Death by, and safety in, committee rule
Thursday, December 23, 2010 at 03:08PM In February 2010, I was on a 6 am flight back home from St. Louis to Chicago. It was completely overcast and, as expected, the ride was bumpy. As unexpected, the ride became HOLY CRAP bumpy. I have no idea why the flight attendant was serving drinks, because we were all over the place. By the time she got to me, I literally had to reach out and grab her before she fell over. I helped her into the seat across the aisle from me, and together we hung onto her cart. It was another twenty minutes before she got up again.
So here’s my bad segue. When things suck, that’s when you get together and figure out how to fix them. You have to recognize the problem, you have to agree on a solution, and then you have to work together. Sounds easy, right? Nah. Democrats and Republicans look at the same issue and see two different solutions.
Sometimes my family wonders why I laugh so hard at Dilbert in the comics each morning. I tell them, before I began traveling for a living 17 years ago, I lived in a cube and in meeting rooms. I know what it’s like to be stuck in endless design meetings. But the fact is, you need those groupthink exercises. It’s how you get consensus, input, feedback, and ass-covering. “Don’t tell me I made a mistake, because in last week’s meeting, you signed off on it.”
Let me rip a story out of my book. At one particular Midwest university, the IT staff, despite supporting several different directories, have come to agreement on a very small number of directories on which to run the larger enterprise. They made their lives easier down the road based on what they did now. SSO, federation, RBAC, everything would be easier when the time came, because they had simplified.
On a broader scale, the IT community has generated standards that serve everybody equally well. Maybe we’re not all speaking the exact same language, but if we have some common options, we can exchange data, interoperate, integrate, and build bridges a lot faster. XML and SAML have been astounding inventions, especially in the identity management realm. For app security, we have OWASP, CVE, and CWE.
There’s still some churning going on. When it comes to single sign on, there are still competing “solutions” from Sun, Microsoft, and others. Of course, much of that has been due to the profit motive. If my solution looks best, I make more money. This is an example of the demotivational poster that says, “None of us is as dumb as all of us.”
But in general, when thinking people come together, they can usually hash out, if nothing else, a reasonable compromise. Can’t we all just get along?