[syncope-users] Replacing the workflow engine

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[syncope-users] Replacing the workflow engine

Francesco Chicchiriccò
Administrator
Hi Syncopers,
as already briefly discussed in this ML [1], it's time to replace our workflow engine with something live [2], now that our beloved OSWorkflow has been declared officially dead [3].

OSWorkflow was chosen because of some of its features:
* easy to be integrated in existing applications
* provided with many persistence options, including Hibernate (afterwards, JPA)
* fully configurable via XML
* Spring enabled
* flexible enough to allow attaching predefined and custom Java actions to workflow events

Moreover, additional features are requested to let Syncope implement new stuff like [4], [5] and [6].

A brief tour on Google shows some candidates:
* JoGet (http://www.joget.org)
* Activiti (http://activiti.org)
* Pegasus (http://pegasus.isi.edu)
* Taverna (http://www.taverna.org.uk/)
* Sarasvati (http://code.google.com/p/sarasvati/)
* jBPM (http://www.jboss.org/jbpm/)
* Imixs (http://www.imixs.org/)

Out of this list, jBPM is "the" workflow engine, but it is probably too much complex for Syncope needs; Sarasvati looks interesting, even though young...

What do you think? Do you have suggestions /remarks / recommendations about this topic?

Thanks for you contribution.
Cheers.

[1] http://groups.google.com/group/syncope-users/browse_thread/thread/b2e9e8f9fbe7dcc3#
[2] http://code.google.com/p/syncope/issues/detail?id=74
[3] http://www.opensymphony.com/osworkflow/
[4] http://code.google.com/p/syncope/issues/detail?id=75
[5] http://code.google.com/p/syncope/issues/detail?id=77
[6] http://code.google.com/p/syncope/issues/detail?id=94
-- 
Francesco Chicchiriccò

"Computer Science is no more about computers than astronomy
is about telescopes." (E. W. Dijkstra)
Reply | Threaded
Open this post in threaded view
|

Re: [syncope-users] Replacing the workflow engine

Jordi Clement
Hi Francesco (and others), 

replacing OSWorkflow? That has been a topic of hot discussion here over the last few days ;-) The main thing we're debating is whether the workflow should be part of a provisioning engine (like Syncope) and if so, how tightly (or loosely) it should be integrated. Rest assured, this discussion will be taken to the mailing list :-) 

Before I can form myself an opinion, and contribute to the discussion, I guess I'd like to take a step back. So with your permission..

If you take a look at where the major vendors in the IDM (or IAM?) market space are heading, there are two main schools of thought:

1 - One generic tool supports the complete Identity Lifecycle Management process. A single IDM tool deals with both the management/administration of users' access (business processes like provisioning, self-service, authorization etc) and the automation of the actual provisioning process. Quite often reporting and even attestation is part of these tools as well. The beloved Sun IDM, or Oracle IDM but also Novell IDM are prime examples. They also quite often regarded as "technical solutions", mainly used by IT. They do offer support for roles. Sometimes even explicitly support different types of roles (ie. business/technical)

2 - Different tools support and specialize on different parts of the Identity Lifecycle Management process. The management/administration and the actual provisioning of access are regarded as strictly different disciplines. Multiple tools focus on different things and fall in the realm of different parts of the organization. The management and administration (authorization, workflow, self-service access requests, attestation etc) is handled by one tool. The main users are business people who can self manage their access (for instance delegated or through self-service). Very often using a role model of some form that contains a set of (dynamic or static) business roles. Automated provisioning is handled by a different, specialized tool. Business roles are related to technical roles, which in turn map on actual entitlements in the different resources (accounts, group memberships, roles, (a set of) attributes, what ever). All provisioning needs or should be automated. Automation makes sense in a lot of cases, but definitely not all of them. Sailpoint, Aveksa, Novell Compliance Manager are examples of Access Governance tools I'm familiar with and that focus on the business side of things. Provisioning is implemented using the usual suspects; all access governance tools integrate with the "Old School" provisioning solutions or even ESB types of solutions.  

Can I ask you guys to share your vision for Syncope? Would you be able, or willing to clearly put Syncope behind door number 1 or 2? Or do you envision a more hybrid solution that contains elements of both 1 and 2? A tool that offers management, administration, reporting, attestation and provisioning functionality? 

Then, to get back to the actual choice: In my personal opinion (and from my functional perspective) the choice is for a big part related to the above. But even if we shortcut that discussion, and take a look at the choice of a workflow tool itself, I find it hard to really contribute in the form of an actual choice. I end up with a similar question. Do we use it merely to facilitate some of the technical, (internal) mechanics to handle the create, update, delete actions etc? If so, I guess I don't have a strong opinion. As long as it's a workflow engine that is fit for purpose, not too overly complicated, well documented and maintained I would be happy. And we can use to quickly add new functionality to our service. Ernst, Antony, Guru and Stein probably all have ideas and favorites. Or are we going to use it to facilitate business processes as well? Use it to define and support provisioning, approvals, notifications, escalations, attestation (or access reviews)? Are fairly non-technical users going to interact with the workflow engine? In that case I guess we need to spend some time define the broad range of functions the workflow tool should support, look at the functionality it exposes (and how that's done) and how the different groups of people would interact with that. 

regards.

Jordi


On 27 Aug, 2011, at 19:12 , Francesco Chicchiriccò wrote:

Hi Syncopers,
as already briefly discussed in this ML [1], it's time to replace our workflow engine with something live [2], now that our beloved OSWorkflow has been declared officially dead [3].

OSWorkflow was chosen because of some of its features:
* easy to be integrated in existing applications
* provided with many persistence options, including Hibernate (afterwards, JPA)
* fully configurable via XML
* Spring enabled
* flexible enough to allow attaching predefined and custom Java actions to workflow events

Moreover, additional features are requested to let Syncope implement new stuff like [4], [5] and [6].

A brief tour on Google shows some candidates:
* JoGet (http://www.joget.org)
* Activiti (http://activiti.org)
* Pegasus (http://pegasus.isi.edu)
* Taverna (http://www.taverna.org.uk/)
* Sarasvati (http://code.google.com/p/sarasvati/)
* jBPM (http://www.jboss.org/jbpm/)
* Imixs (http://www.imixs.org/)

Out of this list, jBPM is "the" workflow engine, but it is probably too much complex for Syncope needs; Sarasvati looks interesting, even though young...

What do you think? Do you have suggestions /remarks / recommendations about this topic?

Thanks for you contribution.
Cheers.

[1] http://groups.google.com/group/syncope-users/browse_thread/thread/b2e9e8f9fbe7dcc3#
[2] http://code.google.com/p/syncope/issues/detail?id=74
[3] http://www.opensymphony.com/osworkflow/
[4] http://code.google.com/p/syncope/issues/detail?id=75
[5] http://code.google.com/p/syncope/issues/detail?id=77
[6] http://code.google.com/p/syncope/issues/detail?id=94
-- 
Francesco Chicchiriccò

"Computer Science is no more about computers than astronomy
is about telescopes." (E. W. Dijkstra)

Jordi Clement | iWelcome 





Wiersedreef 5-7

Nieuwegein, 3433 ZX 

The Netherlands

 

Tel: +31(0) 30 659 22 54

Fax: +31(0) 30 659 22 56

Mob. +31(0) 6 53 20 43 40

Email: [hidden email]

Website: http://www.iwelcome.nl


The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing iWelcome terms of business or client engagement letter.


Reply | Threaded
Open this post in threaded view
|

Re: [syncope-users] Replacing the workflow engine

Fabio Martelli
Hi Jordi,
first of all thank you for your considerations.

Please find my answers/comments inline.

Hi Francesco (and others), 

replacing OSWorkflow? That has been a topic of hot discussion here over the last few days ;-) The main thing we're debating is whether the workflow should be part of a provisioning engine (like Syncope) and if so, how tightly (or loosely) it should be integrated. Rest assured, this discussion will be taken to the mailing list :-) 

Before I can form myself an opinion, and contribute to the discussion, I guess I'd like to take a step back. So with your permission..

If you take a look at where the major vendors in the IDM (or IAM?) market space are heading, there are two main schools of thought:

1 - One generic tool supports the complete Identity Lifecycle Management process. A single IDM tool deals with both the management/administration of users' access (business processes like provisioning, self-service, authorization etc) and the automation of the actual provisioning process. Quite often reporting and even attestation is part of these tools as well. The beloved Sun IDM, or Oracle IDM but also Novell IDM are prime examples. They also quite often regarded as "technical solutions", mainly used by IT. They do offer support for roles. Sometimes even explicitly support different types of roles (ie. business/technical)

2 - Different tools support and specialize on different parts of the Identity Lifecycle Management process. The management/administration and the actual provisioning of access are regarded as strictly different disciplines. Multiple tools focus on different things and fall in the realm of different parts of the organization. The management and administration (authorization, workflow, self-service access requests, attestation etc) is handled by one tool. The main users are business people who can self manage their access (for instance delegated or through self-service). Very often using a role model of some form that contains a set of (dynamic or static) business roles. Automated provisioning is handled by a different, specialized tool. Business roles are related to technical roles, which in turn map on actual entitlements in the different resources (accounts, group memberships, roles, (a set of) attributes, what ever). All provisioning needs or should be automated. Automation makes sense in a lot of cases, but definitely not all of them. Sailpoint, Aveksa, Novell Compliance Manager are examples of Access Governance tools I'm familiar with and that focus on the business side of things. Provisioning is implemented using the usual suspects; all access governance tools integrate with the "Old School" provisioning solutions or even ESB types of solutions.  

Can I ask you guys to share your vision for Syncope? Would you be able, or willing to clearly put Syncope behind door number 1 or 2? Or do you envision a more hybrid solution that contains elements of both 1 and 2? A tool that offers management, administration, reporting, attestation and provisioning functionality? 

In order to build a useful and simple solution I do think that, first of all, Syncope should be a complete IDM solution (including auditing&reporting and a quite good support for roles).

With a consolidated IDM solution (with all features in roadmap) it will be possible to start to plan the next steps (maybe jointly): we are strongly intentioned to include in Syncope some relevant elements behind the "door" number 2.

Then, to get back to the actual choice: In my personal opinion (and from my functional perspective) the choice is for a big part related to the above. But even if we shortcut that discussion, and take a look at the choice of a workflow tool itself, I find it hard to really contribute in the form of an actual choice. I end up with a similar question. Do we use it merely to facilitate some of the technical, (internal) mechanics to handle the create, update, delete actions etc? If so, I guess I don't have a strong opinion. As long as it's a workflow engine that is fit for purpose, not too overly complicated, well documented and maintained I would be happy. And we can use to quickly add new functionality to our service. Ernst, Antony, Guru and Stein probably all have ideas and favorites. Or are we going to use it to facilitate business processes as well? Use it to define and support provisioning, approvals, notifications, escalations, attestation (or access reviews)? Are fairly non-technical users going to interact with the workflow engine? In that case I guess we need to spend some time define the broad range of functions the workflow tool should support, look at the functionality it exposes (and how that's done) and how the different groups of people would interact with that. 

The wf engine will be used to facilitate business processes: questions in object comes from the necessity to start the implementation of approval and notification features. We cannot start to implement this functionalities before replacing the current wf engine.

Can I ask to Ernst, Antony, Guru and Stein their opinion about WF engines suggested? Have you guys something to suggest?

A brief tour on Google shows some candidates:
* JoGet (http://www.joget.org)
* Activiti (http://activiti.org)
* Pegasus (http://pegasus.isi.edu)
* Taverna (http://www.taverna.org.uk/)
* Sarasvati (http://code.google.com/p/sarasvati/)
* jBPM (http://www.jboss.org/jbpm/)
* Imixs (http://www.imixs.org/)

Regards,
F.


regards.

Jordi


On 27 Aug, 2011, at 19:12 , Francesco Chicchiriccò wrote:

Hi Syncopers,
as already briefly discussed in this ML [1], it's time to replace our workflow engine with something live [2], now that our beloved OSWorkflow has been declared officially dead [3].

OSWorkflow was chosen because of some of its features:
* easy to be integrated in existing applications
* provided with many persistence options, including Hibernate (afterwards, JPA)
* fully configurable via XML
* Spring enabled
* flexible enough to allow attaching predefined and custom Java actions to workflow events

Moreover, additional features are requested to let Syncope implement new stuff like [4], [5] and [6].

A brief tour on Google shows some candidates:
* JoGet (http://www.joget.org)
* Activiti (http://activiti.org)
* Pegasus (http://pegasus.isi.edu)
* Taverna (http://www.taverna.org.uk/)
* Sarasvati (http://code.google.com/p/sarasvati/)
* jBPM (http://www.jboss.org/jbpm/)
* Imixs (http://www.imixs.org/)

Out of this list, jBPM is "the" workflow engine, but it is probably too much complex for Syncope needs; Sarasvati looks interesting, even though young...

What do you think? Do you have suggestions /remarks / recommendations about this topic?

Thanks for you contribution.
Cheers.

[1] http://groups.google.com/group/syncope-users/browse_thread/thread/b2e9e8f9fbe7dcc3#
[2] http://code.google.com/p/syncope/issues/detail?id=74
[3] http://www.opensymphony.com/osworkflow/
[4] http://code.google.com/p/syncope/issues/detail?id=75
[5] http://code.google.com/p/syncope/issues/detail?id=77
[6] http://code.google.com/p/syncope/issues/detail?id=94
-- 
Francesco Chicchiriccò

"Computer Science is no more about computers than astronomy
is about telescopes." (E. W. Dijkstra)

Jordi Clement | iWelcome 


<mail iWelcome.png>




Wiersedreef 5-7

Nieuwegein, 3433 ZX 

The Netherlands

 

Tel: +31(0) 30 659 22 54

Fax: +31(0) 30 659 22 56

Mob. +31(0) 6 53 20 43 40

Email: [hidden email]

Website: http://www.iwelcome.nl


The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing iWelcome terms of business or client engagement letter.



Reply | Threaded
Open this post in threaded view
|

[syncope-users] Re: Replacing the workflow engine

Antony Pulicken
Hi Fabio,

I have worked extensively on an older version of jBPM around 4 years
back. Even though it was not really mature at that point of time, it
served our purpose. We also got lot of support from Tom Baeyens
(founder of jBPM).  Four years back jBPM only supported jPDL(jBPM
Process Definition Language), a custom Java-based process-oriented
programming model that brings workflow and BPM to the Java development
environment. Now it looks like it has really matured and have added
support for the following:

-Use BPMN2.0 as the language for defining business processes
-Eclipse-based and web based IDE for creating the business process
graphically (drag and drop/wizard)
-Pluggable persistance framework based on JPA
-Pluggable human task service based on WS-HumanTask for including
tasks that need to be performed by human actors
-Monitoring/Reporting capabilities
-Integration with Spring
-It can run as a service or can be part of the project as a library

So, jBPM definitely supports all the features listed by Francesco (and
more..) and I have used most of those features in the older version
itself.

Now, here's the twist: The core team including Tom left JBoss to join
Alfresco and started Activiti. I also read that  Activiti5 is jBPM4
design and jBPM5 is built on Drools Flow code base !! I will take a
look at Activiti and will get back to you.

Regards,
Antony.

On Aug 31, 12:28 pm, Fabio Martelli <[hidden email]> wrote:

> Hi Jordi,
> first of all thank you for your considerations.
>
> Please find my answers/comments inline.
>
> > Hi Francesco (and others),
>
> > replacing OSWorkflow? That has been a topic of hot discussion here over the last few days ;-) The main thing we're debating is whether the workflow should be part of a provisioning engine (like Syncope) and if so, how tightly (or loosely) it should be integrated. Rest assured, this discussion will be taken to the mailing list :-)
>
> > Before I can form myself an opinion, and contribute to the discussion, I guess I'd like to take a step back. So with your permission..
>
> > If you take a look at where the major vendors in the IDM (or IAM?) market space are heading, there are two main schools of thought:
>
> > 1 - One generic tool supports the complete Identity Lifecycle Management process. A single IDM tool deals with both the management/administration of users' access (business processes like provisioning, self-service, authorization etc) and the automation of the actual provisioning process. Quite often reporting and even attestation is part of these tools as well. The beloved Sun IDM, or Oracle IDM but also Novell IDM are prime examples. They also quite often regarded as "technical solutions", mainly used by IT. They do offer support for roles. Sometimes even explicitly support different types of roles (ie. business/technical)
>
> > 2 - Different tools support and specialize on different parts of the Identity Lifecycle Management process. The management/administration and the actual provisioning of access are regarded as strictly different disciplines. Multiple tools focus on different things and fall in the realm of different parts of the organization. The management and administration (authorization, workflow, self-service access requests, attestation etc) is handled by one tool. The main users are business people who can self manage their access (for instance delegated or through self-service). Very often using a role model of some form that contains a set of (dynamic or static) business roles. Automated provisioning is handled by a different, specialized tool. Business roles are related to technical roles, which in turn map on actual entitlements in the different resources (accounts, group memberships, roles, (a set of) attributes, what ever). All provisioning needs or should be automated. Automation makes sense in a lot of cases, but definitely not all of them. Sailpoint, Aveksa, Novell Compliance Manager are examples of Access Governance tools I'm familiar with and that focus on the business side of things. Provisioning is implemented using the usual suspects; all access governance tools integrate with the "Old School" provisioning solutions or even ESB types of solutions.  
>
> > Can I ask you guys to share your vision for Syncope? Would you be able, or willing to clearly put Syncope behind door number 1 or 2? Or do you envision a more hybrid solution that contains elements of both 1 and 2? A tool that offers management, administration, reporting, attestation and provisioning functionality?
>
> In order to build a useful and simple solution I do think that, first of all, Syncope should be a complete IDM solution (including auditing&reporting and a quite good support for roles).
>
> With a consolidated IDM solution (with all features in roadmap) it will be possible to start to plan the next steps (maybe jointly): we are strongly intentioned to include in Syncope some relevant elements behind the "door" number 2.
>
> > Then, to get back to the actual choice: In my personal opinion (and from my functional perspective) the choice is for a big part related to the above. But even if we shortcut that discussion, and take a look at the choice of a workflow tool itself, I find it hard to really contribute in the form of an actual choice. I end up with a similar question. Do we use it merely to facilitate some of the technical, (internal) mechanics to handle the create, update, delete actions etc? If so, I guess I don't have a strong opinion. As long as it's a workflow engine that is fit for purpose, not too overly complicated, well documented and maintained I would be happy. And we can use to quickly add new functionality to our service. Ernst, Antony, Guru and Stein probably all have ideas and favorites. Or are we going to use it to facilitate business processes as well? Use it to define and support provisioning, approvals, notifications, escalations, attestation (or access reviews)? Are fairly non-technical users going to interact with the workflow engine? In that case I guess we need to spend some time define the broad range of functions the workflow tool should support, look at the functionality it exposes (and how that's done) and how the different groups of people would interact with that.
>
> The wf engine will be used to facilitate business processes: questions in object comes from the necessity to start the implementation of approval and notification features. We cannot start to implement this functionalities before replacing the current wf engine.
>
> Can I ask to Ernst, Antony, Guru and Stein their opinion about WF engines suggested? Have you guys something to suggest?
>
> >> A brief tour on Google shows some candidates:
> >> * JoGet (http://www.joget.org)
> >> * Activiti (http://activiti.org)
> >> * Pegasus (http://pegasus.isi.edu)
> >> * Taverna (http://www.taverna.org.uk/)
> >> * Sarasvati (http://code.google.com/p/sarasvati/)
> >> * jBPM (http://www.jboss.org/jbpm/)
> >> * Imixs (http://www.imixs.org/)
>
> Regards,
> F.
>
>
>
>
>
>
>
>
>
> > regards.
>
> > Jordi
>
> > On 27 Aug, 2011, at 19:12 , Francesco Chicchiriccò wrote:
>
> >> Hi Syncopers,
> >> as already briefly discussed in this ML [1], it's time to replace our workflow engine with something live [2], now that our beloved OSWorkflow has been declared officially dead [3].
>
> >> OSWorkflow was chosen because of some of its features:
> >> * easy to be integrated in existing applications
> >> * provided with many persistence options, including Hibernate (afterwards, JPA)
> >> * fully configurable via XML
> >> * Spring enabled
> >> * flexible enough to allow attaching predefined and custom Java actions to workflow events
>
> >> Moreover, additional features are requested to let Syncope implement new stuff like [4], [5] and [6].
>
> >> A brief tour on Google shows some candidates:
> >> * JoGet (http://www.joget.org)
> >> * Activiti (http://activiti.org)
> >> * Pegasus (http://pegasus.isi.edu)
> >> * Taverna (http://www.taverna.org.uk/)
> >> * Sarasvati (http://code.google.com/p/sarasvati/)
> >> * jBPM (http://www.jboss.org/jbpm/)
> >> * Imixs (http://www.imixs.org/)
>
> >> Out of this list, jBPM is "the" workflow engine, but it is probably too much complex for Syncope needs; Sarasvati looks interesting, even though young...
>
> >> What do you think? Do you have suggestions /remarks / recommendations about this topic?
>
> >> Thanks for you contribution.
> >> Cheers.
>
> >> [1]http://groups.google.com/group/syncope-users/browse_thread/thread/b2e...
> >> [2]http://code.google.com/p/syncope/issues/detail?id=74
> >> [3]http://www.opensymphony.com/osworkflow/
> >> [4]http://code.google.com/p/syncope/issues/detail?id=75
> >> [5]http://code.google.com/p/syncope/issues/detail?id=77
> >> [6]http://code.google.com/p/syncope/issues/detail?id=94
> >>  --
> >> Francesco Chicchiriccò
>
> >> "Computer Science is no more about computers than astronomy
> >> is about telescopes." (E. W. Dijkstra)
>
> > Jordi Clement | iWelcome
>
> > <mail iWelcome.png>
>
> > Wiersedreef 5-7
>
> > Nieuwegein, 3433 ZX
>
> > The Netherlands
>
> > Tel: +31(0) 30 659 22 54
>
> > Fax: +31(0) 30 659 22 56
>
> > Mob. +31(0) 6 53 20 43 40
>
> > Email: [hidden email]
>
> > Website:http://www.iwelcome.nl
>
> > The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing iWelcome terms of business or client engagement letter.