Craig put it this way in a piece called Sxip the Insanity:
For starters — sorry Dick — I think it is insane to go into the hardware business. Who wants to buy a Sxip-branded rack mount?
Marc Canter, a big supporter of SXIP technology, responded using the real-world example of his friends at Marqui and the problems they had with their Salesforce application.
With all their bells and whistles, Salesforce doesn't provide secure reliable provisioning and access control. So if someone leaves your company, they can still get onto the system. Or if you've turned off their account, it's still really there, or the system just ain't secure enough! Whatever the problem is – it can be fatal.
So Sxip figured that their system would a) be a great helper app for Salesforce while b) showing off the power of Sxip.
As a Sxip developer and supporter this is really imporant.
At the same time – they probably also found out that the cost of incorproating identity security into a system is HUGE and it's STILL not that reliable. So why not offer the whole security layer as a hosted service – or even better – a box.
Spend all your time on mapping the two ID systems together – and rest assured that no matter what – the Sxip side of the equation is secure and stable.
Brilliant! – if I say so myself.
Back at the Burton blog, Craig is far from convinced:
He [Marc…] basically says that Sxip's support of Salesforce.com is best served by a hardware appliance. He actually calls it “brilliant.”
I can't imagine how a customer is best served by a software identity infrastructure vendor (Sxip) by being a supplier of hardware. The only way for Sxip to make it work is to charge the customer for more than it is worth. All Sxip is doing is loading software to someone elses box with their name on it. What customer wants to pay Sxip employees for loading software? It simply makes no sense. Dick, rethink this.
What Sxip should be providing is a solution that will simply and easily load and run on anybodys box. When it comes to commodities — rack mount boxes — customer freedom of choice rules.
I ran into a number of people after the “User-centric Identity Day” at Catalyst who were confused by the hardware announcement and ended up thinking SXIP requires specialized hardware.
So let's clear that up at least for everyone who reads this blog: the Sxip Access appliance is only one Sxip option among several. You can implement Sxip in software-only form. Or you can have Sxip Networks host it for you. I think the experimentation with different delivery mechanisms stems from the fact that Dick Hardt cares and thinks about the “long tail” of identity – how sites with few IT resources can become identity enabled.
By the way, for those who don't know Craig Burton's background, he is the man who convinced Novell to stop tying their network operating system to a bizarre, proprietary network appliance known as a Novell server. And indeed, cutting the ties with prioprietary hardware – previously the essence of the network product – opened a whole new world of opportunities for Novell. So in the appliance market, as in many others, Craig's is a voice to be reckoned with.
It's a really interesting discussion.