Though I do not disagree with your conclusions from the architectural point of view, I do wonder if there's not a related issue of collaboration implied by this particular NIST characteristic. Specifically, does my instance of the SaaS offering limit collaboration to only my users, or can people attached to my instance collaborate with people attached to other instances?

This may seem like splitting hairs, but there are real-world business implications. For example VMS (Vendor Managed Services) requires collaboration between persons from different companies. A true SaaS VMS application would allow me to track my people's time while they similtaniously report appropriate data to the client or vendor for approval in their instance. I need my data to be secure to me, but the data that needs to be approved should be shared with the appropriate accounts. The end result is the client or vendor gets what they need and so does the service provider while maintaining their own instances.

An analogy borrowed from social networking is the difference between Facebook and Ning. Everyone on Facebook is their own “instance” and can connect to anyone else where Ning is a collection of social networks with each as a silo of users. Though Ning will let you join as many networks as you want, you must post separately to each.

Just my two cents…

LMAO.

<eom>

The underlying technology is important insofar is the total solution satisfies the technical or standards hurdles necessary for meeting the governance, security or operational needs jointly defined by the business and technology groups responsible for the project.

Your audience is people interested in cloud computing — and that very well may include both CIOs and CEOs. Don't underestimate your impact out there. People look to you for guidance because of your experience, position and obvious chops. And no, I'm not telling you to be responsible to CEOs when you post.

The title of your post is about definitions and what kicked it off was your gut rejection of MX Logic as a SaaS provider.

Might I suggest that while we may have different targets, we both need to be wary of collateral damage?

John

Depends upon who your audience is. If it's an end user, the answer is “perhaps,” or “absolutely” even.

If you are an architect, a security professional or someone being held to a definitional nuance in order to measure SLA's, compliance or understand how an offering might affect you, the answer is “absolutely not.”

These self-absorbed “the only opinion that counts is the business” approach is just as much navel-gazing as a bunch of technologists sitting around debating one another.

Do you really think my audience for that post is a CEO or a CIO?

Further, in case you haven't noticed, the efforts of the Federal Government are being very much guided by the NIST guidance. Those responsible for implementing, managing, governing, auditing and securing the amorphous thing called cloud do consider the things I'm talking about important.

Want to know how I know? Because I was presenting to them right along side Peter Mell from NIST two weeks ago.

So while I may be “off the mark,” I might suggest we're aiming at different targets.

I enjoy your perspective, it's just very different than mine.

/Hoff