This week, I've been helping host my good friend and colleague Gianpaolo Carraro at a number of round-tables discussing Software + Services.  We're half-way through; yesterday we conducted a session in Melbourne, and this morning we were in Canberra.  As I write this, I'm at Canberra Airport waiting for our flight to Sydney, where we're on again tomorrow morning.

I have to say it's always fascinating to observe how differently architects in the private sector see the world compared with architects from the public sector.  With regard to Software + Services, in Melbourne much of the discussion centred on the practicalities of integrating internal with external systems.  In particular, authR/N got a fair bit of attention - i.e. how are you going to do SSO between your internal systems and stuff that's hosted by a cloud provider?  Obviously you want your users to have as good an experience as possible, and this doesn't include having to type credentials into every app you access (or incorporate into a mash-up of some kind).  Moreover, what about authorisation?  It's important that you can map internal user auth groups onto the roles that are (presumably) provided by the service running in the cloud.  Very interesting conversation, and to me the entire session was an implicit validation of the model that enterprises will increasingly start to consider externally hosted and run software as well as software that will continue to run on-premise.

On the other hand, at this morning's session in Canberra - to predominantly public sector architects - the focus was much more on the cultural and legaslative aspects of consuming services that are provided by outsiders.  As you'd expect, for some federal agencies, relinquishing control over citizen or national data is simply not an option.  Think tax, or defence.  One of the major concerns is privacy - in the private sector, if someone inadvertantly discloses your financial details, you could probably redress this with some kind of monetary compensation.  In the public sector, if someone inadvertantly discloses something about your - say - health records, then it could potentially ruin your life.  Because of this you could argue the stakes are considerably higher for this sort of information, and the agencies take the custodianship of this information very seriously.

However, having said this, it was also clear that even in the public sector there are lots of commodotised capabilities that dont necessarily hold personal information, or information of concern to national security, that may be very good candidates for externalising.  One example given was ERP - many government purchases are a matter of public record - i.e. department X spent $Y with provider Z.  The financial transaction is already in the public domain, and therefore could be hosted/executed by a third-party provider.  The details of the transaction i.e. exactly what was purchased, may not be, and could be retained on internal ERP systems that are in some way linked with the external application provider.  This to my mind is one of the best aspects of the S+S vision - you can concentrate on what's important for your business (tracking the inventory of what you've bought), and factor out the stuff that's not that interesting (the fiscal details of that purchase).

Anyway - I'm looking forward to the session in Sydney tomorrow morning.  I've attached GP's deck to this post - enjoy!