Foundations for Building Enterprise Social Networks

Traditional business models have focused on a process and interaction model that hasn't changed for more than 100 years. This traditional model involves a hierarchical approach where there is an expectation that all good ideas come from the leaders at the top of the organization. This model creates barriers for fully utilizing the core knowledge and experiences of each and every individual within the enterprise. However, with the injection of some fundamental Web 2.0 technologies such as social networks, businesses can finally tap into the knowledge of all their employees, partners, and customers. This notion of collective intelligence is critical for businesses to understand, so they can map these new Web 2.0 technologies into their organizations.

Enterprise Social Networks are made of people who are linked together in some fashion. These linkages can be formal and well defined like an organizational structure, partner network, or a team workspace membership. The social network may also be informal and more fluid in nature based on shared goals, objectives, expertise, or projects. In this case, it is the information and meta-data (or description of the information) that logically links individuals together. Because of their diversity, social networks have broad requirements, and the technologies required to fully deliver on the promise of enterprise knowledge sharing must be comprehensive yet very simple to use.

Key Social Network Enablers

Building a social network requires technologies to create and share information and discover experts. These technologies range from simple tools for users to collaborate and share information to capabilities that help track progress toward specific goals and measure success.


In a Web 2.0 era, pages are arguably the most important way to share information. Therefore, composing pages must be intuitive, simple, collaborative, and expressive. Wikis are a good start and provide the foundation for collaboration, but they don't go far enough. A more complete list of the necessary capabilities includes:

Rich and yet extensible set of available resources. Call them widgets, gadgets, portlets, whatever you like, but in order to express knowledge, the right components need to be available for users to compose their pages. Unfortunately, system designers can never anticipate all the user needs nor do they have time or resources to build out every single component. In addition, these pages need to include information from throughout the enterprise, as well as across the Internet. In this case, there are key standards to consider for the page model. They include JSR-168 and WSRP. Both of these standards are familiar in the portal market space but are critical when one considers models for easily plugging new components into an existing set of pages. Therefore, any solution capable of fulfilling the needs of enterprises must support these basic standards.

In-place rich text editing, including the ability to change styles and themes. Users need a collaborative way of sharing information that isn't dependent on passing around the "right" version of a specific document. Whether it is the entire page that will simply be a text document or a section of the page that requires text, creating a rich text page should be as simple as creating a wiki page, and adding rich text to an existing page should be extremely simple. Every person and every team wants their information and ideas to be presented and appear as clear and professional as possible. However, not everyone has the eye or skills to make their pages look as if an expert designer created the page. Including design styles and themes that can be applied quickly and easily to existing pages will encourage users by making their ideas stand out from all the rest. In this area, JSF provides the key underlying technology called Skins, which allows for these professional styles to be defined by more than just color schemes. Skins can include layouts, look and feel, and basic navigation. JSF Skins combined with some of the other technologies described below are key to providing a much more adaptive user interface.

Sharing pages with those you want and keeping them private from those you don't. Outside of a well-defined membership space, the common usage pattern is for all pages to be available to everyone. But, for the times where a limited set of users should be the only ones with access to certain information, a user must have the ability to define who has the right to view specific content. Leveraging JavaServer Faces (JSF), the page model enables the application to keep these permissions separate from the rest of the application logic. In addition, JSF provides both the application code and a description about the application. In this way, JSF establishes the foundation for how customizations and personalizations will be saved, accessed, and presented in the context of the application. There is a more detailed description of customizations below.

Users have high expectations for the way they interact with these new Web 2.0 applications. They expect all the bells and whistles that are available on the public Internet including capabilities such as drag-and-drop component arrangement, dynamic layout changes, in-place component editing without leaving the page, component minimize, maximize, expand and collapse, and partial page refresh of enterprise data. The Apache Foundation started the Trinidad project to enable these AJAX-based controls to foster the open source community to deliver these types of components.

In order to make everything on the page relevant to a particular user or task, enabling in-context viewing, users want to be able to mashup these components. They also want to combine enterprise information with Internet services. The key standards here are WSRP 2.0 and JSR-286 along with de facto standards like Google gadgets and Web services. They allow one component to pass context to another. The challenge here is that there is no transactional integrity across these two components. JSR-301 provides a key concept of exposing JSF fragments as portlets, so developers can build their JSF applications as they normally would and then expose a portion of the application as a portlet. This also provides developers with a single place to manage their applications and portlets rather than managing two projects: one for the application and one for creating portlets.

Tailoring a page or application so that it works for every department or line of business is a must. Page customization, common to the portal world, is a very important technology for the enterprise. Allowing each user to modify the page is commonly referred to as personalization. Having an infrastructure that can handle all these customizations and personalizations requires a core service to manage and retrieve all this metadata. More important, these customizations should be easy to change once the application has been deployed. Figure 1 shows how all of these customizations and personalizations get layered to present an application to the user. As mentioned before, JSF provides a description of the application and then key technologies are required to save these customizations as layers. This is required so that when version 2 of the application is deployed, these layered customizations can be added on top of the new version without being lost. Developers require a set of JSF components that have this customization architecture built-in to minimize the complexity of leveraging such a powerful solution.


This is a broad category for all documents including PDF, PowerPoint, and Word along with files such as images and video. Many organizations have a standard deployment for document management or enterprise content management. Documents are an enabler to social networks when they are shared, thus the sharing and publishing capabilities of the content management system are extremely important. Several key feature considerations include:

• Simple sharing model to easily grant access to everyone including specific users or groups.
• Search integration to categorize and quickly find relevant documents is essential.
• Rich publishing components with expiration and approval capabilities built in.
• Versioning of content so that changes can be tracked for regulatory and compliance reasons.
• Large volume storage and retrieval as everyone in the organization will need access.
• Document sealing so that only privileged users can gain access and read the content.
• Policies and business rules for archival and storage of documents.
• Easy authoring of documents similar to the previous description of wiki pages.

In order to be able to write one application but integrate any corporate standard for content management like Oracle, Documentum, or Sharepoint, Java Content Repository (JCR) 1.0 is key to insulating the developer and user from the back-end system. Leveraging another key standard, JSR-227, insulates the developer from having to connect the user interface to this back-end JCR standard.


Quite obviously, organizations need a place where users can share ideas and refine their thoughts with others' input. Discussions provide a mechanism to keep their thoughts and feedback organized. Many users today see e-mail as the system to easily carry on discussions. This is why online discussions need tight integration with e-mail to help manage these ad-hoc conversations in a threaded or related way. In addition to e-mail, there are a set of Web services that allow developers to integrate threaded discussions directly into their applications.

Instant Messaging and Presence (IMP)

Easily locating information workers and communicating with team members and subject matter experts is essential to making everyone in the organization more productive. They need to have the best communication methods available to everyone when they need to accomplish a task. This information must be available right at the point of interaction. Users don't want a portlet of all the users or buddies known; they want to know the presence of the owner of the document they need for their customer. Both SIP and JSR 116 provide a standard way to find someone's presence. And a specialized JSF tag allows developers to embed presence directly in their application without needing to be an expert in the SIP protocol.

Notifications, Worklist, and Tasks

With all the enterprise and custom applications that users interact with each day, there is no easy place to find an aggregated list of all the tasks they need to accomplish. Users have to visit one application to submit and approve expenses. Then visit another application to administer their benefits programs. Yet another application enables them to order new supplies and products. But they don't have any single place to track all these actions and their current status. BPEL and an aggregated worklist are essential for users to get a handle on all their processes, orders, tasks or actions. Then when you combine personal and team-based tasks, the user has one area to go to find all their deliverables. This worklist has to be easily configurable to connect to all the different BPEL engines that are deployed for each and every application within their company.


Scheduling team meetings or events is one basic capability within social networks. Whether the meeting is an in-person meeting or an on-line meeting, teams need an easy way to schedule meetings (both personal and team based) with the right participants. As these team meetings are scheduled, each participant needs to be notified and will then accept or deny the invitation. The two key standards in this space are iCal and CalDAV. They both provide an easy way to integrate the existing infrastructure with these new social networks.


Tags are a bit of information that each user is able to attach to any object in the social network to help classify the information and make it easy to find. It is a way to classify all information but from a user's point of view. Not limited to a prescribed organizational structure defined by a developer or business users, information workers can create a user-driven categorization or Folksonomy. Combining the power of these user-defined tags with some of the other services mentioned above, the information and people can be linked and easily discovered. There are few standards in this area; however, the requirements for enabling social networks are twofold: a storage model for this metadata with appropriate Web services and a JSF tag to allow developers to easily add this service to their applications.


Empowering information workers to take control over how new and existing enterprise information is organized is critical for the success of these social networks. Creating connections or links between information such as linking a document to a discussion forum or a document to a page is a key enabler. An architecture where each of these services can easily be added to the system is required. The second half is to provide a simple user interface for business users to be able to link tasks with a specific document or to link a team event with a set of documents. But rather than copying this information from one location to another, it should be easy to link it directly. The requirements here might not be as obvious but they have to leverage all of the standards mentioned previously and provide a simple JSF tag to allow developers to quickly get all related items to the object in view. Tags and Links really bring all the services together to provide a rich social network of people and information.

Key Social Network Considerations Adaptive Services Model

All of these enabling technologies must also fit within the existing infrastructure choices that have already been put in place for each organization. Too often, Software as a Service (SaaS) offerings rely on their infrastructure to enable all of these technologies but they don't fit with the rest of the enterprise architecture. The alternative is the need to "upgrade" to the new solution that replaces all of the back-end servers that were already in place. In order for these new technologies to provide real business value to the organization, they must provide an adaptive services model to allow any back-end system to participate in these dynamic social networks. In addition, this adaptive services model must be componentized in such a way that only the services required are plugged into the system. For example, if a company has made a dedicated choice to not include presence and instant messaging within their infrastructure for compliance or regulatory reasons, then the UI that is designed and the rest of the services should still work unchanged. An architecture (as shown in Figure 2) allows for all these enabling services to be accessed via standards and then using JSR-227 binding to a user interface is made very simple. This way developers build their applications once, and at deployment or at runtime, the back-end connection can be configured to work against existing systems.

Customization Architecture

In an enterprise, there are many stakeholders for a typical application. There must be a balance of application control for all these stakeholders. Information workers must have the ability to participate in a simple way that doesn't stifle the social network growth. Business users need control over the information that is published and the application evolution. IT needs to easily roll out new applications, and manage upgrades and application patches. Managing all these desires places a rigorous demand on the application infrastructure.

Customization patterns are quite common in the consumer Internet with sites like iGoogle and MyYahoo, where users can create their personal homepage and views of information. Although these features have been typically targeted at personal productivity, they enable information workers to rapidly share knowledge and evolve the application. Developers create the initial application and enhance it over time. Business users and lines of business like HR may also customize the site. Therefore, it is important that all changes to these pages be effectively managed. Avoiding over-lapping customizations is not possible, so an effective strategy for choosing which customizations "win" is important. In order for this type of information sharing to successfully enable a social network, information workers must have confidence the customizations they put in place will remain. For example, if they customize a component on their shared home page and then IT releases a new version, it must not discard or overwrite their customizations. Figure 3 shows how each of these services and standards can work together to provide a dynamic, integrated customization architecture.


Although the enterprise may adopt consumer Internet technologies, it can't adopt the same level of free spirit that the Internet enjoys. Not all knowledge should be shared with the masses, so social networks in the enterprise face a difficult challenge. Out of all the links between people and information, security policies are arguably the most important aspect of these social networks. An information worker must never discover information that they don't have access to and also must not discover its existence. Security must be enforced, but these new Web 2.0 capabilities must remain simple, otherwise there is no gain in productivity for the users and these social networks risk dying a slow death. Some common security concerns for an enterprise social network are described below.

As mentioned earlier, information linking is an important aspect of any informal social networks. If all this information was in a single place, applying security policies would be straightforward. Since this is not practical, technologies that enable linking information are required to store parts of this information outside of the normal security policies, even if it is as simple as a linked URL. If someone were to link a public page to a document on M&A, any knowledge of the existence of that page must not be discoverable by users without access permissions. Here are a couple of practices to consider.

1)  The link resolution can rely on query time filtering. When the links from the page are requested, all the links are queried to discover if the requesting user has access. Those that aren't accessible are discarded from the results. This approach has a high level of security and for items that have small miss rates can be a very acceptable approach. However, this implies that there are two queries that get executed for each user access: one for the content and a second for the access permissions. There are query optimizations to be done but it will impact performance in some way.

2)  Another approach is to keep the original security policies with the link repository. This produces more efficient queries, with the downside that the security policies must be kept in sync with the original repository. Normally, this would result in a small window of security mismatch. It is important to understand how much of a burden you place on the end user to understand the underlying security models. Take for example a user creating a page and adding a document to it. If the security for the page and document are coming from the same infrastructure, then the model exposed to the user is consistent and simple. If they are separate, the application must either keep the two in sync, or the user must understand the page security and the document repository security in order to share information with others.

There are some best practices that can be implemented when considering how to secure information in a composite application.
• Using formal social networks to define information access rights, thereby ensuring that the information itself is secured. In order to gain access to the information, users must be part of a specific group and be authenticated as such.
• For an even greater level of control, information rights management products may be utilized. These products encrypt the actual information such that only those with access rights can access it. This has the added measure of security so that if the information leaves the repository, the initially defined access rights (emailing a document, for example) are still enforced.

Discovery or Search
All information must be integrated with common discovery or search infrastructures. The primary integration mechanisms involve one or both of the following:

1.  Integrating information artifacts within a single search index.
2.  Federating real-time searches to the underlying information stores and returning an organized result.

Primary discovery mechanisms include search, tag clouds, pivoting/lateral searches and links navigation. Many of these discovery mechanisms are blending together. The typical usage pattern for weeding through the plethora of information in a Web 2.0 world generally involves combining search and navigation together. A user could start searching for a document he/she remembers as relevant from several months ago. After viewing the initial results, they may want to filter the results based on the author they recall wrote the document, they may want to simply start pivoting on tag words related to the search terms used, or they may want to follow links for a document that seems related.

Since many of the discovery connections and end points may be a person, the means to interact with the person in-context such as instant messaging/chat, phone and e-mail should be considered key components of the Enterprise Social Network.

For social networking technologies to be successful within the enterprise, adoption is a key requirement. Ensuring that personal productivity tools are built into social networking features can be a way to significantly increase adoption. Information workers' primary focus is accomplishing their tasks in an efficient way with disparate information. The better social networking technologies are at facilitating an individual's own information organization, the more likely they are to be utilized in the enterprise. For example, if a user is able to effectively mange their shortcuts to information with tag words, they receive a primary benefit of this technology and will use it. The fact that other co-workers may now discover information deemed important by a subject matter expert is a benefit to the company.

At the heart of a successful social network lies the ability to easily connect information and people together based on a whole set of industry standards. Bringing Web 2.0 features to the enterprise that leverage existing enterprise information and application infrastructure allows companies to tap into all users' expertise and experience, which makes everyone more productive.

0 ratings
Aiden Reynolds
Aiden Reynolds
Aiden Reynolds is a content editor at WEB 2.0 JOURNAL. He was born and raised in New York, and has been interested in computer and technology since he was a child. He is also a hobbyist of artificial intelligence. Reynolds is known for his hard work ethic. He often puts in long hours at the office, and is always looking for new ways to improve his writing and reviewing skills. Despite his busy schedule, he still makes time for his interests, such as playing video games. In his free time, Reynolds enjoys spending time with his wife and two young children. He is also an active member of the community, and frequently volunteers his time to help out with local events.