However, the highlight of the show was SAP’s disclosure of its business process management (BPM) product strategy.
SAP’s GRC offering coordinates access control with an organization’s compliance-related activities. SAP announced it will expose eight different web services through its NetWeaver platform that can be used with external identity management programs to close the loop on who can, and should access SAP data and processes.
Among the highlights, SAP will make available a roll management service, which helps you check which roles have what levels of access to SAP. Other services, such as risk management, can help you check exposure to compliance violations, such as where duties are not properly segregated. For instance, regulations such as Sarbanes-Oxley (SOX) stipulate that functions, such as creation of new payee accounts, aren’t handled by the same person who also authorizes payment.
SAP is also offering remediation workflow services so that when identity management systems or other external tools spot potential problems, that SAP’s GRC tool will make the appropriate changes in access control to SAP.
So far, IBM has worked to integrate its Tivoli Identification Management (TIM) system with SAP’s new GRC web services. Sun has also done same with the identity management piece of its Java Identity Manager.
While SAP’s GRC web services are available now, the more interesting portion of the announcement related to what SAP will release next year. At TechEd, it announced its long-awaited BPM strategy.
BPM will be one of three pillars of SAP’s composite application strategy. They include the NetWeaver Composition Environment (SAP NetWeaver CE), which provides the tooling for software developers to piece together web services. It also includes an SOA repository that, like competitive offerings, will store UDDI and other relevant, non-web service artifacts. And finally, there’s the BPM piece, where business analysts and process experts would work with visual aids and BPMN modeling notation to chart out business processes.
According to Aiaz Kazi, vice president for SAP’s NetWeaver platform marketing, the idea will be to go from BPM model directly to execution. Instead of what he termed the roundtrip scenarios, where business analysts chart process flows and then software developers piece together the executables in a two step process, the BPMN would be directly translated to Java byte code that would commandeer the web services.
That’s one of the paths that SAP is planning for making BPMN executable; another would be to translate form BPMN to BPEL. It’s a concept that’s similar to the executable UML that’s being promoted by E2E as its approach to BPM.
According to Kazi, the results are that executables stay in sync with BPM models, and there would be performance benefits. He adds that, while such an approach might seem low level because of the translation directly to byte code, the richness would come from the universe of services that SAP already packages for its application, plus whatever is made available through SAP’s third party ecosystem.
Our View
SAP is taking an interesting, if not exactly a surprising step in its approach to BPM. Providing a direct path from BPMN to executable helps eliminate the middleman and keeps processes nicely managed inside SAP’s wall garden. That’s exactly in step with SAP’s existing strategy, which also features its own middle tier and relinquishes control only when it comes to physically storing the data in a relational database (remember, SAP’s data clusters are practically indecipherable to SQL DBAs).
That makes us wonder if and when SAP will come out with the next piece of the puzzle: an enterprise service bus (ESB). It’s staying quite mum on the topic, but offering its own bus would remain entirely consistent with its strategy. Count it a sheer coincidence, but Kazi, who directs marketing for the NetWeaver platform, knows message busses pretty well, as he came from Tibco.
