Thursday, October 3, 2013

Roaring with the Vikings

I plan to go every year on an adventure combined with a IT conference.
In 2010 I went to Belgium for EEMA and Colorado for the Cloud Identity Summit.
 2011 was the time for the Internet Identity WorkShop in San Francisco and Silicon Valley.
2012 was a year without conferences, but my trip to the Panama Canal got me interested in logistics.
And voila where do I work in 2013: Eyefreight, a kick-ass transport management software company with big multinational customers.
But that does not mean 2013 is only logistics for me.
Nope, this year Big Data caught my attention. And when looking for other enthusiasts I got in contact with a Danish daredevil named Morten Middelfart.
He is CTO of Targit, also a kick-ass company, specialized in business Intelligence solutions.

And when I heard they were giving a conference  in Copenhagen in September I knew it was time again to pack my bags: Four days Copenhagen: three days sightseeing and one day conference, mixing business with pleasure, Viking style!

And it did not disappoint me: Copenhagen is a vibrant capitol, with great history and amazing buildings.
The Conference was a combination of showing the new target product: the Targit 2013 Decision suite (link) and the new trends in IT like big data and analytics.
In the morning it started with some great keynotes (guarded by Lenny the Lion) and in the afternoon it was time for the parallel sessions where visitors could listen to people of their interest.
Oh, and did I tell you the King of KPIs, David Parmenter was invited as a keynote speaker?
By demystifying KPI he taught me valuable lessons in Business Performance, and all just in a few hours. Well, his books and recommendations are now on my wishlist and I am eager to see if I can use it in my daily work. 
The other parallel presentations taught me a lot about Social Analytics, airport logistics and the target products, valuable insights!

Then a few hours off (except for a lucky lady who went for a skydive with Morten).
Seven o'clock it was time for drinks and a good dinnerbuffet where the King of KPI entertained us with a story about Shackleton who did not succeed in reaching his goal but still learned us an important leadership lesson.
The evening ended with Kate Perry ‘roaring’her latest song , a recording of the skydive and a breathtaking show by the Copenhagen Drummers.

And then when I thought it was all over my friend Morten came to me and he said he had to do something he promised me some time ago: drinking a beer together. 
So, it was a good day Dr. Morten and I met new friends and new opportunities are in the horizon.
Thanks for giving me the opportunity to roar with the Vikings: AWESOME!!!

Saturday, May 25, 2013

when exploring the cloud brings you to a new employer

In the beginning of 2013 it became clear to me I needed a change.
For almost five years I was in the contract business doing challenging projects for my employer.
But something nagged.
I noticed most projects were in finance and I knew there was more to test, especially in the cloud.
And I wanted to work for a company which was developing for interesting clients in the cloud.
So, I started to go walkabout.
My goal was to find a suitable project in 3 months or less.
Man, if I knew what I was getting myself into.
In 3 months time I saw more companies and organisations then in all my testing career.
Names I won't tell, but let me say this, every big player in finance, e-commerce, navigation, government, insurances etc etc got a call or letter from me.
A lot of telephone calls, emails and invites followed.
At the end of april I struck gold, and in an area which was known to me, but I never imagined to start working for in the cloud: a company in transport management software (see my personal details for more :) ).
Well, and it's completely out of my comfort zone finance.
I need all my knowledge on software testing, test automation, ERP, cloud and review techniques.
And not for only 1 client like I had in my previous projects. Nope, for more than 5, and these are still encounting, I love it.
It's gonna be a hot summer with new stuff to see and learn.
New areas to spread the softwaretesting word., all in the name of quality.

Stay tuned for updates, they certainly will come...

Tuesday, February 26, 2013

Transparancy at a SaaS company

For me, transparancy is one of the most important characteristics a SaaS company or other cloud company (IaaS, PaaS) must have to survive in the current world.
A customer relies 24/7 on the SaaS solution and when something goes wrong (server down, security breach etc.) a customer should be informed immediately so he can adapt to it and hopefully don't loose too much time and money when the SaaS solution is down.

So when I read the tweet by AFAS Software CEO Bas van der Veldt that transparancy is great when you have nothing to hide and AFAS likes transparancy, I made a bold move.
I tweeted back that I want to test that. Promptly I got a tweet back with an invitation to do just that.
But as a SaaS software tester I was really interested in how AFAS deals with traceability, which was also interesting for Mr van der Veldt, so he invited me to come over.
Within a few days arrangements were made and I was invited on Friday 15 February to see how Testing&Development was done at AFAS in a transparant way.

After a nice drive through the Dutch 'hills' (Utrechtse Heuvelrug) I arrived at AFAS.
At arrival in the reception it became clear to me automation was a key process here.
The AFAS reception welcomed me and guided me to a registration unit where I could register myself. Pretty fancy stuff with an automated photocamera to take mugshots (not so fancy :-) ) and a SMS-service telling my host I arrived.
Within minutes my host arrived: Martijn Wouter, teamlead test.
After a brief introduction I was given an elaborate tour through the AFAS building seeing the different departments development, test and support and the inhouse server room. A nice thing to see was the AFAS Usability Lab where it explores through cameras and special software how customers realtime use its software and register the results for future use.
Martijn introduced me to his team and explained the different roles the team members have.
As a professionally educated tester it struck me most testers came from other divisions of AFAS ready to use their knowledge and also eager to learn testing by certifying and visiting workshops.
I see it as a way of exploratory testing, using your skills as a domain tester testing new software, doing testspecification and execution at the same time. The last is not simultaneously at AFAS, which
is no problem, software is rated high by its clients.
Another thing intrigued me: most SaaS-companies work via the agile methodology in small interdisciplinary teams. Martijn explained to me AFAS still uses the waterfall method, but because of the short line development&testing is still moving in a fast pace with the documentation department. Also with the client because of the direct incident system (including automated dashboards).
Next to this, inhouse developed test automation tools speed up tests and ensure test coverage.
Clients are very important to AFAS and AFAS sees to it they are satisfied through the already mentioned Usability lab, the AFAS Theater product and knowledge presentations (SEPA!), an online transparant annual report and special online client and partner dossiers. Traceability meets automation!
Employees are also important for AFAS: during breaks they can play table soccer, spent time in the gym or eat lunch/dinner at the company restaurant.

It was a great Friday afternoon at AFAS. I hereby want to thank AFAS for the opportunity they gave me to have a look into the kitchen of a successfull SaaS company.

Wednesday, January 16, 2013

Protocol of the Month

In my previous blogpost I said I am going to explore OAuth 2.0 more in detail.

Bluntly said, OAuth 2.0 is an open source framework for online datasharing without using a username/password, but by means of access tokens.
This simplifies data sharing for a user and is also more secure, because you do not have to enter your password in a third-party site.
UMA,my pet identity protocol to test of the last two years, is build uponOAuth2.0, making it a OAuth 2.0 profile.

To understand UMA, you have to understand OAuth2.0 first.
This can get quickly technical, demotivating nontechnical users tounderstand OAuth.
This is a pity.
That's why I will discuss OAuth 2.0 and its different authorization flows in a series of blogposts.
Told in a functional way, illustrated with daily used examples like social networks.
If you want to have more technical details I recommend the IETF OAuth2.0 draft.

First,let's have a look at OAuth 2.0 and its roles.
There are four roles:

An entity capable of granting access to a protected resource.
When the resource owner is a person, it is referred to as an enduser.

The server hosting the protected resources, capable of accepting
and responding to protected resource requests using access tokens.

An application making protected resource requests on behalf of the
resourceowner and with its authorization. 
The term client does not imply any particular implementation characteristics (e.g.whether the application executes on a server, a desktop, or other

The server issuing access tokens to the client after successfully
authenticating the resource owner and obtaining authorization.

This can be visualized like in this diagram:

OAuth 2.0 roles as defined in the specification.

Obtaining access tokens is an important part of the OAuth2.0 protocol.
This differs per interaction the OAuth2.0 roles can undertake.
An access token is an example of an authorisation grant, a credential which represents the resource owner's authorization (to access itsprotected resources) used by the client to obtain an access token.
For granting authorization in OAuth2.0 there are four grant types:authorization code, implicit, resource owner password credentials,and client credentials, as well as an extensibility mechanism for deining additional types.

The next blog series will discuss the OAuth grant types

Stay tuned for my online adventures to unravel OAuth2.0 and interact with me through my blog, Twitter and Facebook.