BPM is not Software Engineering

I agree with Keith Swenson that BPM is not Software Engineering
However, I think that some of the arguments are a little broad. Ultimately we need to have software construction and business process design working toward the same set of goals in an organisation.

Because business people do not have time to learn how to be a Software Engineer, a BPM system need to provide a representation of the process which is meaningful to a business person. It will have the aspects of the system that are important to them, and consequently it may not have some things that a Software Engineer would like. The diagram must not be cluttered by aspects which are “implementation oriented” as opposed to business oriented.

That is reasonable and familiar to anyone who has gone through the tortuous process of delivering software to meet a business need that is crystal clear in the head of the business person at the sharp end but leaves a whole lot of stuff for the developer to make up. Too often, the business requirements whether in a BPMN diagram or good old fashioned English paragraphs are missing simple things like what happens when the process does not work (business-wise rather than software crash).

Once a business person draws a diagram, that is the diagram that is executed. It must not be transformed to a different form for the convenience of the Software Engineer.

This sounds good as well and is often used to rubbish the use of an established form of software solution as a means of delivery for the new method of expressing the business problem ... "Can't use BPEL because it does not look like BPMN" . This misses one good reason for using transformations or compilations of one logical specification into another, progressively until we end up with instructions for the hardware ... at each level of transformation considerable work has been done to ensure that the forms of expressions are formally correct.
In practice, I think it is sufficient for the business person to draw the diagram defining the process and for all the elements of the diagram to be visible in the execution regardless of transform. So if you freeze the action of an execution, the business person would be able to see that there are instances of processes in play; the current state of any instance can be related to the processing state of activities etc.

The history and analytic reports need to match the original diagram to support the business user in evaluating the performance of the organization, not for the programmer to tell how well the program is running.

Exactly!

By attempting to include all the Software Engineering features in with the BPM (business person) features, the result can be something that is not useful for either. You have people today still believing that BPEL is the ultimate way to implement business processes. BPEL only provides a way to send, receive, and transform — these are Software Engineering requirements, not business requirements. A Software Engineer will tell you that with these primitives you can implement anything, probably even a spreadsheet, but that misses the whole point about why we have spreadsheets and BPM in the first place: because they are not Software Engineering.

While BPEL is not the most capable of languages it does have the merit of having a clear specification of how it should execute. In the same way as a spreadsheet program can be seen as a presentation or interaction layer for a particular class of user connected to a backend computational engine which is tried and tested, a business process diagramming tool with a BPMN or similar presentation form can be implemented through connection to a tried and tested executable engine. If that can be BPEL, who cares?

The problem really arises when the software engineer escapes from the cubical and starts expressing the business process requirements in BPEL and then translating that into a subset of BPMN (for example, with no backward flows) because it can be done.

It really is not helpful to end up with the business process definitions being done in the closed world of "IT" because only they could possibly understand the limitations and technicalities of the "system".

Business process designers (who should not be a specialist breed) need to be able to express the activities, flows, events and decisions of a business process in a way that makes sense to them and the proverbial man on the Clapham omnibus . This means that backward flows, arbitrary cycles, synchronising activities across the process all need to be allowed.

If a software specialist following extensive training and principles in the dark arts of software engineering can create executable code from this business process diagram, then it will be a small step to create software that replaces the software engineer in the development process. At present, in the BPMN/BPEL debate the proponents of BPEL as an intermediate step between BPMN and execution seem short of the patterns that demonstrate that everything that can be expressed in BPMN can be executed in BPEL. Similarly, the proponents of directly executable BPMN are short of the formal definition of the execution rules associated with BPMN patterns.

Executable BPMN via BPEL

In a short burst of discussion about whether BPEL was a viable execution mechanism for BPMN, Keith Swenson provided an excellent example of a valid BPMN expression that could not be expressed directly in BPEL with a follow up in his blog showing that the BPMN could be directly executed using his product.

This was followed up by a spirited exchange between factions with assertions that BPEL could indeed express the business process but no definitive BPEL as far as I can tell. Alex Boisvert acknowledged a bug in the BPEL produced by Intalio Designer v5.2 but unfortunately did not describe the code that should have been produced. [[Update:ActiveVOS provides an answer in its tutorial material ]]

However, the BPMN 1.1 specification provides a couple of items for thinking around this problem.

The use of a new signal element to provide synchronisation behaviour across processes covers exactly the intent of Keith's example.

There may be situations within a Process where the flow is affected by or dependent on the activity that occurs in another
Process. These events or conditions can be referred to as milestones. The process model must be able to identify and react
to the milestone.That is, the continuation of a Process may be triggered by Signal Events, which pass the flow between
processes (see Figure 10.48 reproduced below). The type of Workflow Pattern called a Milestone.

In para 10.2.1.11 Avoiding Illegal Models and Unexpected Behavior of the BPMN specification, the authors touch on the root cause of the issue.

The situation where alternative paths cross the implicit boundary of a group of parallel paths can cause an invalid model.

If there is to be a future for BPMN to BPEL, we need an indication of what transformation needs to be done to otherwise valid BPMN to produce the intended executable.

The use of BPMN signal elements suggests that the bright people at Intalio could replace the doubtful synchronisation with whatever mechanism they are going to employ to implement signal intermediate events (not implemented in v5.2!). That is, implement it as though the BPMN looks like this ...

This then gives us a manual work around until the transformation rules can be codified into the product.

Which raises the question ... does the catch event need to be reached before the throw can be effective? Should I draw the BPMN like this? ...

Executable BPMN call for action

In BPMI.org Redux Ismael Ghalimi of Intalio calls for participation in a group to sort out a true executable BPMN. The tentatively titled BPMNLab looks to be a good practical approach to the issues.

• What consitututes executable BPMN?
• Are there useful BPMN flow patterns that cannot be translated into WS-BPEL? If so, how are they best dealt with to produce an executable?

After what has been a bit of sniping from the sidelines on my part, I would be happy to be involved in this effort.

The transformation to BPEL approach seems to me pretty sound. Here is a working language definition appropriate for the BPM domain that is capable of withstanding rigorous assurance testing. Why attempt to define another?

A few BPMN constructs may produce really ugly BPEL code, but who cares except for a few developers in Intalio and the like who have to develop the transformation code. The last thing that anyone in the real world should be doing is fiddling with the generated code. I am reminded of a very successful Unisys product LINC which developed totally unreadable and arguably inefficient COBOL code. In years of use, we had no more reason to look at the generated intermediate COBOL than the final machine level code.

Comply with the specification for BPMN

Bruce Silver in BPMN-BPEL in Perspective responds to the same article as I did here and raises the issue of compliance.

OMG could define a compliance spec for BPMN 2.0 - the elements,
attributes, and flow patterns that MUST be supported to claim BPMN
support. They have made some murky noises about it, but I haven’t seen
anything concrete yet. Since IBM and Oracle are driving the bus there,
it would make sense that that subset would have a defined mapping to
BPEL, but it would allow non-BPEL engines to be compliant as well.

That would be a healthy thing for the industry. But I’m not holding my breath.

I may be more used to specifications for computer languages (like FORTRAN, COBOL) than business process but I suggest that the specification for BPMN 2.0 itself should be what vendors comply with and not a separate compliance statement. Compliance statements from vendors will then effectively state what they have not achieved (yet). Purchasers and consultants can then judge whether the level of compliance of a particular product is sufficient for there purpose.

As BPMN is unlikely to stop at 2.0, a really supportive vendor should not only be compliant with the currently approved specification but also support proposals for future versions, so that practitioners can work with the new ideas while they work through the acceptance process of a standard.

Execution is a different issue. A vendor could opt for a BPEL execution engine (as Intalio uses at present) and reflect that decision by flagging bits of the model as not-executable. An organisation working from the compliant BPMN model could than decide on a method for implementation ...

• use a tool that will generate an executable directly from the model, or
  
• hand the model to an IT developer as a requirement specification

I will be looking for solutions in the first category but we must not lose sight of the fact that a vast number of organisations like to keep a developer shop and consultants busy re-inventing processes in Java or whatever language is the flavour of the month.

Even for Intalio, the execution engine could be replaced by something easier to map to BPMN without changing the user view.

To BPEL or not to BPEL

In Why BPEL is not the holy grail for BPM, Pierre Vigneras thoroughly covers the issues of using BPEL as the implementation layer of a business process solution. From the article conclusions ...

• Therefore, we consider BPMN notation as the only currently viable solution for Business Analysts
• Transformation from BPMN to (readable) BPEL is quite hard to implement, and produces --- when correct --- hardly readable code.
• Therefore, we may wonder why BPMN is transformed to BPEL since there
  exist a graph-based standard that maps directly BPMN constructs ---
  namely XPDL v2.0
• Of course, one may claim that XPDL 2.0 lacks some execution specifications that makes him (sic) unsuitable for direct execution.

Although I am generally a fan of Intalio, Pierre provides a good example of the problems they get when BPMN is used as though it is a convenient graphical expression for BPEL. In particular, a real business analyst can express the process in valid BPMN which is then transformed by Intalio into BPEL which bears little relation to the designer's intention. Worse, the Intalio developers have removed valid BPMN constructs from the business analyst, probably because they do not readily fit with the BPEL implementation. To add insult to injury, there is a general impression that if your valid BPMN does not work, you must have designed your process against some mystic best practice rather than expressed real business events and activities.

I am less concerned about the round-trip issue. If the BPMN is transformed by a product into an execution language which then remains untouched by human developer hand why we should care about the readability of that executable code? The answer is that the maturity of product development in BPM does not give users much faith that the generated code will do what we expect.

If we concentrate on developing BPMN into the way of real business analysts express the business processes and assume an automatic transform into a executable, the choice of implementation paths is only of concern to product developers. Out in the real world we can judge their products by the ease with which we can describe the processes that we find (as-is) and design (to-be).

BPMN Modeler Eclipse Sub-project

Intalio has announced a move to raise the status of the BPMN Modeler component to
a sub-project under the top level project Eclipse SOA Tools
Platform (STP).

The BPMN sub-project will focus on building an usable and extensible
graphical modeler by leveraging the tools provided by the Graphical
Modeling Framework and the EMF Validation Framework.

• Provide a first class user experience when it comes to designing processes, using graphical assistants.
• Provide a graphical notation according to the BPMN standard.
• Provide ways to extend the modeler to integrate it within commercial products.

Great stuff.
Let us avoid the situation where people describing their view of the real world are constrained by a developer's pain of how the real world may have to be transformed into code.
I would really like to see a mandate to allow modelling in line with major proposals in BPMN rather than limited to published specifications. This seems to be a real benefit of extensibility. Perhaps it is a bit late for BPMN 2.0 but it would be good to be able to explore major changes within the normal modelling toolset.

Adventures in BPMN?

Keith Harrison-Broninski is undertaking an adventure in BPMN to demonstrate its shortcomings and to promote an alternative approach to descibing business processes.

... I will take simple scenarios drawn from everyday knowledge work and
show how BPMN cannot express these situations. I will also show how
easy they are to express in the Human Interaction Management notation ...

Unfortunately, he chooses to ignore the rules and semantics of BPMN (it is not just a set of Visio shapes) and so detracts from his argument. There are plenty of issues with using BPMN but a good starting point is to use what is there at BPMN 1.1 correctly. For clarity, I have reproduced the offending diagram below:

This diagram shows the following incorrect BPMN expressions

• Messages (dashed arrows) originating at gateways
• Messages between activities in a POOL (the saleperson, technical consultant amd account manager are LANES)
• Use of message as a sequence flow
• Loops

I think that the BPMN that expresses the ideas behind Keith's drawing is:

Note that the loops continue (perhaps indefinitely) while the proposal is not OK.

Keith asks a number of questions that purport to show that BPMN is inadequate for his purpose

What are the goals responsibilities of each player?

How can the salesperson know what the others are looking for?

etc

None of these questions are relevant to the business process and the purpose of BPMN. Overloading an expression of sequence, orchestration and choreography with specification of the activities, policies and human interactions will confuse rather than communicate. There are plenty of other modelling artifacts that can be employed in an enterprise architecture to complete the picture.

Modelling Timer Interrupt in BPMN

Modelling Timer Interrupt in BPMN

Real-life processes are often limited by time and exception paths are taken when "Time's Up". The rich notation of BPMN provides for this. The BPMN 1.1 specification provides an example from Voting operations.

The normal sequence flow and error flow from "Moderate E-mail Discussion" in this case are merged into the subsequent activities but it is easy to imagine circumstances where the subsequent activities were  not identical.

Modelling this in BPMN using Intalio immediately presents a problem because error flows are not permitted to go anywhere beyond the error handler activity which may be a Sub-Process. (This is a compliance issue in Intalio v BPMN 1.1 specification ).

A further issue is that, in Intalio, the timer itself does not interrupt the activity within the sub-process. That is when the timer event is triggered, the error flow is executed and  the activities within the subprocess continue.
This is counter-intuitive and inconsistent with the implementation of the intermediate error event so is probably a bug. The BPMN 1.1 specification (10.2.2) only requires the error flow to be started, there is no clear direction as to the operation of the normal sequence flow. As a workaround in Intalio, to interrupt the flow within a subprocess by a timer, a fault has to be raised in the error-flow. To avoid that fault stopping the whole process, it has to be trapped and handled within the process (at an outer scope or subprocess boundary). How do other BPMN products treat the timer?

An explicit example of this is shown below. If the timer expires for the sub-process timed exec then execution is halted by the error end event in the error flow handler. This error end event is processed by the error handler activity fault in the outer subprocess.

This example is available as a complete Intalio project on the community forum

Business Process Management (BPM) delivered by Software As A Service (SAAS)

In BPM SAAS Is Here - Is It a Storm Cloud For IT? , Wolf Rivkin suggests that the traditional Enterprise IT faces a challenge from a BPM-centric architecture of clouds. As with all future-state architectural views the model (link included here because it is difficult to find in original article) is tantalisingly simple and well ordered especially when compared with the rats-nest of current state architecture that we are all familiar with. A picture is painted of business-oriented services (CRM and the like); Data-centric services (Master Data, Warehouse etc) and BPM being utilised from cloud-space rather than neatly locked in the realm of corporate IT. Agility in business operations is supported by expression of Business Process and Business Rules. There are a few impediments to selling this idea.

• The rats-nest current state is the start point and cannot be removed with a wave of the wand. Multiple future states will have to interact with variants of the current state architecture. So the future state is in fact more complicated than the current for the foreseeable future.
• Although all the pieces of the future cloud architecture can be seen today, the interconnection of them is not a mature concept. How for instance is the customer data supporting CRM utilised from an unrelated cloud datastore?
• Systems that enable the business process should be highly resilient. If a back office accounting system fails or is unavailable the impact on business is minimal but if a BPMS is controlling your business activities, no BPMS = no business. Simple events like Google's GMAIL failure illustrate the potential for stuffing up your business life.
• Some business services may already exist and be valued in the current enterprise IT. Making an ERP installation operate peer to peer with an external cloud may be seen as a lot of unproductive work by an in-house IT shop.

That said, I would really like to work on solving the issues.

Snapper Privacy

A thoughtful post from Alan Macdougall on the privacy implications associated with the 'low value' Snapper used for transport and other payments in Wellington.
Aside from trusting the bus company (and whoever they want to share it with) with your personal data. You may also end up sharing information with people with really bad reputations as in the recent TradeMe case where transaction data was provided to a prisoner as a result of police action.
Creating a false identity to avoid linking a trail of your movements directly to you is actually against the terms of use of the device

...When you order a Card, you must: provide all required information (and you must ensure that such information is complete and correct)....

Intalio 5.2 Available

Check out the tutorial and get the lastest version of Intalio which irons out some of the kinks.

Business Process Failures (2)

In Business Process Failures, I described my learning experience with failure and compensation in BPMN. The smart people at Intalio are nearly there with BPMN and transformation into BPEL and provided a solution to my problems with Bruce Silver's original example. I started with this view of the business process:

Note the use of a compensation end event and compensation activity associated with Book Hotel.
The compensation end event can be read as "a business failure has occurred within the scope of the enclosing sub-process, go and do any necessary compensating activities for work that has been completed.
The compensation activity associated with book hotel does all that is necessary to undo the booking in the business sense. It is not a roll-back in the IT or database sense.
To get this to work in Intalio (5.2 Beta) we have to make some allowances for the incomplete implementation of compensation but the original is still recognisable.

In this representation (which generates executable BPEL), the failure of the Book Air subprocess is represented by a simple failure end event to be trapped by an intermediate failure event on a containing subprocess. In this case, the error handler for failure is in the outermost subprocess.

The exception flow is directed into a compensation end event and this forces any eligible compensation activities to be executed. If there are other actions that should be done by the error handler, the compensation end event can be placed inside a subprocess. There is currently a restriction that prevents the exception flow from having more than one symbol (task, subprocess, end event).
BPMN allows for the compensation end event to specify a target activity or to apply compensation to all eligible sub-processes. Intalio implements these alternatives.
It is definitely worth thinking about patterns of business process and workflow before letting the business analysts loose with BPMN tools. Using implementable patterns will save time resolving syntax problems in every business process definition.
Intalio is well on the way to a practical implementation of BPMN compensation. It would be an advance if all valid BPMN could be drawn (regardless of the capability of translation into BPEL) and those bits that will not be executable flagged at design stage. At present, there is an unhappy combination of illogical BPEL and correct BPMN not being permitted.

Dates and Calendars

Mike makes a plea for publishing calendars in i-cal format or specifically in Google Calendar. I agree and suggest that owners of calendar information (governments, local authorities, boards) take some care when getting their information 'out there'.
I followed up Jon Udell on this subject and noted that Google's Calendar API makes a good effort at parsing all but the most obscure presentations of event information. If you do publish event details on the web, make it easy for your audience to capture the information into their calendar. You can be really helpful by adding a specific Google Calendar button for the event.

Business Process Failures

Business Process Failures Examples of business processes that cover the 'normal path' abound and I often come across organisations that will present completed requirement specifications that pay scant regard for exception conditions leaving it to some IT practitioner to make it all up. This may not matter when the computer systems are recording what has happened in business processes after the event, but when there is a BPMS facilitating the end to end process, leaving the exception flows to the end is a risky approach. You are likely to end up with the business operation grinding to a halt.

Bruce Silver provided this useful example of the ease with which the business semantics involved in exceptions can be expressed formally in BPMN. This shows a requirement to undo a hotel booking if the corresponding flight cannot be booked. I loaded this into a BPMN tool (Intalio) to confirm that this fitted with BPMN1.1 and had an executable solution in BPEL. Intalio generates BPEL from the BPMN diagram. To allow it to be executed, I added the Initiator pool which causes a simple UI to be generated for the start of the process.

Unfortunately, at Intalio 5.2 Beta, the "end no flight" compensation end event is flagged as an error "The compensation activity can only be used in an exception flow". I modified the original further, putting the test for success in booking the flight into the subprocess Book Air. This seems a reasonable view of the real life business situation as well.

That did not work either. Perhaps I have misunderstood the meaning of the compensation end event. Looking at some Intalio Reference information the compensation end event is not mentioned, so how about simply failing the subprocess and not trapping the failure.

That does the compensation cancel Hotel on failure of sub-process Book Air, BUT the process fails and the Confirmation task is not executed! Fair enough, there is no handling specified for failure ( I was limiting the changes made to locate the thing that was stopping the compensation). Now add a failure handler on the outer sub-process. I was glad I had one of those, because Intalio does not allow you to put a subprocess around existing elements and I would have had to start again!

Surprisingly that stopped both the failure and the compensation action! HELP!
[Update: This relates to a post on the Intalio forum]

Where do we get our reusable services from?

With an emphasis on process design first, we do have an opportunity to realise the much vaunted reuse of IT components but not if the expectation is that IT will engage with a process diagram and infer all sorts of things about the future of the business. Definition of services belongs out in the business world (this is what we need the service to deliver) not in the builders yard of the IT engineer. In What does SOA mean for the process modeling world? Rick Geneva wrote

In a SOA system, certain parts and pieces are offered as a service to the entire organization. The role of the IT engineer shifts slightly to where their primary responsibility is to create services, and reuse existing assets before purchasing or building new ones. If a service is needed that doesn’t already exist, the first step is to determine if the organization already has a system that performs a similar function. If so, then there are ways to expose an operation (activity) as a service with minimal impact to the surrounding IT environment.

This is all true but it is going a bit far to suggest that when presented with this abstract of a process diagram (from Rick's post)

the IT team should immediately think of providing as Rick suggests ...

1) The request router. 2) the lookup manager service. The lookup manager service would probably be not be directly used by the process. Instead, we would use the lookup manager service as part of the request router. The request router would most likely be created as a generic service that could also handle the manager response.

Implicit in the use of this type of model as a specification of requirements is an understanding of message handling. Routing messages should certainly be part of a generic implementation (in a BPMS solution perhaps) but hardly considered in a single business process. The process analyst is, at best, defining a requirement for a service that will satisfy the Lookup Manager activity in terms of the data available in Receive Request and required in Route to Manager.

A better approach may be for the process analyst to signal the requirement for a more abstract and generally applicable service by renaming Lookup Manager to Apply Business Rules for Routing Message.

BPMN Pools and Lanes

Bruce Silver introduces one of the misunderstood areas of BPMN in his recent post . He notes that a Pool is a container for a process.

It’s called a pool, a rectangular shape that serves as a container for a process. So in that sense a pool is synonymous with a process, and that’s as basic as you can get. The confusion sets in when you understand that a business process diagram (BPD) - the top-level object in BPMN, describing a single end-to-end business process - frequently contains multiple pools.

Of course one person may view a process as end-to-end and another will view it simply as an activity their grand plan. It is a matter of perspective. So it is as well to determine what the scope of a BPM exercise is.

Bruce recommends the practice of treating the 'requester' or initiator of a process as an external element communicating with the orchestration. In BPMN terms the requester is a black-box process in its own pool. Here is his view of a simple absence request.

This provides a clear definition of the relationship between the Employee and the orchestrated business process. The message-passing constitutes the shared information between the Employee and the Time Off Request process. The Time Off Request process has a division of responsibilities between HR and the Manager of the employee represented by the BPMN Lane construct. A Lane is a graphical sub-division of the Pool and does not impose limitations on the business process. A pool however does constrain the process design in that sequence flows cannot cross pool boundaries. The problem that I have with this is that it is equally possible to view the HR activities as a service to the Manager and the nature of that service may change over time independently of the Manager or Employee expectations in the end-to-end process. I commented to Bruce

... there is something to be gained by treating the departmental manager and HR as actors at the same level by putting them in different pools. We could then think of these participants as having control of their own processes subject only to the contracts implied by the messages between them. This also recognises that organisational change (including mergers and acquisitions) does not necessarily alter the business process.

Implicit in the division of the Time Off Request Pool by Lane is that all the information of the process is available to both Manager and HR. This is fine until outsourcing comes along and you have to work out what info that you need to pass across in the message. Alternatively it obscures important details about the scope of the participants involvement (as far as the process analyst viewed it). Bruce responded to my question of the value of the Lane...

What is lost is the idea of orchestration, which is central to BPMN. A pool does not represent an actor but a process. (Well, a black box pool could be thought of as an actor, but not a pool with activities inside it.) If you do not have orchestration connecting the activities of multiple actors, you don’t really have a process. You just have independent services sending requests and responses to each other. There is no central “thing” that holds it together. Yes there is a viewpoint that says, “why do we need orchestration [e.g. BPEL] at all?” That’s more of a libertarian or anarchist view of BPM. Maybe a valid viewpoint, but I don’t think proper use of BPMN.

I do not see myself as an anarchist but do see a potential in isolating standalone processes so that they can be included into other end-to-end processes, (re-used as the developers would term it). Drawing the HR and Manager Lanes as Pools within the end-to-end process does not lose the sense of orchestration.

You just have a more precise definition of the relationship between very different actors in the process. There are definite gains in the implementation arena.

Principles and the Police

Stephen Franks, a prospective member of parliament later this year, raises the issue of basing the police role on the public support by reference to the founding fathers of London's Metropolitan police. He does so with typically inflammatory language imputing cowardice and other shameful behaviour to police and ambulance staff. Although his politics and attitudes may be an anathema, it is worth considering what society expects of its police service. Interestingly Stephen Franks drops a few of Richard Mayne's principles from his extract:
4. To recognise always that the extent to which the co-operation of the public can be secured diminishes proportionately the necessity of the use of physical force and compulsion for achieving police objectives.

6. To use physical force only when the exercise of persuasion, advice and warning is found to be insufficient to obtain public co-operation to an extent necessary to secure observance of law or to restore order, and to use only the minimum degree of physical force which is necessary on any particular occasion for achieving a police objective.
8. To recognise always the need for strict adherence to police-executive functions, and to refrain from even seeming to usurp the powers of the judiciary of avenging individuals or the State, and of authoritatively judging guilt and punishing the guilty.
9. To recognise always that the test of police efficiency is the absence of crime and disorder, and not the visible evidence of police action in dealing with them.

These are, of course, as relevant as the others.
Unfortunately the time has long gone when the 'Met' has widespread public support and it certainly avoids such detailed principles in current operations but a challenge to the New Zealand Police Commissioner Howard Broad is to identify what he thinks the police should be doing and how well he thinks it is doing it. Unlike most other large organisations, the police do not publish a 'vision statement' or even its operating principles against which the day to day operational success may be measured.
Our politicians and representatives will serve us best by working out what the principles for the Police should be and encouraging support for the front-line staff.

Intalio - Becoming a Good Fit for Enterprise

Although I really like the approach that Intalio has taken to BPMS with its use, support and provisioning of Open Source components and adoption of standards, I have been frustrated by the user interface and lack of reporting mechanisms for the BPMS itself (broadly BAM). The user interface was developed to support the Tempo workflow component without much consideration that people engaged in workflow may need to have some integration with systems that are not to be provided by the Intalio solutions. There may even be a corporate way of presenting the user interface for tasks/to-do lists (Microsoft's Outlook has a fairly wide usage in this respect). It is intuitively clear that given the use of standards like SOAP in Intalio, replacement of the UI at run-time is fairly simple as all the interfaces are defined in WSDL. Not so easy, is incorporating a replacement UI into the Intalio Designer (eclipse-based). However, there has apparently been some work going on in dark corners to resolve these and the up-coming user conference will have some show and tell on replacing the user interface using, as an example, Ruby-on-Rails. My particular interest will be to see if a full-function XFORMS user-interface can be developed combining the benefits of the visual form design already in Intalio with the ability to use standard message schemas and have full control of the submissions from the form. There has been some smart work on BAM which looks to be following the common Intalio thread of open source by using the Eclipse BIRT reporting project . Again this is featured at the user conference. Unfortunately, I am not able to make the conference but will be following the output with interest.

Desktop on Demand

In Desktop on Demand Concept looks to quash privacy issues Desire Athow presents a new service as a solution to a privacy issue associated with web browsing...

Desktop on Demand, a remote desktop service launched by Security Firm De Futuro, aims at providing IT and document management teams with a full office suite, enhanced privacy and file sharing functionality.

The additional privacy inherent in the product is the result of a remotely hosted Web browser, which eliminates the possibility of the user's usage habits being tracked by the ISP.

"Our users surf from behind the curtain of our domain," explained Paresh Morjaria, managing director of De Futuro. "As a result, web browsing is once more anonymous. This is a huge benefit for users concerned about Big Brother peeping into their Web usage records. From here information can be derived that could negatively impact on their employment opportunities, insurance prospects or relationship with current employers.

Apart from replacing one potential Big Brother with one, the mere use of such a service could be regarded as a black mark against the individual ... if you use this you must have something to hide about your web traffic ... leaking sensitive info, porn, money laundering.

Stored-value card for Wellington transport

Vikram reflects on the 'new' payment method for transport in Wellington.
With this innovation you pay in advance for the discount, pay for the snapper, pay for reloading, pay for reloader device on your computer. I am tempted to move back to Christchurch where they have had the free metrocard and larger discount for years. That is without worrying about the leakage facilitated by unproven security of the card.

Process, process, process!

James McGovern comes right to the point on the project management overhead which is currently embraced as the way to do everything from opening a can of beans to putting a man on Mars.

Why on earth is so much process present? Why does it take three documents and six meetings to write six lines of Java? There are twice as many pages of documentation as lines of code! Well, having worked with the people involved on these documents, plus the development, and the testing, not just on this project but several others, I think I've figured out the purpose: process is being used as a substitute for competence. The funny thing is that I too am losing my sense of humor and are starting to become borgified and believe that CMMi is the perfect way to use process as a substitute for competence. With enough steps, documents, design reviews, and test plans, I think that the proverbial 1,000 monkeys with typewriters really could produce a functional IT system. The incredible amount of mutual reinforcement breaks the task down into such minute pieces that each piece is comprehensible and completable by anyone with even the slightest modicum of coding or testing ability. The added advantage is that no one is required to think let alone understand. It even helps project managers to a pretty good degree of accuracy how long each minute task will take, and can thus do a pretty good job coming up with a (obscenely long) timeline for a project in any stage of development.

Things that are worth five minutes conversation between principals involve battalions of portfolio, programme, project managers and their panoply of governance police without consideration of the competence of the few people that actually do the creative stuff or the fact that the individual commissioning the work has the authority and responsibility to do just that. To move on from the 1970's waterfall, we need clear but much shorter chains of commands along the lines of Jean Luc-Picard "Make it, so!" to a small team of competent players responding "Yes, sir"

Parsing calendar entries

John Udell raises the challenge of translating the human formats of a calendar entry into a machine format. Google Calendars quick add feature does make a fair effort and responds as the human intended in most cases.
From the examples given by John

Tue, 4/1/08	ok
2 Apr - Wed 10:00AM-10:45AM	Gets date wrong (time of day ok)
Weekdays 8:30am-4:30pm	ok
Thu, 11/15/07 - Fri, 4/11/08	ok
Every Tuesday of the month from 10:00-11:00 a.m	ok
Sat., Apr. 05, 9:00 AM Registration/Preview, 10:00 AM Live Auction	ok
2nd Saturday of every other month, 10:00 am-12:00 pm	ok

The API seems to provide a neat packaging of the requirement as a service which could be used in many ways. Problems that are encountered, like the example above, might eventually be dealt with by the team at Google but seem tractable through pre-processing.

Intalio offering BPMS as a service

Intalio has announced availability of its novel approach to running BPMS as a service

The Intalio|On Demand servers are powerful enough to run hundreds of thousands of process instances concurrently. Each server has the equivalent of 1.7 GB of memory, 160 GB of storage, CPU capacity of a 32-bit 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor.

The underlying operating system is rPath Linux, following the Just enough Operating System (JeOS) principle. "This makes the appliance more efficient, smaller, more secure and higher performing than an application running under a full general purpose OS (Wikipedia, JeOS)". The Intalio|On Demand software appliance contains a bare minimal Java 1.5, Open SSH, and Intalio|Server.

The compute power comes from the Amazon Web Services Elastic Compute Cloud (EC2) which gives a fair amount of assurance that capacity and connectivity will be there when you need it.

An organisation using this as a production solution will need to consider its exposure to

• failure in the cloud removing access to fundamental business process engine and related dashboard information
• privacy and security of data passing through a commercial computing host in a jurisdiction that may not have the same legislative protections as your business domicile

But at the extreme, you can develop and test a fully functional BPMS and integration solution on a laptop and then deploy it across the cloud to a worldwide collection of services.

NSW Police ask public to be cameraphone cops

Vikram draws attention to a move to encourage citizens to capture crimes on their cellphones and send the information to the police in NSW. Although increasing the surveillance society normally makes me very uneasy and the police forces across the ditch (and here in NZ) are not always noted for their probity, I think that this is a step in the right direction. This is a step up from the well established 111 (911, 999 ...) call with better information content. The French have laws against recording violent crime unless you are a professional journalist which seems a bit repressive, even for the Europeans, but there is a measure of sense in this. How about encouraging a society where it is normal to report crime to the legitimate enforcement authorities rather than publish for a dubious or prurient purpose? There is a problem however with the general capture storage of surveillance material ... Quis custodiet ipsos custodes?

Children to be added to Britain's DNA database

Mark Townsend and Anushka Asthana in The Observer, March 16 2008 report on the burgeoning DNA database. Now the police are looking to capture data on children who might be thought by someone to be a potential future criminal.

Gary Pugh, director of forensic sciences at Scotland Yard and the new DNA spokesman for the Association of Chief Police Officers (Acpo), said a debate was needed on how far Britain should go in identifying potential offenders, given that some experts believe it is possible to identify future offending traits in children as young as five.

Why do we need training for BPMN and BPMS?

BPMN is intended to formalise the definition of real world business processes. BPMS implementations take a formal definition of business processes (which should be derivable from the BPMN) and control the flow of information around the process. How difficult can it be to develop the design tools to the point that they help the designer think in the 'best practice' of business process and follow the rules of BPMN?

Ismael Ghalimi in Process Discovery describes his plans for experiencing the development of a BPMS-based solution for a well defined requirement. Like most users of a new tool he is going to do it without training. OK, he does have an advantage over mere mortals from close involvement with the underlying standards and a key-player in this emerging market but I look forward to seeing the commentary on his effort.

...model the process at a high level, using an off-the-shelf process modeling tool. For this purpose, I will use Intalio|Designer, but I will do so before having attended a formal training session. The reason for it is the following: while I have been working for Intalio for over 8 years now, and originally came up with the idea and the name for the Business Process Modeling Notation (BPMN), I have never fully read its specification, even less learned the proper way to use it with a process development tool capable of turning pretty pictures into executable code. As a result, I expect this first modeling exercise to produce a process that will look nothing like what I will be capable of doing after having attended the Intalio Traning, and learning more from the gap should be a key benefit of the overall experiment...

Although there is some good training for process design becoming available, I question how much we should be reliant on it to get to work with a formal language (BPMN ), with absolute rules, that is intended to describe things that we are familiar with in everyday business. It is not teaching English to Korean speakers!
I would like Ismael to also consider how the Intalio Designer toolset could be improved with an autopilot or helper that leads you through the process of designing a process and explains the rules of the BPMN as you go.

Privacy and Text Communications

We appear to be facing another challenge to privacy in New Zealand which would take us further towards the surveillance society. The police are seeking the storage of all text communications to facilitate their enquiries. Fortunately, this requires a change in law and will get a bit of discussion. It is to be hoped that the Office of the Privacy Commissioner will be active in the debate.

The relevant rule applying to the retention of text data in NZ is found in the TELECOMMUNICATIONS INFORMATION PRIVACY RULES

Rule 1
Purpose of Collection of Telecommunications Information
Telecommunications information must not be collected by a telecommunications agency
unless:
(a) the information is collected for a lawful purpose connected with a function or
activity of the agency; and
(b) the collection of the information is necessary for that purpose.
Note: Except where it is itself a party to a communication, a telecommunications agency will rarely have a lawful purpose to collect the content of any telecommunication. Indeed, it is unlawful to intercept the content of a private communication in most cases (Crimes Act 1961, Part 9A). There are some limited exceptional circumstances relevant to telecommunications agencies (e.g. where acting pursuant to an interception warrant to assist the Police or SIS). Employees of network operators can, in the course of their duties, intercept telecommunications for maintenance purposes but it is an offence for an employee of a network operator to use or disclose information so obtained for unauthorised purposes – Telecommunications Act 2001, ss.114 and 115).

It is apparent that there is no technical requirement to store all texts to provide services to a party in the communication. Vodafone NZ does not do it and Telecom NZ is going to stop the practice.
Although it may be attractive to the enforcement agencies to be able to dip into a historical pool of all telecommunications in pursuit of information about possible criminals and crimes, this would be a fundamental turn-around in perception of the privacy of communications. It is ridiculous to suggest that telecommunications providers should be breaching this basic requirement of the Privacy Commissioner to be "good corporate citizens" as suggested by Police national crime manager Win van der Velde quoted in Dominion Post 8March .