I was just reading this piece on the “three layers” of the Cloud by David Linthicum — incidentally, David will be keynoting Gluecon. I think what David proposes is a useful framework (useful because it’s not overly nuanced) for thinking about the Cloud. Briefly:

Layer 1: The Basics of Infrastructure as characterized by storage, middleware services, communications, virtualization, compute services. Companies typically thought of as “IaaS” vendors are here (Rackspace, Joyent, Hosting.com, etc).

Layer 2: Utilizes the core infrastructure of Layer 1 to build out platform and management services, as characterized by companies like SFdC (force.com), NetSuite, RightNow, Windows Azure, enStratus, and a TON of other PaaS and SaaS companies.

Layer 3: Utilizes Layer 2 to build value-added services and components for the layer 2 offerings, and is characterized by the “app marketplace” phenomenon we’re seeing explode right now.

Within that framework, Glue is trying to take a look at the connective tissue that runs both horizontally in the layers and vertically between the layers. At Layer 2, for example, you’ll see security and interoperability standards, at Layer 3, things like activity streams, etc. Granted, we looking at a lot of stuff that isn’t strictly “connective,” but I think it’s fair to say that even in the event of things like Drizzle or the NoSQL stuff, we’re examining things that *enable* connective pieces. And it’s not just the horizontal connections that are useful, it’s the VERTICAL ones.

My thoughts around this aren’t fully formed, but really that’s why you throw events like Gluecon.

As always, I hope you’ll come explore all of this with us.

In case you didn’t notice, Cloud Camp at Glue is now “sold out.” Okay, “sold out” may be the wrong terminology, since Cloud Camp is free — we’re “at capacity” for Cloud Camp at Gluecon. (Important reminder: being registered for Cloud Camp does not get you into Gluecon.) It’s still cool though, as we’re basically a month out (28 days) and the kick-off activity for gluecon can’t take any more people.

The same thing is happening on the sponsorship front. We’re dangerously close to “sold out” (actually “sold” out) of sponsorships, and I think that’ll probably happen this week.

As for registrations: We officially topped last year’s Gluecon total about 2 weeks ago (for those that don’t run events, that’s pretty amazing). And registrations continue to keep pouring in.

Are you sensing a trend yet? I’m overjoyed with how Glue is shaping up. Some conferences just take on an energy all their own, and Glue is doing that this year. So, in 28 days, amazing people are going to *pack* a resort nestled up against the foothills of the rocky mountains, where they’ll all talk cloud and open web and APIs and identity and app dev awesomesauce for two days. Will you be one of them?

As I’ve mentioned many times in the past, I’m not an engineer. Still, along the way, even the non-engineers like me pick up some tidbits of knowledge. One of the things I learned in my years spent in identity management (“IdM”) is the difference between Authentication (“AuthN”) and Authorization (“AuthZ”). And, as it turns out, that learning is useful.

Take the confusion over OAuth and OpenID. OAuth is “Open Authorization,” while OpenID is an authentication mechanism. While AuthZ and AuthN sometimes feel very similar, they’re actually a pretty different operation.

Authentication is about verifying a person as they login to an application. Authentication can be 1 factor, 2 factor, 9 factor, whatever. It could require DNA if it feels like it. OpenID is about maintaining the “authenticated state” across different sites — what all of us call single sign on (SSO).

Authorization is about granting the ability to access resources or use an application without requiring that the authenticated state be passed across the websites. You LOG IN to twtiter. But you don’t have to log in to a twitter app that wants to gain authorization to your twitter data. You, the authenticated person, *authorize* the application to have access to those resources. The app doesn’t need you to authenticate. And the state of your authentication doesn’t need to persist across the two sites. Hence, the oft-used analogy of the “valet key” being compared to OAuth — it “authorizes” the valet to use certain resources in the car (drive it in a given radius, etc), but it does not “authenticate” the valet to be “logged in” to the car.

As this article points out, OAuth is becoming THE big deal in identity management (in the consumer space). And rightfully so. Authentication is important, but *authorization* can be leveraged. Authorization is built for network effects.

Not that authentication isn’t necessary. It is. It’s just not as sexy.

Fortunately, you can get both sides of the equation at Gluecon, as we’ll be covering OAuth (including the new Web Access Resource Protocol work), and the whole SAML/OpenID complex. If you’re building cloud or web apps, you simply have to understand the implications of all sides of this one. And you can get that at Glue.

We’re 30 days from the conference, so don’t delay — use “twit2″ to take 10% off of your registration, and register today.

This morning I tweeted:

[it's kinda getting sad, no news can get made, nothing can happen w/out me being able to say, "u know they'll be at gluecon" ]

I admit there’s a fair bit of “talking my own book” going on here, as quite obviously, I want to convince people that coming to Gluecon would be a valuable thing. But on the other side of that coin, it really does seem like so much of what’s *hot* in tech is coalescing around Gluecon. Two examples:

1. The whole Facebook Open Graph thing: yea, it’s the talk of tech town. Is it evil? Useful? Insidious? A benefit? A Google Killer? Thankfully, we have Kevin Marks (an early critic), Chris Messina (another critic), David Recordon (Faecbook), and Monica Keller (Facebook) coming to Gluecon. Do ya think we’re gonna talk some Open Graph? Uh yea.

2. Jonathan Ellis went and launched Riptano: Jonathan’s been spearheading Cassandra, and now he’s launching a startup that’ll provide services and support for what is clearly one of the hottest things around.

And that’s just two from the last couple of days!

I was explaining to someone last night that Glue is really interesting because it envisions a future where two separate realms become one. Those realms are enterprise IT and app development on the web. The thing that brings them together is the Cloud. The idea that they could be one and the same (from a programming standpoint) almost seems unrealistic (“enterprise IT will always have it’s own unique requirements” you can hear the ephemeral naysayers whisper). And maybe it is all unachievable.

But I do know this: enterprise developers are increasingly needing the skills of web app developers, and web app developers are increasingly building things that have to run inside of the enterprise. So whether we’re talking cloud architecture or Xauth, Open Graph or performance testing, Operations as Code or Activity Streams — what we’re really talking about is the most exciting horizon for software engineers over the next decade.

I hope you’ll join us.

The gluecon agenda is rounding the final turn and headed toward the finish line, and I gotta tell ya – I’m pretty happy with how’s it’s turning out.

As I scan through it, the breadth *and* depth of technical presentations it what strikes me. And I’m still confirming some final slots. I’m adding things like:

• Chris Messina talking XAuth
• Adrian Cole presenting about cloud provisioning with java and clojure
• A Cloudera expert coming in to dive deep on Hadoop
• A session about Drizzle and Gearman

Of course, besides the late adds, the agenda has sessions like:

• How 2^4 people handle >2^14 users with ~2^16 apps in the cloud
• Memcached: Fast Distributed State for your Site’s Glue
• Configuration Management in the Cloud
• Pricing an API Sucks. Here’s what we did.
• Inside MongoDB: the Internals of an Open-Source NoSQL Database

and topics like Riak, CouchDB, Cassandra, Webfinger, YQL, SAML, OpenID, OAuth, WRAP, cloud testing and performance, hybrid clouds, and VMWare’s vCloud API.

I worked on this agenda with engineers in mind, and actually had the behind the scenes help and advice of several unsung engineering heroes (you know who you are!). I think all of the effort is paying off. We actually received an email from one person (who was registering a block of people) that said she had floated going to Gluecon to the engineering team, and gotten run over by responses — “I had no idea that many people would want to go.”  ;-)

Use the code “twit2″ to take 10% off of your gluecon registration. The crowd’s going to be special, the discussion’s going to be lively, and the experience like no other. Join us.

Alright, I admit it! This whole public-private-hybrid cloud debate the clouderati love to go back and forth about just — *yawn* — never really — *yawn* — did much for me. Only you crazy engineering types could get so worked up over the purity of a definition.

Same thing for the whole “capex/opex” cloud benefit speech. I see it at every single cloud event running today — you know, the “why the cloud will improve your bottom line” panel (or some variation on that theme), and wow I have something approaching zero desire to hear about that.

But until this morning, I could never figure out why. And then I read this piece. In it, Lori MacVittie lays out an amazing argument as to why “the benefits of cloud computing” (as in “public cloud”) aren’t about cost (or efficiency of cost) as a driver. As it turns out, *agility* is probably the key driver in the cloud, with a cost factor coming into play in the private cloud. Let me elaborate a bit.

Agility: This is the one that’s always made sense to me. You want an agile architecture, right? I mean, there’s not a C-level person on the planet that wakes up and says, “you know what we need? An IT architecture that makes us react to change as slowly as possible.” Agility should live at the infrastructure and platform level (an obvious, if not easy, benefit of cloud computing), but it *also* should live at the application layer. In ALL of these cases (infrastructure, platform and application), what makes agility work is “glue” — which is to say, when your architecture allows you to easily connect, disconnect, plug and play, whatever you call it (glue together the networks, data, people and applications), then you’re agile. Forget cost, the pure operational benefit of an agile architecture is self evident. Agility gives you the greater chance of survival in a world that seems to have become a constant stream of black swans.

Cost in the private cloud: This benefit makes perfect sense to me. At the infrastructure level, the private cloud collapses the network administrator (1 function), the security administrator (1 function), and the compliance administrator (1 function) into 1 function (3 into 1), thereby reducing the IT hours in the equation of cost. But it occurs to me that gluecon’s view of the application layer (essentially, one that’s been around since the dawn of SOA), namely, that we need business IT architectures to resemble our webby architecture — in fact, we need it to *become* the same as the web architecture — also lowers the cost of application development, deployment, scalability and interoperability. In other words, I’m wondering does the “cost benefit” of cloud computing happen at the infrastructure layer via a private cloud, at the platform layer via a hybrid cloud and at the application layer via a public cloud?

Anyway you slice it, the issue is not some cheap-hit panel on the “business benefits” of the cloud. It’s actually just *slightly* more nuanced than that. Every engineer in the space knows this instinctively. It’s why you won’t find them hanging around those kinds of panels. It’s why you *will* find them at gluecon.

I hope you’ll join us.

I was just typing up an email to the Gluecon advisory board, and it spurred me on for a quick post.

Let’s take a look at the Gluecon Outline:

May 25th: Cloud Camp from 4-8pm — free and open to the public, but only 9 tickets remain as of this posting (remember: registering for Cloud Camp does not get you into Gluecon, and registering for Gluecon does not get you into Cloud Camp).

May 26th: Gluecon starts. Amazing keynotes (Mike Stonebraker, Eric Brewer, Michael Barrett, Chris Hoff, etc), deep dives into technical topics (NoSQL, Identity, Cloud Frameworks, APIs, etc), and all kinds of agenda awesomesauce.

Evening of May 26th: An evening reception (open bar), followed by a Hackathon (sponsored by Blank Slate and Twilio, with some goodies provided by Mashery) that’ll last until who-knows-when.

May 27th: More Gluecon awesome sauce — Ryan Sarver, Doug Crockford, David Linthicum, and sessions on protocols, cloud stacks, cloud data management, scalability, etc.

Basically, an overload of learning and interacting to make your brain melt. If you missed Chirp, or the MySQL conference, or even some other random cloud event — fuhgedaboutit! Gluecon’s got all of that covered and more. Forget the tired, old, boring expos, trade-shows and lifeless, bland tech conferences. Come hang with the cool kids at Gluecon. (And use “twit2″ for 10% off of your registration.)

Sometimes you just get lucky.

Unless you’ve been hiding under a rock, you’ve no doubt heard about the “platforms vs. developers” flap that’s happening recently around Twitter. As luck would have it, Ryan Sarver (the head of Twitter’s platform group) was the first keynoter that we confirmed for Gluecon (months ago), and, at Ryan’s request, the session will actually be a fireside chat/Q&A time.

At this point any reasonable human is wondering why they shouldn’t just go to Chirp this week (Twitter’s first conference), instead of waiting the month and a half to interact with Ryan at Glue. I think the reason lies in the fact that while Chirp is *all* about Twitter (and their ecosystem), Glue is much more about the larger cloud developer, API ecosystem problem. Glue places “the twitter developer conundrum” in a bigger context. That context relates all of the way out to the whole cloud interoperability, hybrid/public/private cloud debate.

And the issues aren’t inconsequential. Nor are they, as Brad points out in the link above, historically anything new. True “platforms” are rare and special things. And the network dynamics of a platform ecosystem are probably the single most sought after attribute of a technology company. As such, the space between platforms, or between a platform and an application is fertile ground. Ground that gives life to topics like identity management, API terms of service, SLAs, customer support, standards and protocols, etc. In other words, topics that we’ll be covering at Gluecon.

So, yes, sometimes you get lucky. Sometimes a controversy springs up about 45 days out from your conference, and you know that after all of the teeth-gnashing and hand-wringing dies down (you know, in like 45 days or so), people are going to have to dig in. And that’s where Gluecon comes in. Join us.

I added some cool sessions to the agenda this week, so I thought I’d highlight a few here:

Scaling the Social Graph in the Cloud — This discussion will review the technical challenges to running queries that traverse 4, 5 or more relationships across extremely large graph datasets in the cloud.  Advanced data analytics is  moving the analysis of data that may be unstructured and only informally related to multiple entities. Advanced data analytics for web applications can create very large datasets where the relationships may be separated by many degrees, causing significant development challenges for the database layer. Relational database development will be contrasted with graph database development.

A Deep Dive into the NPR API – NPR was the first major media organization to launch a comprehensive public API.  The API itself can be found at http://www.npr.org/api, along with our Query Generator (http://www.npr.org/api/queryGenerator.php), a comprehensive interface that makes using the API easy.

Since the launch, the API has grown tremendously and has realized our goals way more than we expected.  We are delivering over 700 million stories per month using the API (roughly 23 million per day), and that number is growing.  Public users are building fantastic applications (like NPR Addict – http://www.passtimesoftware.com/).  Meanwhile, NPR stations are building their sites around the NPR API, such as KQED (http://www.kqed.org/), WBUR (http://www.wbur.org/) and SCPR (http://www.scpr.org/).  Aggregators and partners are making extensive use of it as well, including Google and Yahoo!

The biggest value to NPR, however, is the fact that the NPR API is now the basis of our entire digital infrastructure. NPR.org, our mobile sites and apps, and everything else we do is based on it.  Our iPad site and app are also based entirely on the API.  We are truly eating our own dog food.

As leaders in the media API space, I plan to share our experiences and copious knowledge with the conference attendees.  I can easily discuss the technical underpinnings that have made it successful, how we have created revenue opportunities around the API, how we have solved some of the metrics issues, how we made the business case to actually make it public, the legal issues involved in a public and private API, etc.

===

In addition to those two sessions, I’ve added some stuff around Scalr, the CSO of Zynga, and David Linthicum giving a closing keynote that looks at the future of service/web/cloud architectures. In other words, Gluecon’s agenda continues to get better and better. I hope you’ll join us for what promises to be the single most exciting tech conference this spring.

It’s clear that whatever success the iPad has (and I’m on record as saying I think it will be huge), that success is enabled by “the cloud.” There is no future for a device like the iPad were it not for the ability of people to store, access, download and upload to “the cloud.” Furthermore, there seems to be a quickening pace around how comfortable people are putting sensitive things in the cloud (a pace that I think the iPad only helps).

In that context, it’s interesting to take a look at what the early early iPad version can teach us about where things will go in the enterprise cloud world:

1. Downloaded Apps are back: As Phil Windley (and several others) has pointed out, there’s something really amazing happening around applications. The iPad is NOT all about the browser. In fact, it’s more about downloading apps (my early mistake: buying the 32GB model thinking I wouldn’t need any space. iPad #2 will be 64GB and 3G). This is interesting for a couple of reasons. First off, apps are “stickier” and can create a much richer experience than a lot of browser-based experiences. Second, there is a dis-intermediation of Google’s search prominence that happens when “it’s all about apps” (this is a VERY important point and one I’ll come back to in later posts). Third, “vendor lock-in” takes on multiple new meanings.

2. Will the enterprise cloud be a downloaded app-centric world? If this is any early indication, it just might. App marketplaces, apps downloaded locally that access the cloud. And all of the accompanying benefits and problems. For one thing, it’ll make the “platform wars” in the cloud all about controlling the app marketplace for enterprises. On the flip-side, interoperability will get solved (although not necessarily in a good way).

3. The “future” of the cloud starts to look radically different — with a whole new set of pitfalls and potential pots of Gold — when you approach through a downloaded app lens, and not a browser lens. It’s a view that I haven’t heard expressed much, but one I think that we need to start thinking about and paying attention to –and quick.

If the iPad is any indication, the “cloud” might be all about the downloaded app.