Note: This is the second post in my Freedom within a Framework series, which is about enabling the coexistence of enterprise and opportunistic applications. You can read the introductory post here.

As I stated in my introductory post, I believe that it is possible to achieve a balance between the need for stability in enterprise applications, and the need for quick and agile innovation in opportunistic applications. They key to this balance lies is in determining where the domain of control for IT can safely transition into a environment of open access to information. This is a “line of demarcation” that allows for a clean separation of certain types of applications. The best way to picture this concept is to imagine a line on an X-axis, with control of technology at the left side, and anarchy at the right. “Command and Control IT” typically lives as close to the left as is possible, while the world of “consumer-driven IT” lives quite far to the right. There are opposed to be sure, but it is possible for IT to reconcile these differences and foster both sides by creating a shared understanding around which classes applications should be enterprise-class and which can and should be treated as opportunistic.

Another way to visualize this concept is with the “Long Tail,” which is depicted in Figure 1 below. The “Long Tail” was a term coined by Chris Anderson in Wired Magazine to describe how the business models of companies like Amazon or Netflix enables them to profitably offer a wider range of goods and services than traditional organizations. The concept (also referred to as a heavy-tail or Pareto distribution) is a well-known statistical occurrence where a high-frequency population (depicted by the region in green below) is followed by a very long low-frequency population that gradually diminishes in area (or “tails off”). In many cases, the long tail portion of the graph, colored in yellow below, can actually represent the majority of the area under the line in the graph, even though the frequency is lower along that portion of the line than it is in the green area.

Figure 1 - The Long Tail

When applied to Amazon and Netflix, this concept is used to illustrate that organizations with powerful distribution channels can make just as much or more selling ten copies each of 10,000 obscure books as they could selling 100,000 copies of one best-selling book. The application to many organizations is just as powerful when information is the product. Assume for a moment that the green portion of the graph represents enterprise-class applications with a large internal user base and the “long tail” or yellow portion represents opportunistic applications with a much smaller number of users. This is depicted in figure 2 below.

Figure 2 - The Long Tail for Applications

In this scenario, the “long tail” theory argues that an organization could serve more users with several hundred opportunistic applications than it does with a small number of enterprise-class applications, but at a much lower cost. Thus, a “long tail” model can enable an information-driven organization to serve its customer base effectively without greatly increasing the cost of software delivery. Such a model does so by enabling the kinds of opportunistic development which most IT organizations would likely never have the bandwidth or justification to pursue because they are applications which are tactical in nature and which may only serve a small number of users.

While a “Long Tail” mindset enables us to create a clear line of demarcation, simply classifying one type of application or information set as enterprise and another as opportunistic isn’t enough. It is entirely possible for IT to pursue this demarcation with good intentions, and then stifle innovation by requiring that all applications, including opportunistic ones, be developed using only one type of platform or programming language. Thus, another key to creating “Freedom within a Framework” is that IT must give up as much control as is possible, while at the same time recognizing the assets and information over which the enterprise should retain control. In my next post, I’ll discuss the concept of an IFaP architecture which, I believe, provides a powerful architecture for enabling open innovation while, at the same time, providing IT with a framework to manage its information assets.

For the past several weeks, we’ve been working on creating a viewpoint of our future-state architecture that enables a greater degree of low-hurdle innovation with technology than we currently enable. The goal is to enable anyone across the globe, inside of the organization or out, to make use of public information we provide to create applications of value, even if that value is only seen by a single individual. Call it Web 2.0; Call it Enterprise 2.0. Call it what you will. We’re calling it either Freedom within a Framework or the Framework for Rapid and Empowering Development (FRED) depending on to whom we’re currently pitching the idea. The latter is our EA marketing savvy at work…

The idea is simple: We want to create an environment when enterprise applications can be created and managed in an enterprise way, and opportunistic applications (i.e. ad-hoc process applications and mashups) can be created freely and with little to no involvement from the IT organization. IT does what it does best, but explicitly steps back from “owning” all information and technology in an organization. From concept to implementation, I believe that one way to foster such an environment is to allow the world of WS-* and the world of REST to co-exist within the enterprise. Rather than an either/or decision, we want enable and encourage both styles for certain types of situations.

The culmination of our work around this idea was a paper published internally at the end of November, along with a demo that provides an example RESTful interface (which depends on our existing SOA) and a couple of applications which consume information presented by those interfaces.

Over the next few weeks, I plan to post excerpts from this paper and some of the meat from the demos. My intent in doing so is twofold:

1) To posit an alternative to the REST vs. WS-* debate. I am certainly not the first to argue for cohabitation of these styles. I only wish to add my voice and provide another perspective.

2) To obtain feedback from Enterprise and SOA Architects who have either already considered, are considering, or have implemented a similar design. I’d love to hear feedback in the coming weeks from anyone wanting to way in on any of the topics below.

I’ll publish the first post tomorrow, and the subsequent ones every couple of days after that. Here are the topics I plan to post about, in order:

• Embracing the Long Tail
• IFaPs: Enabling the Long Tail and Protecting the Enterprise
• REST: The Entry Point for Innovation
• Benefits of a RESTful Interface
• REST and Security
• A Demo RESTful Interface
• Demo Opportunistic Applications

As I add posts, I’ll return to this post and add the hyperlinks.

Looking forward to the discussion!

Last week, Jean-Jacques Dubray published an article on InfoQ regarding Microsoft’s recent announcement of Oslo, a strategy designed to “…take composite applications to the mainstream.” Rather than revolving around a single product, Oslo sets strategic direction for Visual Studio, BizTalk, the .Net Framework, Microsoft System Center and a new product called BizTalk Services. On a side note: Arnon Rotem-Gal-Oz hopes that this final project’s association with BizTalk is more about branding than actual product similarity, a sentiment I share.

After posting this article, Jean-Jacques sent me an email and asked me to share some of my thoughts on Olso for a follow-up article to be published at InfoQ. I sent my thoughts along on Friday, but thought that I would post them here as well.

When we developed a long-term strategy for Composite Applications at my organization, it was obvious that while Microsoft technologies would have a major role to play in many areas of our future-state architecture, there were several vital pieces missing in the Microsoft stack that we would likely need to find elsewhere. I’ve always felt that we weren’t alone in that sentiment, and the Oslo announcement suggests that Microsoft is also well aware of the gaps in their current offerings. While products like Dynamics CRM and MOSS 2007 offer composition scenarios which I regularly point to as examples of end-user and/ or business analyst composition, Microsoft has long been missing the technologies to unify these experiences under a common framework. Though missing in the products themselves, the Composite Applications vision is one that I have seen preached by Microsoft Architects and blogger’s like Mike Walker and others who seem to have a good grasp on the long-term potential of composite applications. The good news about the Oslo announcement is that those individuals are no  longer in the minority. With Oslo, I believe Microsoft has unveiled merely the beginning of a unification strategy that enables composite applications. I believe that this bodes well for clients and non-clients of Microsoft alike.

That being said, There are two reasons why I’m a bit skeptical about the Oslo announcement: For starters, I believe that Microsoft’s stated vision for Composite Applications is too narrow. While the Software + Services and SOA visions are needed, I believe that the end goal of any Composite Applications strategy should be to gradually enable composition up the stack toward the end-user. This is done first by providing a SOA which enables true service and process composition, then by extending those principles to developers of customer applications, business analysts and, ultimately, end users. Oslo speaks well to the former, but the latter is auspiciously missing. I actually don’t believe that such a goal is absent in the halls of Microsoft, but I do believe that it hasn’t permeated across the organization and thus, isn’t given a place in the conversation yet.

The second reason I am hesitant to praise Microsoft for the Oslo vision is because their announcement is related to technologies which are anywhere from 1 year to 3 years or more away from release. Most of the tool updates are two releases away. Microsoft is correct when they say in their press releases that 21st century business is moving faster than IT can deliver, but that statement is true today. Organizations need solutions today, not announcements of solutions coming tomorrow. My organization, for example, cannot wait for a repository to manage models, metadata and services (one of the gaps we knew about in our strategy) when our ability to manage all three is already beyond our control. I honestly believe that Microsoft’s vision for Oslo is a good one, but they are just now announcing plans to provide functionality that most organizations already know they need, which puts them at a disadvantage with those organizations. I can see a day in my company where many of the pieces in the Oslo stack make their way into our architecture, but today we need to keep moving. Of course, the good news is that when SOA and composite applications are done right, vendor lock-in is reduced and organizations can focus on delivering for the business today instead of waiting for the remaining puzzle pieces to fall in place tomorrow.

Back in September, I published a couple of excerpts from an internal paper I wrote on Composite Applications (you can read them here, here and here). At the end of my second post, (which I probably should have broken up into 2-3 posts at least) I discussed the four types of Application Composers. If you missed that section, (which would be proof that I should have broken them up) here’s a recap:

1) Business Service Developers - These are IT developers focused on providing value-added common business services to all customer solutions teams. Their technical depth is high and a CAF targeted at these users would be similar to what is provided by SOA today.

2) Customer Solution Developers - These are IT developers focused on creating customer-centric solutions by leveraging software infrastructure. Their technical depth is moderate to high and a CAF targeted at these users would need to abstract away service creation and assembly.

3) Business Analysts - These are customer consultants focused on helping customers determine which business needs are best met with technology. Their technical depth is moderate and a CAF targeted at these users would draw many features from current BPM platforms.

4) End Users - These are the users of the solutions created by customer solutions teams. Their technical depth is low and a CAF targeted at these users would need to abstract away nearly all of the technical aspects of application creation and should provide very intuitive context- and metadata-driven methods for application assembly and customization.

While these still make sense to me, I think I completely missed number five on this list. It’s a bit of a wildcard, and it may not apply to every organization, but I think it will apply to more and more organization in the coming years. Here it is:

5) External Developers - These are developers who reside outside of one’s own IT organization, but who have development expertise that they wish to leverage to create value-added services that benefit your organization. Their primary interest is in consuming available organizational data and recombining this data with external data or services to create new composites not offered or envisioned by the organization itself.

Now I think that the reason I missed this was because I was thinking internal only when laying out a strategy for Composite Applications in my organization. However, my fearless leader and I have been talking at length about creating a framework by which certain subsets of our information (the right information, of course) could be made available to anyone with the wherewithal to create useful services that we never thought of. Thus, our framework for Composite Applications now has another persona to enable.

So what do you think? Is this a valid addition, or did I have it encompassed in another one of the four? Furthermore, is just one more enough? That fifth category encompasses a ton of people, so do I need another for the technically savvy end user who doesn’t write code, but who screams at creating inventive Yahoo! Pipes applications. I suspect that #4 could represent this individual with a slight modification, but what do you think?

For the past couple of weeks, I have been doing an in-depth look at various mobile communication technologies (SMS, EMS, MMS, etc.) for the purposes of incorporating these technologies into our existing strategies. While the scenarios vary, most of the use-cases driving us to SMS et al. revolve around information delivery in areas where Internet connectivity is problematic, yet cell phones abound. It sounds counter-intuitive maybe, but in many regions (like Africa for example), it’s far easier to put up a cell tower than it is to lay cable of any kind. Thus, mobile technology can be found in many places where land lines and Internet access cannot.

Being the agenda-pusher that I am, I can’t pass up an opportunity to integrate this technology study with work I have already done and am doing. Since my biggest interest right now is in the Composite Applications space, I wanted to use one of the demos in this study to prove out (to some degree) the composition argument I have been making both in this blog and internally. Thus, I created a demo scenario for this study that sends a 1-way, application-originated SMS Text Message through an SMS Gateway (Clickatell in this case) to a mobile subscriber when a particular field on a list in MOSS is changed. Now, this scenario isn’t rocket science, nor is it earth-shattering. What it is, however, is me taking my own medicine. If I’m going to preach the Composite Applications gospel, I’d better try it on for size myself. Here’s how I implemented the scenario:

I started by creating a stand-alone custom activity in Windows Workflow Foundation. The code, with some key details removed, is included below. Note: In order use this yourself, you’ll need access to an SMS Gateway (like Clickatell, which is used here) and access to their HTTP API, if they have one. Not the only way to send a text message, I know, but SS7 Gateways can provide guaranteed message delivery to the subscriber.

using System;
using System.ComponentModel;
using System.IO;
using System.Net;
using System.Text;
using System.Workflow.ComponentModel;
using System.Workflow.ComponentModel.Design;

namespace MyCompany.Workflow.Messaging.Activities
{
    public class SendSMSActivity : Activity
    {
        public static DependencyProperty NumberProperty =
            DependencyProperty.Register(“Number”, typeof(System.String),
            typeof(SendSMSActivity));
        public static DependencyProperty MessageProperty =
            DependencyProperty.Register(“Message”, typeof(System.String),
            typeof(SendSMSActivity));

        [DesignerSerializationVisibilityAttribute
            (DesignerSerializationVisibility.Visible)]
        [BrowsableAttribute(true)]
        [DescriptionAttribute("Destination number of SMS message")]
        [CategoryAttribute("SendSMSActivity Number Property")]
        public string Number
        {
            get
            {
                return ((string)(base.GetValue(SendSMSActivity.NumberProperty)));
            }
            set
            {
                base.SetValue(SendSMSActivity.NumberProperty, value);
            }
        }

        [DesignerSerializationVisibilityAttribute
            (DesignerSerializationVisibility.Visible)]
        [BrowsableAttribute(true)]
        [DescriptionAttribute("Text of SMS message")]
        [CategoryAttribute("SendSMSActivity Message Property")]
        public string Message
        {
            get
            {
                return ((string)(base.GetValue(SendSMSActivity.MessageProperty)));
            }
            set
            {
                base.SetValue(SendSMSActivity.MessageProperty, value);
            }
        }

        protected override ActivityExecutionStatus
            Execute(ActivityExecutionContext context)
        {
            string response;

            try
            {
                // Send the SMS Message
                response = SendSMS(Number, Message);
            }
            catch (Exception e)
            {
                response = e.Message;
            }

            // Raise the PageFinished event back to the host
            messageSentEvent(null, new MessageSentEventArgs(response));

            // Notify the runtime that the activity has finished
            return ActivityExecutionStatus.Closed;
        }

        public delegate void MessageSentEventHandler(object sender,
            MessageSentEventArgs e);

        private event MessageSentEventHandler messageSentEvent;
        public event MessageSentEventHandler MessageSent
        {
            add
            {
                messageSentEvent += value;
            }
            remove
            {
                messageSentEvent -= value;
            }
        }

        public string SendSMS(string number, string text)
        {
            WebClient apiRequest = new WebClient();
            apiRequest.Credentials = CredentialCache.DefaultCredentials;

            //Add a user agent header in case the requested URI contains a query
            apiRequest.Headers.Add(“user-agent”,
            “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 2.0.50727;)”);

            //Add the SMS details to the apiRequest object
            apiRequest.QueryString.Add(“user”, “xxxxx”);
            apiRequest.QueryString.Add(“password”, “xxxxx”);
            apiRequest.QueryString.Add(“api_id”, “xxxxx”);
            apiRequest.QueryString.Add(“to”, number);
            apiRequest.QueryString.Add(“text”, text);

            string baseURI = “http://api.clickatell.com/http/sendmsg”;

            Stream responseStream = apiRequest.OpenRead(baseURI);
            StreamReader reader = new StreamReader(responseStream);
            string responseCode = reader.ReadToEnd();

            //Clean up in-memory objects
            reader.Close();
            responseStream.Close();

            return (responseCode);
        }
    }

    public class MessageSentEventArgs
    {
        private string response;
        public string Response
        {
            get { return response; }
        }

        public MessageSentEventArgs(string response)
        {
            this.response = response;
        }
    }
}

Like I said, nothing earth-shattering. However (and I won’t go into the details of WF here as there are plenty of good resources that do that) the end-result is a stand-alone Workflow Foundation Activity which encapsulates the business logic for distributing an SMS Text Message via our Gateway provider and which can be hosted in any application that provides the WF runtime. This Activity can easily be dropped into a container Sequential or State-Machine Workflow project (as I did when testing this activity on my machine), or it can be deployed to MOSS as a stand-alone activity which can be included in a Workflow built using SharePoint Designer. Two scenarios with different composers, both using the same asset. That’s the vision of Composite Applications. (As an aside, with the recent Oslo announcement, I imagine that we’re not far from a day where that same activity could be also be reused in BizTalk and Microsoft CRM, among others).

So what do those scenarios look like? For the developer adding a custom activity to a WF Workflow, it’s a simple matter of dragging the activity from the Toolbox to the designer, then binding to the DependencyProperties (Number and Message in this case) and creating an event-handler to receive the event raised by the activity (in this case, sendSMSActivity_MessageSent). See the image below for an example:

For an individual slinging SharePoint Designer, the experience is different, but also quite powerful. However, The first step I must take as an activity developer is to deploy said activity to the MOSS server. This requires deploying the Activity assembly to the GAC on the MOSS server, adding said assembly as a safe control in the web.config file, and adding the Activity to the WSS.actions file (or a new .actions file in the same directory, which is probably a better idea), which SharePoint designer uses to load up the list of available workflow actions. All of this can be done via a feature in SharePoint (I know that the first two can and I think that the last can, so feel free to comment if I am incorrect). Here is the code for the WSS.ACTIONS file (Added in the <Actions> section):

<Action Name=“Send an SMS Text Message”
  ClassName=“MyCompany.Workflow.Messaging.Activities.SendSMSActivity”
  Assembly=“MyCompany.Workflow.Messaging.Activities, Version=1.0.0.0,
    Culture=neutral, PublicKeyToken=fe2315b70tbc147c”
  AppliesTo=“all”
  Category=“Messaging Actions“>
  <RuleDesigner Sentence=“Send %1 to number %2“>
    <FieldBind Field=“Message“ Text=“this message“ DesignerType=“TextBox“ Id=“1“/>
    <FieldBind Field=“Number“ Text=“this number“ DesignerType=“TextBox“ Id=“2“/>
  </RuleDesigner>
  <Parameters>
    <Parameter Name=“Number“ Type=“System.String, mscorlib“ Direction=“In“ />
    <Parameter Name=“Message“ Type=“System.String, mscorlib“ Direction=“In“ />
  </Parameters>
</Action>

Once that entry has been added, the activity is ready to be included in an SP Designer workflow. In this example, I bound the workflow to a custom list created in a demo site, set a condition to check the value of a key field, then added the “Send SMS Message” activity and configured its inputs. In this case, the message is constructed from existing information in the list and the destination number is determined by looking up the mobile phone of a user in another list. An image of the Workflow Designer Wizard in SP Designer can be seen below:

If the workflow validates, we’re in business and the activity will run each time a list item is added or updated and the field in question isn’t blank. Here is the Workflows application page, as seen from MOSS itself:

In addition, that activity is now available to include in any workflow where sending an SMS notification is a requirement. You be the judge if this is a blessing or a curse… In either case my hope is that this post illustrates the power of composition. And MOSS is just an example in this case, not the end-all for composition by any means. What important in any composition scenario is a platform and technologies that provide the ability to create reusable assets and then reuse those assets across tiers and containers.