|
|
Browse by Tags
All Tags » Architecture - ... » the Web (RSS)
-
Yesterday we finally had the session about the making of MySpace APIs . As you'll be able to see from the recording , it was a *great* session: extremely interesting and very informative. It had only one issue: Paul Walker , the architect behind the MySpace API efforts and the key person we worked with on the WCF components of the project, couldn't make it to the conference. Paul has a deep, deep understanding of the REST principles and was the one who envisioned how WCF could have been used and extended for meeting MySpace architectural needs. If you'll ever have a chance to attend a session from him or read anything he writes on this topic, I strongly recommend it. The session was opened by Aaron Sloman, who gave the business background. Back to the very first edition of Mix, MySpace demonstrated some Vista gadgets: the reaction it elicited from the audience was the request of opening the corresponding APIs. Well, just a couple of years later here we are, developer.myspace.com is up and running! Aaron then moved to give the list of requirements for the API of a juggernaut like MySpace, and hinted to the fact that the REST architectural principles and WCF were the solution they found fit for the task after much testing. The main technical delivery came from Haider Sabri , who was involved in the implementation of the project for the very beginning. I won't go too much on the details, since there is the recording of the session publicly available ; anyway, just for wetting your Read More...
|
-
Few months ago I made a little tour of Europe , and (among various places I visited) I went to spent some quality time in Amsterdam. Here I had the pleasure of spending some time with Albert van den Broek , CGO of Figlo : Albert is an excellent host, and during a nice dinner at a typical Dutch restaurant he explained to me the vision behind one of their new products. I am not very deep in financial considerations, so I will probably explain this in the wrong way (for which I apologize in advance): in any case, you can always go to their website and take a look for yourself. The point is that personal finance is an incredibly important aspect of our lives, and yet a surprising amount of people (including me) knows nearly nothing about how it works (reminds me of the fact that I've learned the function of carbohydrates and proteins only when I was already at college. crazy!). This is bad, because without a sense of how you choices today affect your situation tomorrow it is very hard to get to your objectives. Their point is, it doesn't have to be like that! They believe that presenting the situation with the right tool, such as a streamlined process backed by the right UI metaphor, anybody can take informed decisions and make actual steps toward his wishes (early retirement, college funds, similar stuff). They also have a very catchy name for the procedure, HaWaNeDo (Have, Want, Need, Do), which always helps in end user products. The day after I met with part of their board and Read More...
|
-
We just recently published a list of sessions for MIX08 . Among those, there is one that I hold especially dear: I had the luck to work with Paul, his team and the WCF team in the last months, specifically on how to leverage the web capabilities that WCF acquired in the version 3.5 of the framework. It was really a great experience! First, because I had a great time with the MySpace guys. Second, because it was the best way for me (fairly open minded, but still a WS-* veteran operating at WS-Trust level ) to approach the REST side of the house. The no-nonsense approach of Paul and his team, who wanted to use REST principles for getting the job done rather than for "religious" reasons, helped me to frame the principles behind REST and ROAs according to their actual usefulness. It basically helped me to cut to the chase, filtering out all the rhetoric (inevitable when things get polarized into camps). And you know what, I have to admit that I actually kind of like it :-) That's why I think that this session will be truly remarkable: you will see a paradigmatic application of REST design principles on a real world API, something so big that it needs to be well designed for working as expected. Can you find a better validation of the soundness of the REST principles? And of course, the fact that the web features of WCF supports all that is a source of huge pride for all the people that worked on it... Anyway: I won't give away any details here. My strong advice: if you go to Mix, Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
In short: I discuss a new feature, introduced by the .NET framework 3.5 and by a (future) update of IE, which enables the use of CardSpace also on websites on normal http (as opposed to https). Back in January I was asking Caleb (SDET on the CardSpace team and most excellent buddy author) when he would have started blogging. It took 9 months, but it eventually worked ! Not only he is going to blog, but he got the entire team to do it... if I were you I would subscribe the feed this instant! (being me, I can actually take a 10 mins walk and go bug the guys directly in their lairs). In the first technical post Ruchi presents a very important innovation, introduced with the .NET framework 3.5: the capability of using CardSpace also with websites without SSL. She goes into the detail of system requirements, how the new functionality can be leveraged and how things like PPID generation and transmission of the RP identity in the RST are affected by the new regimen. I won't repeat those details here: I invite you to read that post and consider it the main reference on the subject. Here I'll just highlight few points, largely derived from the QA sessions we had internally when the new feature was first discussed. This change opens up the advantages of using CardSpace to a significantly wider range of scenarios I know what you're thinking, or at least what many of you are thinking. A cert comes down for just few bucks, come on! Actually, the cert in itself is rarely the problem. The fact Read More...
|
-
In short: I talk a bit about the idea of resource STS, and I give the ropes of the messages exchanged for engaging it. When you get introduced to the Identity Metasystem, one of the first things you hear about is the role subdivision it proposes: subjects, relying parties and identity providers. The next step is usually showing you a diagram, where those roles are played by some concrete element: the relying party is the website of a wine seller, the identity provider is represented by the STS of the department of driving licenses, and the subject is they typical faceless guy of the MSDN clipart who proudly brandishes a browser as a shield. Then we go through the classic fable of the faceless guy who for some reason is always craving alcohol in a country where there is a drinking age, and the happy handing is always the department of driving license sending back a token containing a claim that certifies to the relying party that the guy is in his legal right of getting a good glass of Chianti (the problem of actually drinking it without a mouth has to be solved out of band). Below there's an example (in Japanese, just for adding some variety :-)). Now, our reductionism (yes, it's starting to affect me as well) may suggest you a couple of generalizations that are actually not entirely true: An STS is an Identity Provider . Nope. Saying that STS and IP are interchangeable terms is a bit like saying that you are a browser. In fact, the browser is the tool that you use for expressing Read More...
|
-
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments give the green light, hence I won't discuss those here; however I think it's interesting to share with you a summary of some of the things that I worked on, just to give you a measure of how .NET3.0 (especially CardSpace in my case) is relevant. It should give you an hint of how much impact you can have working in my group, so you'll be able to put announcements like this in the right perspective! I also hope that this will boost your confidence that the content of our upcoming book is based on very solid real world experience, earned by working daily with our key accounts in the identity space: the PG intent is tempered by immersing it in requirements from customer actually shipping solutions based on this thing that we call CardSpace. Which, by the way, is the reason for which I'm still at the computer at this time... big stuff is going on in cardspaceland! Projects, Briefings, Deep Dives This year I've worked with or briefed more than 45 enterprise companies on CardSpace/WCF/WF, good part of it at the very top of the fortune100 and global100 (ah, btw: just subscribed to Fortune. I was buying it all the times anyway). Sometimes it was just a 2 hours personalized QA, some other Read More...
|
-
In short: I briefly discuss some differences between the password based authentication model and the token based one; then I propose that we lack a proper term for describing some of the transactions enabled by cardspace and the token based model. Sometime we get so used to the metaphors used in computer science, that they cease to be metaphors. When I use my Windows' desktop I certainly don't think of my physical desk (though they are messy in a very similar fashion), nor I think of real folders when I design the directory structure of a Visual Studio project. During almost 2 years spent explaining CardSpace to a wide variety of people, I have noticed some consequences of this phenomenon in the identity management space. The Identity Metasystem offers a very natural way of thinking about identity, one that allows us to leverage the knowledge and skills that serve us well in identity-related transactions in the offline world (the beaten up driving license for buying alcohol example comes to mind). CardSpace supports that fully, by supplying a solid & intuitive way of handling tokens and exercising full control on what information is disclosed to whom. However, is that message intuitively compatible with the idea that the typical web site tenant have of authentication? In my experience, not always; luckily, however, bridging the gap is very easy and takes few simple considerations. In basic scenarios, authentication is often viewed as one mechanism for making sure that who Read More...
|
-
This morning I was reading Newsweek (before you get any ideas: I subscribed to BOTH Newsweek and Time) and the interesting account they made about the history of a person. Much is being written on the subject, just browse your favourite news website for the details: however the summary is that this person was traveling through Europe while having a drug-resistant form of tuberculosis, raising worries about the spread of the disease. Health officials tried to locate him and minimize his chances of infecting others (apparently the infection is much more likely to occur when you spend a long time with the subject, like in an airplane cabin). When they finally managed to talk to him he was in Rome: since there was no way for him to travel in "normal" ways back to US without endangering also the pilot, the guy was advised to hire a private jet or go to an Italian hospital. NOW there's the part of the story that is relevant to identity. This person didn't go to stay in an Italian hospital, nor he hired a private jet: he boarded a commercial flight and simply flew home. How did he do that? According to Newsweek, his name was promptly included in the no-fly list; however the man flew from the EU to Montreal, and apparently Canada was not alerted about the situation. Once entered in Canada he rented a car and drove into the US, managing to go through the border after few routine questions. The article I read is available in electronic form here . This story uncovers one drawback of relying Read More...
|
-
In short: this is the description of a sample that sends a CardSpace-obtained token to an AJAX service implemented with the new Orcas features. Few posts ago I published a tutorial about using CardSpace with Silver. While talking about it with Kushal Shah from the Workflow team, he suggested that it could be nice if we'd also demonstrate how to use CardSpace with the new RESTful capabilities of WCF: that sounded perfect for my "cardspace+<technology_of_choice>" series, hence I promply jumped on the task. The post below documents the results. Preamble Before diving into the code, let's take a moment for understanding what is this all about. The .NET framework 3.5, currently in beta , extends WCF with new capabilities explicitly designed to enable web development scenarios. There's really a lot to say on the subject, however for our context it is enough to say that you can now expose WCF services in ways that makes them extremely easy to consume from web pages. In practice, this mean that you can 1) invoke WCF services via HTTP verbs (POST and GET) and 2) handle messages in web-friendly formats, such as JSON. The macroscopic implication is that you don't need a proxy. Calling a WCF service becames a simple exercise in BLOCKED SCRIPT you gather the data from whatever UI element you need to, you create "by hand" a web request in AJAX style (with the object XMLHttpRequest or the activeXs Msxml2.XMLHTTP/Microsoft.XMLHTTP) and finally you use the results for updating selcted parts Read More...
|
-
The monthly report from http://www.antiphishing.org/ is always an instructive read. This April report contains some surprising numbers, as shown by the graphic below: The happy spike you notice in April07 is in fact not happy at all: it shows the efforts of phishers to strain the antiphishing countermeasures offered by IE7 and Firefox 2. It's a 166% up from March and 48% more than the former record in the past 12 months: a similar resolution really deserves a very firm answer. A strategic one. I personally believe that the best answer is defusing the situation is by changing the rules of the game ; but if are reading this you probably already know, don't you ;-) Read More...
|
-
Dennis announces the CTP of the Biztalk Services, one of the webbyest CTP we have: those are actually services, the only thing you need (if you want a quick start) is the SDK . There is much to be said about this new release, and I hope I'll be able to play with it soon (dear Editor, don't worry: I know I have to send the next chapter first :-)). However, I think that the most exciting news is in the following Dennis words: "your service opens at a URI on the connect.biztalk.net machines. Then a client connects to that URI and can start sending messages. We don’t want to be in the way of your app, so our relay will immediately try to establish a direct connection between clients" See? True P2P! What are you doing still reading this post, aren't you toying with it yet? :-) BTW, take a close look to the Identity Selector in the screenshot in Dennis' post: I'm sure that the loyal readers of this blog will recognize some of the cards (thanks James for pointing this out!) Read More...
|
-
[Edit: Added Silverlight SxS con WPF/E] In short: this is a tutorial on invoking Cardspace from a Sliverlight [WPF/E] control and how to use Silverlight [WPF/E] for showing data from a token . So easy that a long haired architect can do it :-) Silverlight [WPF/E] is Microsoft's technology for developing rich internet applications, but it is also going to be CROSS PLATFORM ( the CTP it is already available for Mac ). In light of the awesome work of the Bandit guys on an identity selector on other platforms , I believe it is important to start thinking about how to use this new RIA technology together with identity. In recent times I'm hearing more and more people interested in Rich Internet Applications, or RIA. That usually brings the discussion pretty quickly on Silverlight [WPF/E], our cross platform presentation technology that leverages a subset of XAML for doing cool things inside your browser. I am often asked how to plug CardSpace into it, so I thought to put toghether a post that shows how to do that. As you know it's few years that I am a server guy, so I don't spend too much time on colorful stuff: however I also like to cross pollinate different technologies, and I especially love to do it with CardSpace (I did it with WPF , with WF , with WCF and WPF ). Yesterday night I downloaded the WPF/E SDK , the WPF/E runtime for Windows and blocked 1 hour on the calendar of my excellent colleague Laurence Moroney , probably the best mentor I could get for ramping up super fast Read More...
|
-
In short: Gianpaolo presents a daring proposition about a deregulated IT . I believe that GP's idea is a very valid one. In the post below I explore the implications of a world where consumerism is brought to the extremes of IT deregulation: in such a world user centric identity management and user control/consent are key enabling aspects that cannot be ignored . From time to time I have nice chats with Gianpaolo, during which he gives me glimpses of his thinking about where IT is going. I especially liked his considerations about consumerism and deregulated IT: not that he finally made a post on the topic , I can share some of the trends and implications I draw from it. The foundation of this entire matter lies in becoming fully aware of the trend that has been dubbed as consumerism. This is already a pretty loaded term already, however I really like the position of Peter Sondergaard (Gartner director of global research), as captured by David Berlind at the Gartner Symposium/ITxpo: Sondergaard went on to describe how consumer technologies and configurations now rival and often exceed in the prowess of the corresponding technologies found in the organizations that are used to serving consumers on their terms ("their" being the organizational side). "Consumers are rapidly creating personal IT architectures capable of running corporate style IT architectures" said Sondergaard. "They have faster processors, more storage, and more bandwidth. In 2012, expect consumer technologies to Read More...
|
-
In short: this is a tutorial on invoking Cardspace from a WPF/E control and how to use WPF/E for showing data from a token . So easy that a long haired architect can do it :-) WPF/E is Microsoft's technology for developing rich internet applications, but it is also going to be CROSS PLATFORM ( the CTP it is already available for Mac ). In light of the awesome work of the Bandit guys on an identity selector on other platforms , I believe it is important to start thinking about how to use this new RIA technology together with identity. In recent times I'm hearing more and more people interested in Rich Internet Applications, or RIA. That usually brings the discussion pretty quickly on WPF/E, our cross platform presentation technology that leverages a subset of XAML for doing cool things inside your browser. I am often asked how to plug CardSpace into it, so I thought to put toghether a post that shows how to do that. As you know it's few years that I am a server guy, so I don't spend too much time on colorful stuff: however I also like to cross pollinate different technologies, and I especially love to do it with CardSpace (I did it with WPF , with WF , with WCF and WPF ). Yesterday night I downloaded the WPF/E SDK , the WPF/E runtime for Windows and blocked 1 hour on the calendar of my excellent colleague Laurence Moroney , probably the best mentor I could get for ramping up super fast on this technology. Thank you man!!!! My objective was to use that hour for coming out with a Read More...
|
|
|
|