I'm aware I'm the one thing between everybody and lightning talks and a party so I'm going to get cracking. I had the first talk this morning and the last talk this afternoon.

There are a lot more people awake now. So my name is Matt Hamilton from Netsight and this is a talk on Plone and SharePoint. So first of all, who am I? I've been working with Plone and Zope since 1999. I'm director of a company called Netsight based in the UK and I've worked on a number

of projects in Netsight to do with things like authentication and integration. I get the difficult jobs of talking to other systems and trying to get them to talk back again. So first of all, can I ask here who here has any contact with SharePoint at all in

terms of they either have to use it or they've had to integrate with it or competitively bid against it or have someone else ramming SharePoint down their throats, right? A few people. Okay, that's why I said ramming SharePoint down their throats, a lot more hands went up. I shouldn't be mean to SharePoint.

I'll try not to be mean to SharePoint. Areas of integration. So I'm going to talk about three main areas where we're looking to integrate with SharePoint. I suppose first of all what I should say is why. Why integrate with SharePoint? So there's certain situations in which you kind of have no choice through either technical

or political means that you have to interact with SharePoint. SharePoint actually in terms of things like document management is actually pretty good in terms of the way it integrates in with Microsoft Office. There's a lot of people that are used to using it. There's a big ecosystem of add-ons and packages, so things like document scanning and various

complex workflows and specific add-ons for specific industries and things like that. So sometimes it is needed for things like that. But one of the areas that SharePoint is really not that good at, at least SharePoint 2010, which is what most people come across.

There is 2012, no 2013, but most people are still in 2010 or even 2007. SharePoint is not really that good at just general web content type stuff. A little bit later on I'll get onto an example. Some of you may have been in a talk yesterday by my colleague Ben Ackland, which was a case

study on the National Health Service and a project we did of an intranet with the National Health Service. That's where some of this SharePoint stuff, integration stuff, has come from and our experience has come from. So three main areas, authentication, so integrating the authentication between Plone and SharePoint.

Content, so being able to integrate the content, so serving up SharePoint content within Plone. And search, you've got content in both places, how do you find it? So authentication, I've talked about this a bit on a few other conferences. There's two particular products that we've created at NetSite to help with this.

One is NetSite.WindowsAuth plugin. It's a slight misnomer, it's not just for Windows, it's for any system that uses Kerberos, so Mac OS, Linux, and it can run either on a Linux or a Windows server running Plone, and it can work with Safari, Firefox, Chrome, IE, but most people know of it for Windows

because Windows uses Kerberos under the hood. So that allows you to, well, actually, there we go, a slide about it. On Windows, it uses the internal APIs that Windows has for authentication, a thing called

SSPI. On Unix, it uses the MIT Kerberos libraries, and it transparency logs the users into Plone. So somebody comes in the morning, logs into their desktop with their credentials, and they open up their browser, the browser defaults to their intranet home page or something. It logs them in transparently.

They don't have to type anything more. It's used by, I mean, we use it for the NHS in the UK, for an intranet, a global pharmaceutical company for their intranet. Several universities use it, and somebody in Brazil, Errico, Argentina even, uses it

as well. They've implemented it. Installation is relatively easy. You just add the egg in. Well, installation of it in Plone on its own is fairly easy. There's a number of bits you have to do with the Kerberos setup that inevitably

involves talking to somebody at the institution to generate a thing called a key tab file that they need to export and you need to import. There's a few gotchas. If you read through the README for the package, I've tried to be as helpful as possible there. There's some weird things to do with, well, Errico found out if the date's

incorrectly set, then your Kerberos tickets will be invalid and just the authentication just won't work, and Windows helpfully comes up with his error message. It just says, GSS error, unspecified error occurred. Thanks. Things like that. Things like DNS. It's very particular about DNS. That's all mentioned in there, so have a look at that.

The other one we wrote recently was a thing called netsite.aspxauthplugin. Again, this runs on various platforms. What it does is it enables you to encrypt and decrypt the cookie that .net sites use for sessions. With Plone, when somebody logs in, there's a cookie that's set called

underunderac, and that cookie contains a little cryptographic token so that when the user comes back, it knows that this is still this user. It's the same user. We can carry on assuming it's the same user. We don't have to authenticate them again. .net has the same thing, but it's called something different, aspxauth. It's a different type of cryptography, but the point of it is it allows the

Plone site and, say, a SharePoint site to trust each other. If they're on the same domain name or both under a subdomain of the same domain name, then when you go to the SharePoint site and log in, when you go to Plone, Plone knows who you are, and it trusts that you are who the

SharePoint server said you were, and vice versa. I did a talk running through that as part of a talk on intro to PaaS. The slides are up on SlideShare if you want to find out more about that. The next main area is content. How do we integrate the content between these two?

Well, there's several ways. FTP has been around for a long time within SharePoint, but it's now, I think, a third-party option. It used to be included. You could FTP stuff in and out of SharePoint, similar to the way you can do within Zope. There was a talk from, name escapes me, a Dutch gentleman many years ago

at one of the Plone conferences showing how they were FTPing stuff in and out of SharePoint. Then RSS as well. In SharePoint, everything is a list. A list is a bit similar in Plone to our collection. You can export any list as an RSS feed, same as you can export collections as an RSS feed, and you can access stuff like that.

Both those ways are not particularly brilliant. There's a new option now, CMIS. CMIS stands for the Content Management Interoperability Specification. It's a standard by the Oasis group. Currently 1.0 is out now, there's 1.1 that just came out last year.

The idea behind CMIS is to provide a common protocol for many different content management and document management systems. It's supported by things like Nuxio, Alfresco, SharePoint, IBM's content management system.

A bit more of an explanation. CMIS provides a common data model covering typed files and folders with generic properties that can be set or read. You can access it via SOAP or via REST. Certain implementations will only implement one or the other, and sometimes

at differing levels. The SharePoint one works much better on SOAP than it does on REST, for instance. Not really a surprise there. It allows you to access a repository and get data down. Within Plone, we now have a thing called collective.cmis browser. This was written by Sylvian Violan, I presume I've pronounced that right,

probably not, from INFRAE, and they wrote it to work against Alfresco. The great thing about CMIS is they've written it to work against Alfresco. It was actually fairly trivial to then update that to work with SharePoint. Just had to work around the shock horror, slightly different interpretations of a

specification by Microsoft, but it was actually fairly minor. In theory, it should be able to work against any CMIS-compatible library. It was used and funded by LNE and VMM, who are two big environmental departments of the Flemish government. I guess if you're Flemish, you might know who they are.

Installation within Plone, you need SUDS, which is the SOAP library for it. You need collective.cmis browser. If you're using it against SharePoint, you need the Python NTLM module, because it uses NTLM as a protocol for authentication. NTLM is evil, but it's the only way to do it at the moment with this.

It'd be much better to do it with Kerberos, but it's not that possible. SUDS is actually annoyingly, the release on PyPy is very out of date. There's been a lot of work that's been done since then, so it's on Bitbucket. You get the latest version.

Collective.cmis browser, that's the net site fork in which we've done the SharePoint stuff in, so eventually that'll be rolled back in. We've made some assumptions on that, that you're talking to SharePoint, so it will probably break if you used it against Alfresco again. We need to make things a bit more conditional.

To install it on SharePoint, you need SharePoint 2010 or above. You need what's called the Enterprise Client Access Licenses, so Microsoft licensed SharePoint on a per-user basis, and there are three license levels. There's what's called Foundation, which is free. There's a basic one, which costs you a certain amount of money, and there's the Enterprise one, which costs you more money.

The Enterprise one is what you need. Annoyingly, you have to have all of your users upgraded to the Enterprise one to use it, which is expensive, but there we go. You need to install a thing called the Administration Toolkit on 2010 to give you this CMIS package, what's called the CMIS Producer, I think it's called on SharePoint.

On SharePoint 2013, I've not tested this, but apparently it's out of the box on 2013. I'm going to give you a quick demo. Has that started? Yes. This is an intranet. Like I said, you may have seen it before.

Unfortunately, the projector here makes this a little bit difficult to see, but this is a Plone site. This is a Plone site intranet for this NHS organization, and it's got things like, yes, welcome from the chairman, various internal services that they have, general web content stuff. This is where Plone is much better than SharePoint at doing this.

This is just taking you through, just give you a bit of a flavor as to what's in here, but they also have SharePoint. Now, this is SharePoint here, and there are, hard to see, there's four documents there in SharePoint listed there. That's the folder contents type view.

If you're in Plone, that'd be called folder contents view. That's what SharePoint view is. Now, what we want to do is we want to get those documents in SharePoint and display them in Plone. We can go to add new once we've got the CMIS browser installed, and we can choose CMIS browser from the add new list. It'll bring up a new CMIS. There's actually a control panel config in which you can set certain

default parameters as well, because you might add more than one of these things in. Wow, this projector's really wrecking this. I'm adding this. I'm calling it policies. I'm putting a description in saying it's policy documents from SharePoint.

Taking out the body text. There's a URL there, which is a URL to where the CMIS server is, where the SharePoint server is. There's a username that I'm connecting as, the password. I'm using NTLM. I'm connecting via SOAP. I've set the cache to zero minutes,

because otherwise it'd make this demo hard because it would cache stuff, but you'd normally have that set to something. I hit save. What you now see here is those three, four documents from SharePoint. They're now displaying in Plone. Go back to SharePoint and back to Plone, you can see there's the same documents

on both systems. We can add a new document to SharePoint. We click add document, browse for a new document. There's a PowerPoint document there about some procedural process

of theirs. That's now there in SharePoint. If we now go back to Plone and hit reload, it's now there in Plone. Just to prove that it's a real thing, you can click on it.

It's got a URL as well. It's a standard URL. It looks like a Plone object. You can traverse to it and everything. When I click open on here, that's the PowerPoint file opened. That means people can access SharePoint content within Plone without needing to actually

physically have access to SharePoint. They might not even have an account on SharePoint necessarily because you're using one particular account to log in and get the details. There's a few things that are not quite so great. These things are named after the file name. That's a big long file name with underscores in it and blah blah blah dot doc on the end.

Plone, being nice, will give you a title and you can put a title in. It will give you a nice standard, a nice friendly title and you can fill in a description and that. You can't really do that on SharePoint. You can put a title in. It doesn't seem to be exposed by CMS. I'm not sure why, but you can't put as much metadata in easily as you can do within

Plone by default within SharePoint. There's probably add-ons that allow you to do much more. That's the demo of that. Then the last one is search. CMS supports a search API. CMS's syntax is a bit like SQL. You could say something along the lines of select all documents of type,

file, whose name is like foo and it'll bring back all documents with foo in the title. CMS supports search. Collective.CMS browser has an API which exposes this. Within the CMS browser

API, you can connect and you can do a search, pass a query and you'll get back a collection of documents, but the search is not yet integrated into Plone. If you go to the search box in Plone, you don't get those things. That's something that

still needs doing. Because you can add multiple CMS browsers objects within Plone, we'd have to work out what the best way is for when you hit search to display them all. Do you want to display them all? Maybe we have a checkbox on the CMS browser edit page saying include these results in my main site search. Then when somebody does a search

in the top search box in Plone, then it searches the Z catalog but also finds any CMS browser objects and passes the search to them and merges the results. We'd have to work out the best way of displaying those. Do we merge them in some

sort of order which are more relevant, the ones from SharePoint, the ones from Plone, that sort of thing. That's that. Obrigado. Any questions? Yeah.

On the CMS browser, is it a copy of the object or is it a proxy? It's a proxy. We don't copy anything. The data doesn't live in Plone. It just proxies the request through.

There's a CMS document content type and a CMS folder content type, which basically represent the two constructs that CMS has. Something's either a document or it's a folder. I don't believe those are actually persistent. They just created on traversal to access it.

Yeah. Dylan. Damn you. The question was regarding Plone being a CMS producer rather than a CMS consumer

and being able to access content within Plone via CMS. Yes, that's not really that easy because the syntax that CMS uses is based upon SQL. If you have a content management system that based on an SQL database, it's fairly easy to transliterate between the CMS query syntax and

SQL. What would we do in Plone because we don't have an SQL syntax? That's not to say it's not possible because within CMS, you can optionally support certain parts of the specification. You don't have to support all of it. We could support the notion of being able to retrieve

documents but not necessarily searching for them. We might be able to search them in a simple case so we implement just enough of a construct to say find me documents with this ID or what's in the name. Whether we want to be able to do things within this name and within this date range and extra criteria or not, I don't know. We could do it. We could do it. We could do it

under say a REST API. There was the WS API for Plone project a while back. It might be possible to build on that. I'm not sure. It could be doable. I've yet to need to scratch that itch basically. Yes, it would be a really good tick box. It's quite funny. CMS is

a bit of a funny thing I've found because CMS came about and all the analysts went, oh, CMS great interoperability and yada, yada, yada. You must have CMS. The next procurement you do, you must make sure your system has CMS. All the commercial CMS

vendors went out of the way and said, oh, yes, yes, we support CMS now. We've brought CMS out. Actually, the first CMS to support CMS was an open source CMS. It was Alfresco, so good on open source. Within Plone, it's kind of like, well, we've had FTP. We've

had WebDAV for ages. If you wanted to get content out of Plone, why wouldn't you just use WebDAV? We've had a way to solve that particular problem for quite a while, but CMS would mean you could use a standard tool. You could download a CMS browser application on your desktop or maybe on your phone and access a CMS

site and get the content. You could download documents from Plone or from SharePoint or from Alfresco or from Nuxio. You wouldn't have to know what the system is. You just have to know what address to point it at. Yeah, it would be good. Any other questions? Again, Dylan. What are the top three reasons to go

for Plone rather than SharePoint? For a public website, you say? Cost. I mentioned

about SharePoint. You have the client access licenses. If you want to expose a SharePoint site to the outside world, that's an extra 20,000 pounds, euros, dollars just to do that. If you want the outside world to see your site, fork over the money just to do that. That's one thing. Two, SharePoint doesn't

really give you much out of the box. It's really quite basic. To do anything interesting, you generally have to buy additional licenses to third-party products. Again, more money. It's not that flexible in terms of the layouts, trying to theme it and make it look... People might have said theming

Plone is difficult. Yeah, try SharePoint. Their standard mechanism for doing changes to the look and feel is to create what in Plone we would call a portlet. They call a web part. Fill it with jQuery and hide it. It renders

this portlet hidden in the background that then switches off this other bit of UI and moves this bit around. That's the way of customizing SharePoint mainly. Yeah, really cost and flexibility are, I would say, the two main reasons not to go for it. It's a big thing, and it's generally, we find,

implemented by IT departments because their response is the answer SharePoint, what was the question? For IT departments, it's easy. They've got a, hey, it's a Microsoft product. We just pull some levers and press some

buttons and ta-da, but with no real consideration for what the user wants to do. This is not everybody, but this is the majority of times we see it's deployed, and that's why a lot of people are not very happy with it, because it was put in without any consultation to what their actual requirements were, and hence it doesn't fit them. Any other questions? Yeah, Matt.

Sure. Go on using SharePoint for what it's good for.

Exactly. Yeah, exactly. Use them both. That's why we started doing this, because it is a big beast to try and kill, and it has a lot of political weight behind it normally within organizations, so we found the better way is rather than kill it to give it a cuddle instead, and try and get content

out of it. That's not just us. We know another company based in Bristol, the same sort of age and size as Netsite, but they do all Microsoft stuff. We do all open source stuff. They do some SharePoint stuff, but they don't ever really use SharePoint. They often use SharePoint as just a back end, and then they

write their whole front end to hide SharePoint, and they just access it and pull some bits and pieces out of it. Even they, in many cases, don't really use it. They just try and use it as part of a wider system. Yeah, that's kind of what we're trying to do here is to use both to their

advantages, really. Any other questions? Yeah. One really big advantage of

SharePoint is its integration with Microsoft Office. That's its killer feature. You can open a document within SharePoint, open it directly within Word, hit save, and it goes back in. I mean, okay, we've had the, somebody remind me the name of the clone. No, no, not the end fault. Well, yes, there is the end fault one. There's end fault desktop that did the same thing, but there was the

external editor. That's what I'm thinking of, external editor within clone that could do a similar thing, but the SharePoint one is just that much slicker because it's, you know, the same company that built the operating system has built, the document management system has built the piece of software you're writing your document in. So, yeah, it is very good, and things

like when you open it within Word, you've got access to metadata directly within Word and version control directly within Word. So in that regards, it's pretty good. But, I mean, Alfresco, for instance, can do the same thing. Alfresco basically sort of reverse engineered the sort of SharePoint protocol and bits of web dav and stuff that it used so that you could actually

put SharePoint in and pretend, put Alfresco in and pretend it was a SharePoint server. And, you know, Microsoft Word still thinks it's talking to SharePoint when in fact it's talking to Alfresco. But CMIS should obliviate that in the end. I mean, it should be hopefully that the integration between Microsoft Word, say, and SharePoint is over CMIS. I don't know if

Microsoft will go there, but why? Yeah, exactly. Why? Yeah. Embrace and extend.

Maybe. Again, it comes down to how many people are asking for it. You know, it'd be a great tick box, but I'd probably say just go and use Alfresco instead. You know, I mean, you could use Alfresco and you could use

this CMIS stuff. I mean, I think that's what Infra are using it for. So you could probably have Word thinking it's talking to SharePoint when it's actually talking to Alfresco, save to Alfresco, and Plone then looking at Alfresco via the CMIS browser and pulling data out and presenting it. Ben. Yeah. Yeah. So the question was when somebody goes, accesses via the CMIS

browser, it uses one set of credentials that are saved in the Plone site

rather than the credentials of the user that's browsing it. Could you reuse them? Possibly. It depends on the authentication method being used. So if they're accessing Plone, they would have to be supplying credentials in a way that we could reuse against SharePoint. So it

depends what mechanism they're using for SharePoint. If they're using, say, basic auth on SharePoint and you're using basic auth on Plone, i.e. the username and password type thing, you could take username and password, you could possibly inject it into the request to SharePoint, you'd be okay. If they're using Windows integrated authentication stuff that I showed earlier, then you've actually got a Kerberos ticket and you would have

to then pass that Kerberos ticket back and you then need what's called a delegated ticket. Basically, within Kerberos, you can get a ticket to pretend to be another user on their behalf. They use it a lot within, say, IIS talking to Microsoft SQL Server. So when a web browser goes to SQL

Server and they've authenticated, it uses their credentials to pass those onto the database so that they can respect the user level database permissions on the database. So yes, if you could do that, it would be great. It would be a good next step, I think, to be able to do that. Sometimes you might not want that. Sometimes you specifically would not want to do that because you don't actually have those users in SharePoint

and you don't want them because maybe if you do that, somebody might ask you for licenses. So yeah, it would be a good next step to look at, certainly. Any other questions? No? Great. Thank you very much.

Obrigado. So I think now we have lightning talks, I believe, in the main room. In the big room, lightning talks.