Authentication in the cloud + Resourcer updates + OpenSSO

So I’ve been busy thinking about the requirements for Resourcer. One of those is authentication against it. Since the methods that people will be using will be varied, I’m looking for something pretty simple and adaptable. Turns out OAuth might be just the ticket.

As with any software project, the difficulty is in the requirement gathering stage. Making changes at this point in time costs nothing, except well time. But right at the end making changes, not only is that costly but it’s inefficient. And it makes software projects fail. So I’ve been spending a lot of time gathering requirements for Resourcer. One method I recommend is doing mental walkthroughs with paper prototypes. Build your application on paper and use it. If things are missing, odds are they’ll really appear when you start using your paper application. Do note, your mind is used to software. Try giving it to someone completely new to the idea to use. If they can’t get it, your users can’t either.

Another useful idea is to look at competitors. If you have no competitors, you’re probably doing it wrong. In my case, it’s Yammer. However, Yammer is just a clone of Twitter. I mean, apart from security restrictions, what’s the difference? And I’m not saying this as a biased competitor, but just as someone reviewing the features. Where’s the enterprise support? Maybe we’re aiming for different markets, they’re aiming at SMEs and I’m aiming at Enterprise customers. This forces me to think about where data is hosted, SOX compliance, security, importing and exporting users, authentication, etc.

In other exciting news, OpenSSO has been released (well, about a month ago). Deployment’s a lot easier this time around, with just a war file to drop in your application server. I’m looking forward to some improved Policy Agents, especially the ability to remotely configure them.