72
IBM COURSE BOOK IT APPLICATION AND OPEN STANDARD
| Date post: | 08-Sep-2015 |
| Category: |
Documents |
| Upload: | bansal-shivansh |
| View: | 25 times |
| Download: | 3 times |
IBM COURSE BOOK
IT APPLICATION AND OPEN STANDARD
Module 1: Introduction
Introduction
The increasing use of computers in the last few decades has seen the ascendance of information technology to a
position of prevalence in human affairs. In our homes & offices today we have more computers than there are
people who live & work. In this semester we shall look into how & what software contributed to this growth and as
well its relationship to Open Standards.
We have already understood Open Standard and Open Source in the previous semester. To recap, open
standards promote..
Interoperability
Prevents vendor lock-in
Flexibility
Collaborative innovation
Lower cost
Freedom of action
Also, we have understood that going forward Open Source software is there to exist for long time, to promote..
Lower Cost of Ownership
Quality
Innovative reuse
Technical competence
In this context, we have to remember that sharing of software for enhancements & reuse is not new, but it has
been there from the days of sharing printed copies of programs along with the hardware. In the 1960s IBM
distributed the source code of mainframe operating system, Airline Control Program (ACP). All the software
available was usually supplied by IBM without additional charge.
One more thing to remember is the start of software industry when hardware manufacturers unbundled software
and services from hardware sales and end users had to pay for the software, which in turn brought in third partys
to develop software that works on a given piece of hardware.
In this semester, particularly we will discuss about programs (software) that make use of OS capabilities and
instruct the computer, how to produce information.
Programs are the software. Software can be written in numerous programming languages. A programming
language is used to express the instructions which tell the computer what to do in response to a certain action.
Software could be broadly divided into 3 sections:
Operating systems (OS). Communicates with the hardware. Acts as basis on which other software runs.
The means by which other programs and the user interact. E.g DOS, Linux, Windows, UNIX and Macintosh.
Languages. To write the software e.g.C, Smalltalk, C++, Java, JavaScript
Applications. Enables the user to carry out various activities e.g. Word, Photoshop,
Understanding Information Technology
What is Information Technology (IT) ??
As defined in Information Technology Association of America (ITAA) IT is study, design, development,
implementation, support or management of computer based information system particularly softwares
applications & computer hardware.
It deals with treatment of information, and is one of the corner stones of our economy while forging a computer
based society. (Others are Land, Labour, & Capital)
The term IT in its modern sense first appeared in a 1958 article published in the Harvard Business Review, in
which authors Leavitt and Whisler commented that "the new technology does not yet have a single established
name. We shall call it information technology (IT)."
Information technology (IT) has proven to be a key enabler of socioeconomic progress and development,
enhancing productivity and therefore economic growth, reducing poverty and improving living standards in many
ways. IT is increasingly revolutionizing production processes, access to markets, and information sources
together with social interactions. IT also has an impact on government efficiency, fostering transparency and
better communication and services with and to citizens.
Information technology (IT) is a defining force affecting all areas of society well into the next century, changing
every institution, every business, and every individual in profound ways. Technology itself has changed
dramatically in the past 15-20 years. Anticipate even more rapid change in the future, changes that impact
organizations and society.
Within a short span of time we have seen better algorithms, many fold increase in computing power and hence
more mobility of information.
Shifts in computing paradigm,..
For some, computing today is radically different from early experiences. In fact, we have seen three major waves
of computing host-centric, client/server and network-centric.
Host-centric, or "tops-down" computing, dominated the environment for the past twenty years. The focus was on
the physical enterprise, with a specific behavior pattern:
Buy a computer system;
Write applications;
Define the reports needed;
Develop fixed screens to display the results;
Operate over a private, wire network.
We still see host-centric computing among administrative applications in some of the institutions and businesses;
operate their institutional research or registration offices with a specific computer, using applications written in-
house. Creation of reports is fixed by the application, a new program must be written to generate a new report.
Today a distributed client/server model is prevalent. The focus is the distributed enterprise with a different
behaviour pattern:
Buy individual "client" units;
Purchase applications;
Use windowing to view information;
Operate over private wire local area networks or mixed private and public switched networks.
The client/server architecture has enabled organizations to do a great deal of "mixing and matching" to suit
individual needs. An example of this pattern is in purchasing client machines. People are buying CPUs separate
from memory. Specific hard drive sizes are ordered. Memory modules may be different. Connectivity is a mix.
Customization is the rule rather than the exception. Applications are no longer written in-house; they are
purchased. Information is viewed through a windowing system, whether Windows, OS/2, Mac operating system,
or something else. Users tile their windows to view what they need.
The next step is network-centric computing. The behaviour pattern changes again:
multi-source hardware platforms;
subscriptions for software rather than purchase;
human-centred, multi-form factors;
public switched infrastructure, both wired and wireless.
Hardware comes from many sources. The network contains your applications as well as the data. The network is,
in fact, your application. Software need no longer be purchased and installed on your computer. When you
connect to the network, you access the latest version of the software for which you have a subscription.
The networks technical characteristics will be of little concern to its users. Its presence will be assumed. The
vendors and the technologies that enable service will be in the background. It will not matter what the topology is,
where the server is located, or whether the connection is facilitated by wire or wireless technology. From your
computer, you will have access to the resources you want and need.
In spite of its importance, the network is "dumb": It is unaware of individual computing needs and preferences. It
is merely a transport vehicle. Yet, one individuals computing needs are different than another persons. The
"personalization" of your computing interface will reside in the software.
Advances in computing technologies, such as high-resolution displays, 3-D graphics and animation, handwriting
and speech input, and natural language understanding will be used to improve the end-user interface, to facilitate
personal interaction and customization with computers. This will enable new interaction models, including:
Intuitive, task-tailored interfaces;
Virtual reality environments;
Mobile, Hands-free, and Eyes-free use;
Intelligent agents that will isolate users from the details of the infrastructure but will carry out tasks tailored by
the user;
and Easier searching techniques.
Personal computers are in the phase of general purpose use today. PCs are used for many purposes: word
processing, electronic communications, spread sheets, graphics, multimedia, etc. The PC is highly adaptable
because of the range of applications used to tailor its functionality.
Yet to obtain this functionality, users are required to purchase specific software packages as well as upgrade
hardware and operating systems, and keep up with new versions of the applications. Over the next few years, the
PC will move into another phase of evolution, that of being an "appliance."
The "appliance" phase is characterized by a "thin-client, fat-server" model. In this scenario, code does not
permanently reside on the client, it resides on a server. When the user needs an application, it is accessed
through the network and executed on the client machine.
Application Software
application-noun
1. the act of putting to a special use or purpose: the application of common sense to a problem.
2. the special use or purpose to which something is put: a technology having numerous applications never
thought of by its inventors.
3. the quality of being usable for a particular purpose or in a special way; relevance: This has no application
to the case.
Application software is a subclass of computer software that employs the capabilities of a computer directly and
thoroughly to a task that the user wishes to perform.
This should be contrasted with system software which is involved in integrating a computer's various capabilities,
but typically does not directly apply them in the performance of tasks that benefit the user.
In this context the term application refers to both the application software and its implementation. A simple, but
may not be perfect analogy in the world of hardware would be the relationship of an electric light bulb (an
application) to an electric power generation plant (a system).
The power plant merely generates electricity, not itself of any real use until harnessed to an application like the
electric light that performs a service that benefits the user. Typical examples of software applications are word
processors, spread sheets, and media players. Multiple applications bundled together as a package are
sometimes referred to as an application suite. Some might bundle together a word processor, a spreadsheet, and
several other discrete applications.
The separate applications in a suite usually have a user interface that has some commonality making it easier for
the user to learn and use each application. And often they may have some capability to interact with each other in
ways beneficial to the user.
For example, a spreadsheet might be able to be embedded in a word processor document even though it had
been created in the separate spreadsheet application. User-written software tailors systems to meet the user's
specific needs.
User-written software includes spreadsheet templates, word processor macros, scientific simulations, graphics
and animation scripts.
Even email filters are a kind of user software. Users create this software themselves and often overlook how
important it is.
In some types of embedded systems, the application software and the operating system software may be
indistinguishable to the user, as in the case of software used to control a VCR, DVD player or Microwave Oven.
List of common applications
1. Word processing
o Microsoft Word
o Lotus Word Pro
2. Spreadsheets
o Microsoft Excel
o Lotus 123
3. Databases
o Microsoft Access
o Lotus Approach
4. Presentation
o Microsoft PowerPoint
5. Accounts / Payroll
o Sage
6. Web browsing
o Microsoft Internet Explorer
o Mozilla Firefox
7. Web authoring
o Microsoft FrontPage
8. CAD & CAM
o AutoCAD
9. System Management
I. HP Open View
II. IBM System Director
Side Bar
PARC developed concepts with the potential for office use by non experts. PARC took Doug Engelbart's work at
Stanford as a basis for the development of graphical user interfaces (GUI). PARC developed this to the point of
production, along with a pointing device (mouse), bitmapping of images, page editors and WYSIWYG (What You
See Is What You Get) computing. It also produced OOP (Object-oriented programming) by writing a new
programming language, Smalltalk.
PARC CSL (Palo Alto Research Center - Computer Science Laboratory) invented the first high speed networks,
laser printers and with the Xerox Alto, the first computer with a GUI. This machine had a B&W bitmapped screen,
mouse and hard disk data storage. However, the machine was not placed into production. At the time of its
creation in 1973 it would have required a price tag of $25000 in order for Xerox to make money.
There was no "killer app" written for it.
Transforming Data into Information
Example 1:
Here is a form for student data.
Say, after clicking on submit button we get the following data.
Student Data
First name: Rohit
Second name: kk
Number of courses studied in 2004: 3
Previous courses: Y343 X444 Z555
Number of credits studied in 2004: 60
Reasons for study are: For professional development
Here is another form
Think, after clicking on submit button you get this:
Information about Rohit kk
Rohit is a continuing student at UPES
In the case of first form we entered the data, data collected and when we pressed the submit button the data is
stored & operated" upon by a program; program could be a Java Script embedded in a webpage. The output
simply reflected the values we entered.
With second form, the data was operated in such a way to display some information about a student, whether
he/she is a new student at UPES. Bottom of Form
Here the program that is the JavaScript is called the application software or IT application.
Example 2:
Another example we can look at is the smart card system where application software and hardware components
require interoperability.
In todays world, all of us probably use a credit card-sized plastic card for one reason or another almost daily.
Among these are credit cards, debit cards or automatic teller machine (ATM) cards, in mass transit, for
identification, not to mention cards to access buildings or specific rooms.
A smart card, typically a type of chip card, is a plastic card that contains an embedded computer chipeither a
memory or microprocessor typethat stores and transacts data. This data is usually associated with either value,
information, or both and is stored and processed within the card's chip. The card data is transacted via a reader
that is part of a computing system. Systems that are enhanced with smart cards are in use today throughout
several key applications, including healthcare, banking, entertainment, and transportation. All applications can
benefit from the added features and security that smart cards provide.
The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to
the microprocessor. The microprocessor enforces access to the data on the card. If the host computer can read
and write the smart card's random access memory (RAM), it would be no different than a diskette.
Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM,
and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources
like a card reader. The processor uses a limited instruction set for applications such as cryptography.
So we need applications to transform the data residing on smart cards for appropriate usage like,
Security solutions for electronic banking platform using 3DES and PKI cryptography, ensuring secured
financial transactions.
Security solutions for mobile payments using SIM/WIM cards.
Campus card solutions used to store and manage identification, access control, attendance monitoring,
marks card and e-cash based payment information.
Security solutions using smart card as a copy protection device for software. Solutions for distributors and
retailers of consumer goods.
Solutions for vehicle dealers to keep track of all services and repairs done for a vehicle, along with loyalty
points accrued
Readers and terminals operate with smart cards to obtain information that is contained in the card and perform a
transaction.
Generally, a reader interfaces with a PC for the majority of its processing requirements. A terminal is a self-
contained processing device. Both readers and terminals read and write to smart cards.
A separate and distinct software application is required, that interacts with the data and service from the card.
The data is processed in varying environments where interoperability of application software as well as hardware
components is a must; otherwise data will get blocked in the network and becomes useless.
In the upcoming chapters we will see how IT Applications are made interoperable in different industry verticals by
adhering to open standards and also how open standards are governed by standard setting organisation.
Disclaimer
The contents of this report reflect the views of the author and do not necessarily reflect the official views or policy
of the International Business Machines Corporation in the United States and/or other countries. This report does
not constitute a standard, specification or regulation.
IBM is a registered trademark of International Business Machines Corporation in the United States and/or other
countries.
Other company, product, and service names may be trademarks or service marks of others.
Microsoft is a registered trademark of Microsoft Corporation
Module 2: Governance of Open Standards
Introduction to Governance
What is IT Governance?
Governance is the set of organizational regulations and standards exercised by management to provide strategic
direction and ensure that objectives are achieved, risks are managed appropriately, and resources are used
responsibly --Department of Justice
Simply to say, its a defining structure around how organizations align IT strategy with business strategy, ensuring
that companies stay on track to achieve their strategies and goals, and implementing good ways to measure ITs
performance. It makes sure that all stakeholders interests are taken into account and that processes provide
measurable results.
An IT governance framework should answer some key questions, such as how the IT department is functioning
overall, what key metrics management needs and what return IT is giving back to the business from the
investment its making
For example, if something is free, it doesnt mean that it has no cost. Companies must have a policy for
procuring Open Source Software, choosing which applications will be supported by Open Source Software, and
isolating the intellectual property risk or supportability risk related to using Open Source Software. When the
policy is in place, then there must be a governance process to enforce it.
Open Source Governance
Open source governance is the way an organization controls the use of Open Source Software within their
products and services, supply chains and business management activities, and the associated business and
legal processes. This system of management is used to ensure compliance, and is a closed-loop process that
monitors the state of a system and reports if its meeting its goals.
Open source governance is part of the broader category of IT governance which, according to the IT Governance
Institute, helps ensure that IT supports business goals, maximizes business investment in IT, and appropriately
manages IT-related risks and opportunities.
For most IT organizations, the acquisition of open source software, external code that is acquired and integrated
with internal and other code, has been mostly uncontrolled. Developers enjoy the freedom and creativity of
searching the abundance of open source code available on the Internet and using it without a formal acquisition
process. But as organizations increasingly rely on external code and open source has grown into a more
substantive portion of deployed code, the need for management has grown.
Need for Open Source Governance & its importance
"Planning complex IT projects involves an array of political, organizational, legal, technical, cultural, and
personnel issues best dealt with by a team charged with the responsibility for the successful outcome of those
projects -- National Archives & Records Administration
As the use of open source software has grown and matured, the need for open source governance has become
an integral part of typical IT development.
There are many frameworks and regulations related to IT, and hence open source governance. COBIT (control
objectives for information and related technologies) is one of the well know IT frameworks from ISACA
(Information Systems Audit and Control Association). One more framework is ITIL (IT Infrastructure Library),
developed on behalf of the British government for best practices with IT service management. Both are useful in
designing, planning and implementing open source governance.
Today it may be difficult to find an enterprise that does not use open source software. Open source acceptance
and adoption is widespread across many industries, including commercial software development, and it is
expanding rapidly. Such a broad adoption is clear, since enterprises want to save money, and want to enjoy the
savings while leveraging high quality and flexibility in their IT infrastructure.
Worldwide peer review and open access to source code are seen as major contributors to meeting these
objectives. Analysts predict that, over the next few years, the majority of Global 2000 organizations will have
formal open source acquisition and management strategies. To many, the free availability of open source
software would seem like a jackpot. Because the code is available at no cost, developers can select software on
an individual basis. Also, the ease with which open source software can be picked up and integrated into
products is a big factor in its extensive use. But this free and easy world of open source software can rapidly
lead to turmoil and an unsustainable situation from both technical as well as legal perspectives. Hence, proper
open source software governance is becoming vital to ensure long-term feasibility of open source projects across
the enterprise.
Why open standards?
Open standards are the subject of much discussion, but:
why are they important?
what constitutes an open standard?
how can the transition be made to use in practice?
how open standards are governed ?
The importance of standards
For organizations, having the means to exchange information efficiently with other organizations is becoming
increasingly important. We can refer to this as interoperability, the ability of organizations to Cooperate, in
particular by means of electronic information interchange.
In order for interoperability to be achieved, agreements are needed, agreements about the content of the
exchanged information, its meaning and the techniques to be used. In some cases, these are specific
agreements between two organizations, but more frequently an agreement will apply to a whole industry or a
specific general application. In the latter case, the agreement is a standard.
A standard:
1. is a document, electronic or otherwise, which sets the specifications/ criteria for a product, service or
method
2. is created in an organization, consortium or through a recognized standardization organization such as ISO
or BIS
3. is generally a process upon which the standard is developed and managed.
In the context of IT, standards are very important in connecting diverse organizations and their systems with each
other:
When all the organizations work according to the same standard, this has an important network-effect, since
a single standard enables communication with a larger group of organizations. As an outcome, the overall
value of the network increases considerably.
This leads to economies of scale for developers and innovative applications for users. By using standards,
the developers have direct access to a huge user base, which in turn, decreases the costs for users.
The internet is indeed the most common example. Because there exists standards for web pages and information
interchange through internet Protocols, millions of users worldwide are able to communicate and exchange
information with one another without any blockades.
What are open standards?
The use of standards can also lead to adverse effects. For example, if a user uses a supplier-specific standard,
they run the risk of becoming dependent on that particular vendor, which will eventually make switching to
another vendor difficult, or decrease the number of users with whom they can interchange information. Standards
of this kind are also referred to as closed standards.
While open standards are not affected by these problems,
The standard must be adopted and maintained by a not-for-profit organization. Additionally, it must be
constantly developed on the basis of open decision making available to all interested parties by consensus or
majority decision.
The standard must be published and the standard specification document must be available free of charge or
at a nominal fee. Copying, distributionand use of the specifications must be permitted free of charge or at a
nominal fee to all parties.
The IP rights and patents on the standards or parts thereof, must be granted permanently and free of charge
There should not be any restrictions with respect to reuse of the standard.
Subsequently, open standards have lot of inherent benefits:
There are no restrictions on the standards implementation in new systems, as the specifications are freely
available and may be used without restriction. But, in case of closed standard, the user is dependent on the
owner of the standard when it comes to making the specifications available and permitting reuse in systems
belonging to third parties.
Although occasionally extra initial implementation costs need to be incurred due to the learning curve. When
compared with existing closed standards, the usage costs for an open standard are low, since there are no
royalties or license fees.
There is lot of opportunity for innovation and improvements, as everybody involved can propose changes to
the standard. These proposed changes are examined in an transparent way and, after approval, are made
available to everyone. Since there are less obstacles concerning use of the standard, it can be adopted more
easily in a large number of organizations. This creates a robust network between organizations that are able
to exchange information.
As a consequence, a level playing field will be created for everyone who wants to use the standard, preventing
any undesired dependency on suppliers (lock-in), and encouraging innovation.
Governance of Open Standards
Standards and standard setting are universal mechanisms of international governance. States and private
entities create standards across a wide range of environments to promote their collective welfare by coordinating
and limiting individual behavior. However, international standards play very different roles in different
circumstances.
The dictionary meaning of standard is something that is established by authority, custom, or general consent as
a model or example to be followed (Websters). This definition implies more specific meanings, like an
authoritative rule for the measure of quantity, weight, extent, value, or quality, but there is no clarity on technical
behavior.
Here we want to understand the ways in which open standards are created and used. Certainly, very diverse
institutional processes are involved in creating, administering and enforcing standards for areas as disparate as
software, hardware, mobile phones, pollution and employment practices.
A broad definition of governance could be, The formal and informal bundles of rules, roles and relationships that
define and regulate the social practices of state and non-state actors in international affairs. The standards and
the institutions which create them, administer and enforce are part of governance.
Many international standards emerge and operate within wholly private, market-based governance systems.
Other standard setting processes involve formal institutions rather than market forces, but are still coordinated by
private actors. Still in many cases, governments ratify and enforce privately created standards and in some
scenarios, governments play a central role in setting and maintaining standards. This shows complex flavors of
private and public governance. These different ways of governance arises because of the interactions of states,
enterprises and other international actors seeking to resolve diverse international issues.
Standards and Externalities
Externalities are dealt with standards by actors. An externality occurs whenever one actors conduct affects the
well-being of another. Familiar examples could be a manufacturing firm that dumps pollutants in a river,
decreasing water quality downstream, or factory smoke that fouls residential air that affects others. A
technological externality may be a situation where the production function of one firm is favorably or unfavorably
affected by the production function of other firms.
In network externality situations, standards are typically produced by the (often private) actors who benefit from
interconnectivity (Zacher 1996). Particularly, product standards are formulated by the companies that produce the
relevant products and to some extent with contribution by firms that use them. This holds good for products
extending from industrial fasteners to telecommunications switches, software, and for services, such as internet
communications.
Governance processes
Two types of governance processes are prevalent in generation of standards.
The first is dispersed and market-based, where individual firms create their own standards, by
including/expressing them in their products, and sometimes by publishing specifications, where other firms
respond by adopting those standards, modifying them or creating competing standards. This typically leads to
coordination on a single standard or a few competing standards. However the process often remains dynamic, for
example, we know about the proprietary Windows standard, which appeared to have captured the computer
operating system market, but a rejuvenated Apple and Linux (Open standards) have injected new uncertainty.
In the second process, formal organizations are involved, exclusively private and mixed public & private, where
firms develop common standards for products and services. The best example is the International Organization
for Standardization (whose very acronym is standardized in all languages as ISO). ISO is made up of standard
setting organizations from over 100 member countries and it is most representative. A majority of these are either
government agencies or publicly chartered bodies, but private organizations form the mainstay of ISO.
For example, US representative is the American National Standards Institute (ANSI), a private federation of
standard setting organizations. ISO promulgates voluntary standards on thousands of products and services;
these are widely observed because of the need for market coordination. Similar organizations, such as the
European Committee for Standardization (CEN) and Bureau of Indian standards (BIS) operate regionally.
Normally market standard setting favors large, influential producers. Since, those firms who own key technologies
like the Windows operating system, because market strategies maximize their control. Also, the market approach
favors those firms that are innovative, as it eliminates the need to obtain institutional approval for new
technologies. On the other hand, the institutional approach benefits weak players, like firms that are small or lack
in innovation.
The difference between public and private standard setting can be hazy. Since, private producers often dominate
public standard setting organizations.
On the other hand, private standards organizations mimic public bodies in their structures and procedures,
apparently to increase institutional legitimacy. ISO, for example, prescribes the representative character of
national delegations, and its rule-making procedures combine expert committees with plenary approval
processes. Like many standards organizations, ISO operates almost exclusively by consensus; other bodies
utilize majority or super-majority voting rules.
Governments support and utilize private standard setting in many ways. As regulators, they incorporate private
standards into building codes, telecommunication protocols and other rules as a low-cost way of ensuring
interconnectivity. As consumers, governments incorporate private product standards into procurement
specifications. As promoters of efficient international markets, they support transnational private standard setting.
For example, the EU has relied on CEN standards in its program of internal market harmonization. The EU also
helped create the producer-dominated European Telecommunications Standards Institute (ETSI) to facilitate
harmonization on digital mobile telecom standards.
Private enterprises and governments as well, prefer private standard setting in network externality settings for
numerous reasons. The main advantage private actors have is better information regarding production
processes, the effects and costs of particular standards, etc. Public bodies can normally have this information
only by involving industry representatives. Another advantage is flexibility, when technology is dynamic. Private
producers continuously monitor technological and market trends since they have every incentive to modify
product standards rapidly in response to change. Also private firms are less hindered by political and procedural
constraints. Finally, private producers are best able to ensure that agreed standards are implemented.
Sometimes public and private actors both find exclusive private governance inappropriate and seek public
intervention, typically to redress institutional problems.
Sometimes, private actors may be unable to create connectivity and interoperability standards because of
conflicting interests, concerns of secrecy or negotiating problems. This type of failure in coordination retards
innovation if firms are unwilling to introduce new products without a prevailing standard. Instead, private
producers and their governments might be locked into their own technologies that they cling to multiple
standards, limiting network economies. At such conditions, intervention by an international private or public
organization may ease the deadlock and promote coordination among contending groups.
Secondly, when there exist irregularities within an industry, private standard setting may lead to inferior
outcomes. The biggest problem is the dominance of a private monopoly based on a proprietary standard. Case
against Microsoft by the US Justice Departments case is well known. Big players and first movers benefit when
standards are set through market actions or competing private standards organizations.
The choice among governance types
We have seen that no single form of governance can handle all problems effectively, neither no single blend of
governance forms is best for all situations. The best combination will vary with each issue that needs to be
addressed.
Private governance is effective when network externalities create a need for uniform technology or transaction
standards. Since private actors are best positioned to develop and adapt such standards over time and, if
standards are open, the network structure works for all. Nonconformities to the pure network externality may
necessitate public intervention.
For example, powerful actors may control standard setting, with undesirable effects. In such situations it is
necessary to strengthen the position of less developed countries bargaining with multinational firms under
privately-created standards. Public monitoring may be needed to safeguard broader representation when
standards have significances beyond the immediate network.
Choosing levels of governance
National, regional or global level governance, which is best?
The answer could be found by looking into the European Union principle of subsidiarity. In current context,
standards should be set and implemented at the lowest level, able to address them effectively, mainly because of
concerns for representativeness. But the subsidiarity principle finds that action at higher levels is often applicable,
depending on the scope or outcome of the problem or the proposed action. Further that subsidiarity should be
interpreted broadly to focus on governance, including private governance and to recognize that effective
governance may require the involvement of multiple levels.
International governance can discipline national governance, without replacing it, by applying rules and
procedures that serve as checks against the capture of national decision-making by narrow or provincial
interests. International forums could provide an opportunity to scrutinize national policies in a setting insulated
from national politics, and often governed by rules or norms.
Mixture of international and national governance will be the optimal choice. National institutions have better local
knowledge and usually better capacities for combining preferences. International governance institutions bring
together transnational expertise and interests, and can force states to face their policy externalities. Each can
serve as a check on the other, safeguarding that neither private nor national interests improperly frustrate public
and global purposes.
International governance, even as a supplement to national governance is not an easy choice since the
underlying issues are often highly distributive and contentious. But standards are one of the important ways by
which we organize our society, and that society increasingly transcends national boundaries. Some role for
international governance is both inevitable and desirable. That role, however, is best filled by careful
combinations of actors and institutions, public and private, national, regional and international, depending on the
problem at hand.
The below figure illustrates the types of standard organizations in relation to adoption of standards, their influence
& process speed and complexity of technologies handled.
Characteristics of different standard setting organizations:
Governance Structure of ISO
The three primary governance groups of ISO are:
The ISO General Assembly, which is the annual meeting of all ISO members, and its agenda typically,
includes actions relating to the review of the ISO annual report, approval of ISOs multi-year strategic plan,
and ISOs finances.
The ISO Council, which meets twice a year and is responsible for the development of ISOs multi-year
strategic plan, the development of the ISO annual budget, ISOs relations with other external organizations,
and other political/strategic decisions and the general operations of ISO. The ISO Council consists of the
principal officers of ISO and eighteen elected member bodies, including ANSI for the USA. ANSI is one of five
permanent members to the ISO Council.
The ISO Technical Management Board (ISO/TMB), which meets three times each year and reports to and
advises the ISO Council on all matters concerning the organization, coordination, strategic planning, and
programming of the technical work of ISO. The ISO/TMB consists of the ISO Vice President for Technical
Management and twelve elected member bodies, including ANSI for the USA. ANSI is one of four permanent
members of the ISO TMB.
ISO Technical Committees and Subcommittees. ISO standards are developed by technical committees comprising
experts from the industrial, technical and business sectors which have asked for the standards, and which
subsequently put them to use. These experts may be joined by others with relevant knowledge, such as
representatives of government agencies, testing laboratories, consumer associations, environmentalists,
academic circles and so on. The experts participate as national delegations, chosen by the ISO national member
institute for the country concerned. These delegations are required to represent not just the views of the
organizations in which their participating experts work, but of other stakeholders too. According to ISO rules, the
member institute is expected to take account of the views of the range of parties interested in the standard under
development and to present a consolidated, national consensus position to the technical committee.
Governance of technical work at ISO
The technical work is carried out under the overall management of the Technical Management Board (TMB). The
Technical Management Board reports to the ISO Council and its role is defined in the statutes of the organization.
ISO TMBs duties could be summarized as follows:
To report to and, when relevant, advise Council on all matters concerning the organization, coordination,
strategic planning, and programming of the technical work of ISO.
To examine proposals for new fields of ISO technical activity, and to decide on all matters concerning the
establishment and dissolution of technical committees.
On behalf of ISO, to keep the ISO/IEC Directives for the technical work under review, to examine and
coordinate all proposals for amendments and to approve appropriate revisions.
To act, within the framework of established policies relating to the technical work, on the following matters:
o monitoring of the work of technical committees and project management requirements;
o approval of titles, scopes and programs of work of individual technical committees;
o allocation or reallocation of secretariats of technical committees and, in the case of there being more than
one candidate, allocation or reallocation of secretariats of subcommittees;
o appointment of chairmen of technical committees;
o appeals against technical committee and subcommittee action or inaction;
o resolution of technical coordination issues between ISO technical committees, and vis--vis IEC, other
international organizations, and regional organizations;
o advising the Secretary-General on technical interface questions between ISO and IEC, and with respect
to technical collaboration with other international standardizing bodies.
To appoint registration authorities and maintenance agencies for the implementation of International
Standards.
To establish (and dissolve) Technical Advisory Groups (TAG) in order to obtain expert advice, and to appoint
their members and chairmen.
To establish (and dissolve) committees on general standardization principles and to appoint their chairmen.
Specifically, ISO TMB is responsible for tasks such as setting up the various technical committees (TC),
appointing TC chairs and monitoring the progress of the technical work. It is also responsible for the Directives,
which are essentially the rules for the development of International Standards, and it deals with all matters of
strategic planning, coordination, performance and monitoring of technical committee activities.
ISO/IEC Information Technology Task Force (ITTF) is responsible for the day-to-day planning and coordination of
the technical work of JTC 1 relative to IEC and ISO, and supervises the application of the ISO and IEC Statutes
and Rules of procedure.
The primary duty of a technical committee or subcommittee is the development and maintenance of International
Standards, one such committee related to information & communication technologies is ISO/IEC JTC 1.
ISO/IEC JTC 1 (JTC 1) is the standards development environment where experts come together to develop
worldwide ICT standards for business and consumer applications. Additionally, JTC 1 provides the standards
approval environment for integrating diverse and complex ICT technologies. These standards rely upon the core
infrastructure technologies developed by JTC 1 centers oexpertise complemented by specifications developed in
other organizations. As a joint technical committee of ISO and IEC, JTC 1 has the qualities and strengths of ISO
and IEC standardization.
JTC 1s scope is International standardization in the field of Information Technology. Information Technology
includes the specification, design and development of systems and tools dealing with the capture, representation,
processing, security, transfer, interchange, presentation, management, organization, storage and retrieval of
information.
JTC 1's current strength lies in core technologies, providing the foundation for ICT applications and services:
coded character sets, cultural and linguistic adaptability, biometrics, IC cards, security, multimedia, databases
interface, etc. The work of JTC 1 in these fields also includes proper maintenance of its previous existing
standards to secure the investment in products, processes and applications implementing those specifications.
In addition to this well-established focus of work, JTC 1 positions itself as a system integrator to complement its
current program of work, especially in areas of standardization where many consortia/fora are active. JTC 1
recognizes and appreciates the diversity and range of standards setting organizations in the ICT sector.
Also, JTC 1 acts as system integrator:
Reach out to other standards setting organizations, including referencing of relevant standards
Share information with relevant standards setting organizations, for example about market requirements and
inventories of relevant standards.
Establish relationships that facilitate collaboration with external organizations.
Encourage development of international standards that respond to market needs.
Provide a mechanism for standards developed outside JTC 1 to be quickly approved as international
standards
Develop profiles as appropriate to cope with the needs of specific applications
JTC 1 work is organized in a democratic way to develop voluntary, market-driven and globally relevant standards
which reflect an agreed consensus of all contributing parties. JTC 1 has developed and successfully implemented
additional processes and methodologies to address the specific needs of the ICT community.
JTC 1 comprises of subcommittees/working groups like, JTC 1/SWG 1 which deals with accessibility standards,
JTC 1/SC 25 Interconnection of information technology equipment, JTC 1/SC 6 Telecommunications and
information exchange between systems, JTC 1/SC 7 Software and systems engineering, JTC 1/SC 27 IT
Security techniques, etc.
JTC1 also takes care of any patents involved in the development of standards; there are guidelines for
implementation of the Common Patent Policy for ITU-T/ITU-R/ISO/IEC. The Patent Policy encourages the early
disclosure and identification of Patents that may relate to Recommendations | Deliverables under development.
In doing so, greater efficiency in standards development is possible and potential patent rights problems can be
avoided. But it is not involved in evaluating patent relevance or essentiality with regards to
Recommendations/Deliverables, interfere with licensing negotiations, or engage in settling disputes on Patents;
this should be left to the parties concerned. As mandated by the Patent Policy, any party participating in the work
of the Organizations should, from the outset (as early as possible during the development of the
recommendation/deliverable), draw their attention to any known Patent or to any known pending Patent
application, either its own or that of other organizations. The holder of the patent right has to assure the ISO
[and/or] IEC that he/she is willing to negotiate licenses under reasonable and non-discriminatory terms and
conditions (with or without monetary compensation) with applicants throughout the world.
Governance of Open standards by Consortia
While standard setting has been an important aspect of industrial society for over a hundred years, the formation
of unofficial, fast-acting standard setting and promotional consortia (less formal, SSOs) is a more recent
phenomenon. Most of the standards were developed by the formal standards developing organizations (SDOs)
such as ANSI, IEEE, and ISO. SSOs range from small working groups representing a few market-leading
companies cooperating to develop a specification to highly inclusive, process oriented consortia that resemble
the formal SDOs. Their aims include developing voluntary standards that get to market quickly and provide the
basis for interoperability among products in emerging technology markets.
While various aspects of the economic and antitrust impact have provoked academic and regulatory interest, but
there has been no systematic effort to formalize the structuring of consortia, or to standardize vital aspects of
their operation, such as their systems of governance and the establishment of intellectual property policies and
procedures.
A consortium is formed typically with a small group of founding companies as members, with no office location,
and no network infrastructure. At the beginning, a consortium may be not much except its corporate documents,
the founding members aspirations, and perhaps some contributed intellectual property.
For potential members, standards consortia represent both an opportunity and a risk. On the positive side, they
have an opportunity to help develop or accelerate an entire industry and maximize their ability to capitalize on it.
However, participation has it risks and costs including:
Consumption of key resources
Potential loss of control over IP or trade secrets Implementation issues with evolving specifications and
Possible antitrust liabilities
To overcome the prospective members' concerns, consortia must present more than just an attractive market
opportunity and business case for the standard. They need to show prospects that they have a structure in place
that encourages participation and productivity while minimizing the risks and costs. Meeting this challenge
requires organizational discipline, strong governance, and a supporting infrastructure that encodes and helps
enforce the consortiums bylaws, IPR policies and operating policies and procedures.
Consortia founders spend most of their energy to the creation and negotiation of consortium bylaws and IPR
policies. However, the process by which the SSO intends to actually produce a standard often gets less attention.
Without well-considered and consistently applied policies and procedures, a consortium has only a small chance
of successfully developing a specification or achieving the creation of a globally accepted standard.
The figure below helps in understanding where existing standards organizations fit along the dual axes - formal
vs. informal and exclusive vs. inclusive.
Formal operates under strict, detailed, well-documented policies and procedures
Informal operates loosely without explicitly policies or guidelines
Exclusive Limits participation either explicitly (by invitation only) or implicitly (e.g. high membership fees )
Inclusive operates transparently with membership or participation open to all. Seeks global input.
We shall look at OASIS (Organization for the Advancement of Structured Information Standards), which is a not-
for-profit consortium that drives the development, convergence and adoption of open standards for the global
information society. The consortium produces more Web services standards than any other organization along
with standards for security, e-business, and standardization efforts in the public sector and for application-specific
markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and
individual members in 100 countries.
OASIS was founded under the name SGML Open as a consortium of vendors and users devoted to developing
guidelines for interoperability among products that support the Standard Generalized Markup Language (SGML).
OASIS changed its name in 1998 to reflect an expanded scope of technical work, including the Extensible
Markup Language (XML) and other related standards.
OASIS is distinguished by its transparent governance and operating procedures. Members themselves set the
OASIS technical agenda, using a lightweight process expressly designed to promote industry consensus and
unite disparate efforts. Completed work is ratified by open ballot. Governance is accountable and unrestricted.
Officers of both the OASIS Board of Directors and Technical Advisory Board are chosen by democratic election
to serve two-year terms. Consortium leadership is based on individual merit and is not tied to financial
contribution, corporate standing, or special appointment
The structure of OASIS governance
The OASIS Board of Directors is comprised of executive-level officers, experienced in managing organizational
growth, defining policies and dedicated to advancing open standards for interoperability. By serving on the
OASIS Board, directors exercise a major impact on the strategic direction of the consortium. The OASIS Board is
comprised of 11 elected directors, each serving two-year terms. The terms are staggered annually to preserve
management continuity. Elected directors serve as individuals; however, to be nominated for and serve on the
Board of Directors, a person must be a member of the Corporation or an employee, designee or representative of
a member of the Corporation.
The OASIS Technical Advisory Board (TAB) advises the OASIS Board of Directors, staff, and membership on
matters related to the technical agenda of OASIS. The TAB focuses on improving the standards development
process, improving the quality of OASIS Standards through the production of guidelines and educational
materials, and advising on improvements to community and collaboration processes and technologies. TAB
members are nominated in an open election process by the Sponsors and Contributors of the Consortium. Each
TAB member serves a two-year term.
The technical work related to standards creation is carried out by the Technical Committees (TC). OASIS board
of directors approves the request for creation of new TC on the request of members through majority voting on
the advice of TAB. Also TC may create a sub-committee by resolution.
Standards work products progress as follows:
Committee Specification Draft,
Committee Specification Public Review Draft,
Committee Specification,
Candidate OASIS Standard,
OASIS Standard,
Approved Errata.
Approval of an OASIS Standard is a three-step process:
Submission of a Candidate OASIS Standard to the TC Administrator,
Completion of a public review lasting a minimum of 60 days, and
A membership-wide ballot.
OASIS policy on Intellectual Property Rights (IPR)
At the time a TC is chartered, the proposal to form the TC must specify the IPR Mode under which the Technical
Committee will operate. This Policy describes the following IPR Modes:
RAND - requires all Obligated Parties to license their Essential Claims using the RAND licensing elements
RF on RAND Terms - requires all Obligated Parties to license their Essential Claims using the RF licensing
elements
RF on Limited Terms - requires all Obligated Parties to license their Essential Claims using the RF licensing
elements
Non-Assertion - requires all Obligated Parties to provide an OASIS Non-Assertion Covenant
A TC may not change its IPR Mode without closing and submitting a new charter.
OASIS currently supports more than 60 Committees advancing standards. Few of them are in the areas of XML
processing, Web Services, Document-Centric Applications, Service Oriented Architecture (SOA), Security, etc.
one of them is OASIS Open Document Format for Office Applications (OpenDocument) TC.
OASIS Open Document Format for Office Applications (Open Document) Technical Committee
The purpose of this TC is to create an open, XML-based file format specification for office applications. This TC
was chartered in 2002 and first draft was released in 2004. Open Document Format v1.0 was approved as an
OASIS Standard on 1 May 2005 and has been approved by ISO/IEC JTC1 as an International Standard ISO/IEC
26300:2006. .
Standards and regulations
ISO and IEC standards can be used to support and simplify the process of development and application of
technical regulations. ISO and IEC have published the document 'Using and referencing ISO and IEC standards
for technical regulations. It includes practical advice for regulators on how to use international standards to
achieve their objectives.
Sources of information on standards
ISO has just launched a new database that will make the benefits of using standards easier to achieve, provide
users with new possibilities for achieving such benefits and cut the time necessary to develop and revise
standards.
ISO Concept Database
However, until now, no platform was available to bring together in a single source the content from more than
18 000 ISO standards developed to provide benefits to users in business, government and society.
To tackle this challenge, the ISO Central Secretariat in Geneva, Switzerland, has developed a new application,
the ISO Concept Database (ISO/CDB), which provides a harmonized platform for search, development and
maintenance of concept content throughout the ISO standards portfolio.
Most of the content of the ISO/CDB is publicly accessible at http://cdb.iso.org or from ISO's Web site www.iso.org .
An online tour of the CDB is available under http://www.iso.org/iso/demo_ISO-CDB.html
The ISO/CDB will allow standards users in companies and other organizations to easily access standardized
reference data, with the possibility of re-using them in their own applications.
World Standards Services Network (WSSN)
The most reliable sources of information on standards are the organizations which developed these standards.
The World Standards Services Network (WSSN) is the most comprehensive portal of links to the Web sites of
international, regional and national standards developing organizations including ISO and IEC Web
sites. http://www.wssn.net/WSSN/index.html
Open Group Standards Information Base
The Open Group is a global consortium that enables the achievement of business objectives through IT
standards. With more than 400 member organizations, we have a diverse membership that spans all sectors of
the IT community customers, systems and solutions suppliers, tool vendors, integrators and consultants, as
well as academics and researchers to:
Capture, understand and address current and emerging requirements, and establish policies and share best
practices
Facilitate interoperability, develop consensus, and evolve and integrate specifications and open source
technologies
Offer a comprehensive set of services to enhance the operational efficiency of consortia Operate the
industrys premier certification service
The database entries in the Standards Information Base are linked either to other Open Group databases and
resources, in particular those relating to Product Standards and Registered Products, or, where relevant, to the
web sites of other de facto and de jure standards organizations.
In this way, the SIB provides the architect with a gateway to a uniquely powerful set of tools for defining the
standards that architecture is to mandate, and for checking the availability in the market place of products
guaranteed to conform to those standards. The database could be accessed at: http://www.opengroup.org/sib.htm
NSSN
Another database for standards maintained by ANSI is, the NSSN, a National Resource for Global Standards is a
search engine that provides users with standards related information from a wide range of developers, including
organizations accredited by ANSI, other U.S. private sector standards bodies, government agencies and
international organizations. Provides easy links to obtain standards and related technical documents and contact
information forstandards-setting organizations and is a tool for standards users as well. http://www.nssn.org/
Using Open Standards
Though open standards are widely used in practice, more pervasive use is necessary. Open standards could be
embraced more effectively in organizations.
But many practical issues could impede the transition to open standards. Ensuring the use of open standards in
practice is easier said than done, and requires more than a choice of policy alone. The consideration of such a
step will give rise to many questions:
Closed or other standards are already in use for an application, when and how should the transition be
made?
There are sometimes multiple open standards for a particular application; which should we choose?
A technology or other supplier will propose a standard; will adoption of such a standard result in a
dependency on the supplier?
What if no open standard is available for a certain application? Is it advisable to personally develop a new
open standard?
In a new project which open standard could be applied?
Use of open standards in practice can be divided into a number of phases. Foremost people must be convinced
of the importance of embracing open standards. The three phases are as follows:
Adoption: Involves investigation, research, consideration and decision making for the selection of one or more
open standards for use. At the end of this phase, the organization would have fully embedded open
standards in its policy and procedures.
Implementation: Involves the implementation of the decision regarding adoption, and giving direction to the
users.
Use: Practical deployment of the standard by the organization.
Governing open standards via IT governance in organizations
By now we have understood governance as a stepwise process of working towards more efficient adoption,
implementation and use of open standards.
The guidelines/policies concerning open standards is in place and the benefits of its use are already evident in
actual practice, namely enhanced interoperability and reduced dependencies on suppliers. Many organizations
are therefore keen to adopt open standards.
Adopting open standards means including them in the selection and decision-making processes for IT needs.
This means that the IT governance processes take into account the importance of open standards and need to
contain mechanisms which promote their adoption. IT governance processes give direction to IT activities and
projects. If these processes promote the application of open standards, their implementation and actual use in
those activities and projects will increase. Embedding open standards in IT governance processes is therefore
crucial.
In this section we shall discuss the relationship between IT governance and open standards
Governance Process
IT governance is the leadership and the organizational structures and processes necessary in order to develop
information technology which is in line with the needs and objectives of the organizations.
Compliance management
Compliance management for open standards comprises of periodic checking of requirements relating to open
standards, such as the list of open standards and standards in legislation and regulations. Assessments are then
performed to establish how these requirements can and must be fulfilled.
IT Policy
The IT policy includes the
strategic orientation of IT in relation to operations (e.g. By 2015 we need to be able to conduct 80% of our
customer contact over the internet),
Principles concerning information sharing (e.g. Our data is publicly available or, conversely, Our information
is crucial for our organization and must be kept strictly secure).
Principles concerning utilized technology (e.g. We utilize shared service centers owned by our parent
company or We use only standard products).
Policy concerning suppliers (e.g. We design our own software, but outsource building and administration).
IT project funding.
Open standards can be embedded through inclusion in the general policy principles of the IT policy.
However, policy itself is relatively weak mechanism; the fact that policy has been well-defined does not
automatically mean that it will be implemented in the same manner. The policy must lead to specific actions and
projects.
Architecture management
Architecture management transforms the IT policy into specific structural and organizational principles.
The strategy for information management and systems and standards which are to be used is determined by
means of architecture.
In architecture, specific decisions are made concerning the open standards to be used in an organization.
Procurement and supplier management
The final governance process is procurement, which involves the actual acquisition of IT resources and support,
as well as the control of suppliers.
Procurement involves hardware and software, both standard and customized, and the insourcing of consultancy
and expertise.
The governance process of procurement also focuses on the supplier market, the strategic position of the
organization in relation to suppliers, the operational side of procurement (specification documents, tenders, etc.)
and the assessment of suppliers. Requirements for suppliers are highly specified. In this way, the governance
process ensures continuously improving cooperation with suppliers as partners in the value chain.
In the process, the products and suppliers utilizing open standards can be given priority. Furthermore, in a
number of cases, use of open standards can be specified as a requirement.
The widespread adoption of open Standards means that suppliers can base the development of their products
and services on specifications that have wide acceptance in their sectors. This, in turn, means that businesses
using open Standards are increasingly free to compete in many markets around the world.
REFERENCES
INTERNATIONAL STANDARDS AND INTERNATIONAL GOVERNANCE Kenneth W. Abbott, and Duncan
Snidal,
ISO/IEC Directives, Part 1
ISO/IEC JTC 1 Business plan
OPEN STANDARDS AND GLOBAL POLITICS Laura DeNardis
ConsortiumInfo.org http://www.consortiuminfo.org/
https://www.oasis-open.org/org
Disclaimer
The contents of this report reflect the views of the author and do not necessarily reflect the official views or policy
of the International Business Machines Corporation in the United States and/or other countries. This report does
not constitute a standard, specification or regulation.
IBM is a registered trademark of International Business Machines Corporation in the United States and/or other
countries.
Other company, product, and service names may be trademarks or service marks of others.
Microsoft is a registered trademark of Microsoft Corporation
MODULE 3: Open Standards for Enterprise Applications
Introduction to Enterprise Applications
What is an Enterprise?
The traditional meaning of an enterprise is any company organized for commercial purposes. In that sense, GM,
Bank of America and Wal-Mart are all enterprises, as are the Snappy Service Delicatessen, Yvette's French
Maids, and Bob & Dave's Barbershop ("Two Chairs, No Waiting").
However, in the IT (Information Technology) world, the term "enterprise" has a different meaning, and the
meaning, is often fuzzy. In an attempt to give clarity to an important term, let us look at the following definition.
An enterprise is any organization commercial or not that has the following four characteristics:
Size and location:
An enterprise is a very large organization, often widely distributed with hundreds to tens of
thousands of locations.
Management:
An enterprise is organized into divisions or departments, and managed by a large hierarchy, not
by a single person or group of people. The hierarchy provides for the short-term and long-term
needs of the enterprise, thereby ensuring the continued existence of the organization. With
respect to computing, the IT needs of an enterprise are so complex as to be beyond the total
understanding of any single person. Thus, they must be managed by a sophisticated
combination of human workers and automated systems.
Software:
All businesses require the software necessary to administer an organization: accounting, payroll,
email, office tools, Web services, backups, and so on. However, an enterprise requires more.
First, the administrative software must operate on a very large scale. Second, there are needs
that are unique to extremely large organizations. For example, there must be software to support
the processing of massive amounts of data (often terabytes per day), data warehousing, data
mining, highly distributed transaction processing, wide-area networking, and IT management, as
well as data distribution to customers, suppliers, employees, the media, and the general public.
Hardware:
An enterprise requires large, complicated, inter-connected computing systems that will not fail,
degrade or interfere with one another. Because of the enormous expense, such systems must be
designed and managed to run efficiently. Moreover, they must be upgraded on a regular basis.
Having defined an enterprise in this way, we can see that any sufficiently large organization qualifies: not only
companies, but governments, universities, and large social organizations. (What do GM, Bank of America, Wal-
Mart, UCLA, the Vatican, the Red Cross, and the Mormon Church all has in common?)
Enterprise Application Software
Enterprise software, also known as enterprise application software (EAS), is software used in organizations, such
as in a business or government, contrary to software chosen by individuals (for example, retail software).
Enterprise software is an integral part of a (computer based) Information System.
Services provided by enterprise software are typically business-oriented tools such as online shopping and online
payment processing, interactive product catalogue, automated billing systems, security, enterprise content
management, IT service management, customer relationship management, enterprise resource planning,
business intelligence, human resource management, manufacturing, enterprise application integration, and
enterprise forms automation.
As enterprises have similar departments and systems in common, enterprise software is often available as a
suite of customizable programs. Generally, the complexity of these tools requires specialist capabilities and
specific knowledge.
Enterprise software describes a collection of computer programs with common business applications, tools for
modelling how the entire organization works, and development tools for building applications unique to the
organization. The software is intended to solve an enterprise-wide problem, rather than a departmental problem.
Enterprise level software aims to improve the enterprise's productivity and efficiency by providing business logic
support functionality.
According to Martin Fowler, "Enterprise applications are about the display, manipulation, and storage of large
amounts of often complex data and the support or automation of business processes with that data."
Although there is no single, widely accepted list of enterprise software characteristics, they generally include
performance, scalability, and robustness. Furthermore, enterprise software typically has interfaces to other
enterprise software (for example LDAP to directory services) and is centrally managed (a single admin page, for
example).
Enterprise application software performs business functions such as order processing, procurement, production
scheduling, customer information management, energy management, and accounting. It is typically hosted on
servers and provides simultaneous services to a large number of users, typically over a computer network. This
is in contrast to a single-user application that is executed on a user's personal computer and serves only one
user at a time.
Enterprise software is often categorized by the business function that it automates, such as accounting software
or sales force automation software. Similarly for industries, there are enterprise systems devised for the health
care and insurance industry, retail industry, or for manufacturing enterprises.
Major organizations in the enterprise software field include SAP, IFS AB, QAD Inc, IBM, BMC Software, HP
Software Division, Redwood Software, UC4 Software, Red Hat, Microsoft, Adobe Systems, Oracle Corporation,
InfoSys Limited, CA Technologies, Wipro Technologies, and ASG Software Solutions but there are thousands of
competing vendors.
Open standards and Enterprise Applications
Open standards rely on a broadly consultative and inclusive group including representatives from vendors,
academicians and others holding a stake in the development. That discusses and debates the technical and
economic merits, demerits and feasibility of a proposed common protocol. After the doubts and reservations of all
members are addressed, the resulting common document is endorsed as a common standard. This document is
subsequently released to the public, and henceforth becomes an open standard. It is usually published and is
available freely or at a nominal cost to any and all comers, with no further encumbrances.
Various vendors and individuals (even those who were not part of the original group) can use the standards
document to make products that implement the common protocol defined in the standard, and are thus
interoperable by design, with no specific liability or advantage for any customer for choosing one product over
another on the basis of standardized features. The vendors' products compete on the quality of their
implementation, user interface, ease of use, performance, price, and a host of other factors, while keeping the
customers data intact and transferable even if he chooses to switch to another competing product for business
reasons.
None of the enterprise applications are developed in tandem, and have different data structures designed to meet
different business needs. So integration is required for tying together separate enterprise applications and lot of
work may be required for two enterprise applications to integrate successfully. The software and data have to be
made to work together without any slippage or miscommunication. To accomplish this we require an agreement
about how the transaction or data exchange will be accomplished. The answer is Open standard, to ensure that
competing products work together. It becomes easier as more companies adopt an open industry standard, to
communicate, without the need for costly customized data interchanges.
On the other hand, proprietary standard is normally owned by a corporation, its internals cannot be inspected, its
users must license it, and the owner of the standard can change it at will. Companies that purchased enterprise
software systems adjusted to the data standard of that system for all its functions. Although, companies were not
really locked-in, data exchange or migration was cumbersome and costly. Hence assessment of software
solution became an extension of already available solutions, instead of a true evaluation to identify the best
solution available in the market.
Open standards enable different software systems to share data with relative ease. Data migration no longer
needs to be the key driver for decisions on system choices. Single vendor solutions no longer keep their
corporate customers tied to them because of apprehension about proprietary data formats, data transfer and
integration. The viable options include large vendors alongside specialized offerings from best-of-breed solution
providers. The true decision can then be made on benefits coming from functionalities and not from fear of
heterogeneous dataflow.
The keys to success in the future are universally agreed-upon open standards such as to increase the speed and
reliability of integration. Organizations & departments are free to choose the best of breed solutions that best
meets their needs and align with their corporate goals and vision, unencumbered by concerns about data
integrity and integration into broad enterprise-wide systems.
Today's enterprises need flexible, open information systems. Most enterprises must cope with a wide range of
technologies, operating systems, hardware platforms,and programming languages. Each of these is good at
some important business task; all of them must work together for the business to function.
Enterprise Application Integration (EAI)
EAI is defined as the use of software and computer systems architectural principles to integrate a set of
enterprise computer applications.
Supply chain management applications (for managing inventory and shipping), customer relationship
management applications (for managing current and potential customers), business intelligence applications (for
finding patterns from existing data from operations), and other types of applications (for managing data such as
human resources data, health care, internal communications, etc.) typically cannot communicate with one
another in order to share data or business rules. For this reason, such applications are sometimes referred to as
islands of automation or information silos. This lack of communication leads to inefficiencies, wherein identical
data are stored in multiple locations, or straightforward processes are unable to be automated.
Enterprise application integration (EAI) is the process of linking such applications within a single organization
together in order to simplify and automate business processes to the greatest extent possible, while at the same
time avoiding having to make sweeping changes to the existing applications or data structures. In the words of
the Gartner Group, EAI is the unrestricted sharing of data and business processes among any connected
application or data sources in the enterprise.
Big challenge of EAI is that the various systems that need to be linked together often reside on different operating
systems, use different database solutions and different computer languages, and in some cases are legacy
systems that are no longer supported by the vendor who originally created them. In some cases, such systems
are dubbed "stovepipe systems" because they consist of components that have been jammed together in a way
that makes it very hard to modify them in any way.
However, to gain the benefits of this kind of distributed, modular system, an organization must implement
technologies that deal with the problems presented by this architecture:
. Interoperability: the various components of the infrastructure may use different operating systems, data
formats, and languages, preventing connection via a standard interface.
Data integration: in order for a modular, distributed system to be functional, a standard method of handling
the flow of data between applications and systems to enforce consistency across the database is crucial.
Robustness, Stability, and Scalability: Because they are the glue that holds together a modular infrastructure,
integration solutions must be highly robust, stable, and scalable.
Open standards & Application Integration
Open standards and application integration are natural allies since open standards support in solving the
application integration problem, due to the differences in formats and interfaces through common mechanisms
that everyone can understand. However, those working to resolve the application integration problem should
understand the objectives and evolution of open standards.
Standards could be divided into 3 categories in the area of application integration: service standards, format
standards and orchestration standards.
Service standards, including Web services, seem new but in fact are very old. Early attempts at standardizing
service-oriented interfaces, such as OMG's CORBA and Microsoft's COM, have a long history in the world of IT.
They both have attempted to provide access to program services that exist on remote computers without the
need to understand any of the low-level details such as location, APIs, etc. Instead, they placed a common
interface layer on top of the native services, allowing remote programs to both discover and invoke these
services.
By leveraging common Web protocols, Web services seem to be getting more traction than their predecessors.
Web services also deliver a lot to the application integration world as well, providing common interfaces and
protocols which allow standard-based communication and service invocation from machine to machine, either
local or over the Internet. Web services are interesting technologies for the world of inter and intra company
application integration, moving beyond the simple exchange of information, (the dominating mechanism for
application integration today) to the concept of access application services that are encapsulated within old and
new applications. This means we can not only move information from application to application but also create
composite applications, leveraging any number of back-end application services found in any number of
applications, local or remote.
Format standards are those standards that define a common way of formatting information so that it is
understood as it is being shipped from application to application. EDI, XML and SOAP (messaging) are examples
of format standard with XML leading the charge as the dial tone for application integration in many problem
domains.
Format standards are not as complex as service standards; the only requirement is that both the source
application and target application are able to understand each other. XML is particularly helpful.
Orchestration standards, such as BPEL4WS, layer a set of easily defined and centrally managed processes on
top of existing sets of processes/services contained within a set of enterprise applications, intra- or inter-
organization.
We can think of orchestration as the science and mechanism of managing the movement of data and the
invocation of services in the correct and proper order to support the management and execution of common
processes that exist in and between applications. Orchestration provides another layer of easily defined and
centrally managed processes that exist on top of an existing set of processes and data contained within a set of
applications.
The goal is to bring together relevant processes found in an enterprise or trading community to obtain the
maximum amount of value, while supporting the flow of information and control logic between these processes.
These products view the middleware, or the plumbing, as a commodity and provide easy-to-use visual interfaces
for binding these processes together.
Approach
