria, and it's absolutely high time that all the many different quality criteria come together into an agreed standard that can be used industry-wide to lower costs and increase quality. I've said quite a lot about that before so I won't belabor it.

This trip leads off a number of events over the next few months. On September 13/14, it will be back to summer for the joint OMG/CIT Workshop on Cloud Computing. CIT, the Club de Investigación Tecnológica has been a partner of OMG's in events for 15 years now, and the Club was instrumental in helping us put together and host our 20^th birthday party last year.

It's always good to be back in Costa Rica, and land of contrasts: high technology and jungles, software and beaches. We were lucky and honored to have the then-President of Costa Rica (and Nobel Laureate) Dr. Óscar Arias speak at our 20th birthday party. This time we'll have the newly-elected President Laura Chinchilla open our event; she's an old friend of the OMG, having opened other events for us in Costa Rica in her previous Ministerial roles.

After that it's back to the beginning of Autumn at home, when I will be lucky enough to enjoy an OMG Technical Meeting week in Cambridge, Massachusetts, just 10 km from my home. Hopefully you've already registered as space is going fast and we have several exciting co-located events in store besides the usual standardization efforts: they include the Business Architecture Information Day and seminars and tutorials on Modeling and Middleware, Trusted Software Development and Goal-Driven Business Measurement.

No rest for the weary I'm afraid, however—I will leave midweek to participate in an international energy forum in Monaco. Though not strictly an OMG trip, it's an interest of mine going back many years. From there I will go directly to the annual MDA Forum event in Milan. This annual event always draws a remarkable speaker list (other than yours truly of course), and I'm honored to be participating again.  Last year's event featured a side trip to a quite nice restaurant, Boccondivino my current Milanese favorite, and I've been promised a return trip and will be holding the host to it. Here's a picture of the cheese cart, otherwise known as the seventh course of Boccondivino's eight-course dinner.

The Milan trip will also feature the third workshop of the Software Engineering Methodology and Tools (SEMAT) project that I started last year with Ivar Jacobson and Bertrand Meyer.  From there it's back to Boston for HL7's 24th Annual Plenary and Working Group Meeting, conveniently back in Cambridge, MA followed by a quick trip to Oslo to give a dinner keynote on the first ten years of the Model Driven Architecture. The conference is the MODELS 2010 Conference and I must say I'm particularly excited to go back to Oslo City Hall (the Rådhus) where ten years ago I had the honor to present awards to the creators of SIMULA67 and arguably the object-orientation movement, Kristen Nygaard and Ole Johan Dahl. Here's a memory jog for those that were there—Bill Hoffman and I standing with Kristen Nygaard and the then-mayor of Oslo and host of the reception, Per Ditlev-Simonsen.

The following week I'm off to Washington, DC—as always in Washington there will be plenty of different meetings and activities, including a keynote on Business Process Modeling, Business Rules and related standards at the International Business Rules Forum. I'll be talking about Business Ecology^® of course and announcing the winner of this year's Business Process Modeling awards from the BPM/SOA Community of Practice. I guess that gives me an excuse to share one of my hobbies—aerial photography. Here's an aerial shot of Washington, DC, one of my early ones, from a Bombardier CRJ40 that had just left Washington's Ronald W. Reagan International Airport.

From there it's off to Orlando to visit Mickey Mouse, uh, I mean, participate in this year's Gartner ITxpo. Our partnership with Gartner has grown substantially over the last two years and I'm excited to participate in their mega-event again this year. In fact, later this year I expect to be at their Application Architecture, Development & Integration Summit, where we will present more work from our Business Ecology Communities of Practice and OMG standardization efforts in Cloud Computing. More later on coming trips to Brazil, Dallas, Sydney and Bangalore. In the meantime, one of my recent aerial photos, of the city I call home.

As you may have figured out by now, I travel a lot. While there are downsides, it is so very nice to approach the counter at Boston’s Logan International Airport and have Frank say, “Hello Dr. Soley, where to today? You don’t need to take out your identification.” You might ask yourself why I travel so much. The reason is the amazing breadth and depth of activity at OMG, from standards in dozens of technology and industry areas to communities of practice focused on several different management and technology practices. Rather than talk about my trips in the last two weeks—which included:

• San Antonio, Texas, U.S.A. (a keynote about modeling and enterprise architecture, Business Ecology and the BPM/SOA Community of Practice to a large U.S. Department of Defense crowd);
• San José, Costa Rica (a keynote about how successful use of social media depends on adding to human contact);
• Detroit, Michigan, U.S.A. (to talk to a group of healthcare organizations about integrating their information systems using our healthcare standards and the MDMI protocol translation standard);
• Brussels, Belgium (to talk to several different companies ranging from universities and research institutions, to event management partners in Europe and companies automating financial institutions with modeling solutions);
• Washington, DC, U.S.A. (to help run our Cyber Security Workshop, launching our new Cyber Security Community of Practice, and to visit local members to brief on current activities in the government and military spaces).

…I want to discuss a pet peeve of mine. I love my job, especially the opportunity to talk to such an amazing breadth of people about such an amazing variety of topics. However, it still pains me to hear every now and then that “OMG equals CORBA” or “OMG is just about UML.” So I thought I’d focus on that issue for this entry.

If all you know about OMG is CORBA^® or the Unified Modeling Language™ (UML^®) then you are missing most of the picture. OMG has been a leader in modeling and middleware standards for more than 20 years, but did you know that OMG…

• is also a leading proponent of Business-IT integration standards?
• is active in cloud computing, healthcare, finance, event processing, business process management, service-oriented architecture, government, software assurance, space and many others?
• has several advocacy groups under the Business Ecology® umbrella, covering cyber security, event processing, green business, and BPM/SOA?
• delivers results besides standards, from awards programs to shared best-practices documents like the EA2010 study on enterprise architecture?

Surprised? Huh, guess there’s a lot more to OMG than you thought.

Over the years, IT has made a series of shifts towards a closer relationship with strategic business alignment and has moved up the corporate ladder in terms of leadership and design. While “geek pride” is still going strong, the days of the pocket-protector wearing IT guy huddled in the server room closet, shunning daylight, surrounded by empty pizza boxes and energy drinks are pretty much gone. Business savvy IT departments and IT savvy business people are now working together, focusing on the needs of the enterprise. As IT has entered the mainstream (and as Nick Carr puts it, in most companies, no longer differentiates), alignment has to give way to integration. That is, in fact, the central tenet of Business Ecology. Business processes have to be optimized to find opportunities to innovate, and an IT service organization constantly struggling to align will rarely optimize nor innovate.

OMG has mimicked this trend toward better business-IT integration in all our programs and standards development efforts and continues this course going forward. Today some 85% of OMG standardization activities are focused on some two-dozen industry vertical markets (healthcare, finance, telecommunications, manufacturing, life sciences, government, military command control, etc.) allowing for targeted solutions to real-world integration issues. As new technology areas enter the mainstream, such as cloud computing, OMG members also are working to help define how these systems interact with existing infrastructures.

To further promote the benefits of business-IT integration, OMG launched the Business Ecology^® Initiative (BEI). Business Ecology is a business-technology imperative focused on streamlining business processes, removing waste from technology portfolios, and adjusting resource consumption, to optimize business operations and foster business innovation. OMG has also developed several Communities of Practice to support BEI including BPM/SOA Community of Practice™, Green CIO Community of Practice™ (GCIO™ CoP), Cyber Security Community of Practice ™ and Event Processing Community of Practice™.

These Communities of Practice are comprised of practitioners, service providers and technology vendors, dedicated to promoting the business value, and enabling the successful adoption of specific, key business-technology strategies, by the Global 1000, major government agencies and mid-market businesses. They aren’t focused on standards in the technical sense, but instead are communities of people, agencies and companies driving common standardized means of education, definitions and goals for use by business and IT. Basically these are the folks who have gone through the battles of being early adopters of various management strategies and technology directions and lived to tell the tale. They are willing and eager to share their stories of success, not-so-success and best practices with others.

So what about CORBA and UML, you ask? Has OMG abandoned these standards? Of course not! CORBA and its newer publish-and-subscribe cousin DDS are still widely used, including in air traffic control systems and most mobile phones to name a couple of major application areas. UML, according to the analysts, the most widely-used modeling standard out there, is a living document, with a new effort to enhance the specification currently underway, lead by Steve Cook, Software Architect at Microsoft. UML was only the first of the modeling languages in the OMG modeling constellation, now comprising business modeling (BPMN, SBVR, BMM), rule modeling (SBVR, PRR), systems engineering modeling (SysML), services modeling (SoaML), data warehouse modeling (CWM) and even modeling language modeling (MOF).  With more than 20 years of standards development (and nearly 1,000 completed standards processes) under our belt, we’ve also done a few other things as well.

OMG issues rapidly growing suites of both industry-specific and general standard software specifications. Based on OMG’s flagship Model Driven Architecture^® (MDA^®), these standards implement business functions equivalently and interoperably on virtually all popular middleware platforms (you may have heard of them) including Web Services, XML/SOAP, C#/.Net, Enterprise JavaBeans, and others in addition to OMG’s own CORBA. The Data Distribution Service (DDS), first focused on the needs of military and financial services firms, supports data centric publish-subscribe semantics and is finding its way into many new applications as well. Both middleware standards support real-time & embedded as well as less constrained systems.

Standards like the Model Driven Message Interoperability (MDMI) specification, “middleware for messaging,” are applicable beyond their initial vertical foci, in this case financial services, to other areas such as healthcare, which also have complex messaging requirements. OMG is also working on specifications for the Property & Casualty Insurance industry, Life Sciences, Space, Software Assurance, Robotics, Business Process Management, etc.