Back in December, James asked a few good questions regarding CMIS.  I thought I would take a minute to answer them as best I could, with apologies for the delay.  Any insight into making my answers more complete are welcome.  I am only on the outside looking into the process.

• Should EMC/Documentum dump their [Edit: Removed adjective] DFS implementation once CMIS support is released?

I’m torn here.  I believe that CMIS should be 100% supported, but it does not cover everything.  There will always be some vendor specific features that will need to be listed.  My general thought is that it will not.  CMIS will coexist so that changes made to incorporate new features in Documentum will not impact the CMIS implementation which must match the standard.

Plus, telling those that have invested time into DFS, correctly or not, that they need to completely overhaul things instead of making minor changes seems unlikely.

• Will CMIS implementations support important security standards such as SAML?

Unknown on SAML at this point.  I am fairly confident that it is, or has been, under discussion.  The presentation that drove the whole security discussion can be found online.  They are working to refine the process based upon the meeting and work to be done before the next meeting.

As for XACML, it is out and it doesn’t appear to have been close.  I’m guessing it has to do with simplicity.  I got the following note from the Minutes of the First  Face-to-Face Meeting: Policies vs. ACLs: We agreed that if we can directly incorporate an ACL model into CMIS, we should consider removing the “Policy” object entirely for v1.

• While we understand that ECM systems should store content, not users, do the ones that store users require junking up the specification in order to accommodate?

I don’t think that this is going to happen.  The issue of authentication needs more addressing, but I don’t think they are going to junk it up to solve it.  The standard doesn’t care how you manage users and I don’t see why it would.

• How should ECM incorporate? Do you prefer content server –> CMIS or content server –> DFC –> DFS –> CMIS?

I think James means “EMC” and not “ECM”.  I think the proper implementation would be Content Server — > DFC –> CMIS.  All of the Documentum clients interact with the Content Server through the DFC, so I feel good about this.  I see no reason to insert DFS in the middle.  The current implementation does this, but I believe this was more for speed of development than anything else.  I feel that taking DFS out of the loop would make for a more efficient implementation.

Let’s all keep in mind that all implementations are not necessarily indicative of how the final implementations will look.  I’m happy to have implementations at this point.  In theory, if anyone changes how it works before the final release, it should be a smooth transition.  After all, that is the point of a standard, you don’t care about how the interface is implemented, only that it is there.

• Once an implementation of CMIS is released, should vendors make it work with prior versions or should they force upgrades?

I think a minimum version would be reasonable.  After all, there is only so much regression testing that they will perform.  My guess is the EMC will support back to D6.  James does raise a GREAT point here in having vendors test against old version.  That would be another reason for EMC to base things on the DFC.  The core commands needed to support CMIS haven’t changed much since 5.x, or 4.x even.  5.x support would be great.

• How self-describing should the WSDL be? For example, should each element have a choice type or should we resort to less optimal “helpers”?

This needs to be easy.  There are pros and cons to every choice here.  Clear documentation is what will help, regardless of the choice.  I prefer more self-describing, but I would rather other’s chimed-in on this one.

• Should CMIS support WS-Transactions?

YES!!!  I would expect this to be a subsequent version of the standard and not the 1.0 version.  I can see debate on this topic delaying the standard and I would rather see a solid standard released that can the be expanded upon, rather than wait an extra year.  This should be in the roadmap for the standard and debate should start as soon as the 1.0 standard is released for comment.

• The conversation to date has been all about producers. Any thoughts on how consumers will embrace? Thoughts on how Siebel, SalesForce, etc could leverage?

I’ve been in this conversation on both sides.  I recently said good things about Microsoft making SharePoint a consumer of CMIS.  This will work great for CEVAs as well, potentially pushing a few players into more expansive roles in the marketplace.  Exalead, a participant in the CMIS discussions, is a search vendor, and presumably a consumer.

I think that this provides great potential for consumer applications.

• How should compression be handled within an ECM SOA?

Carefully?  This is actually a concern of mine.  Simple use-case, a scanned image sits in a repository.  It has been decreed that at the stored resolution, it meets the requirements to be a record.  Now you compress it for transmission to the consumer application.  Is it still an official copy, or just a referential copy for research purposes?  I don’t know the answer to that question.

I do know that as long as both ends of the CMIS equation are inside the firewall, this issue can be delayed.  It will become important, and may be important enough now.  Opinions?  Thoughts?