|
|
Browse by Tags
All Tags » Book » Architecture - WS (RSS)
-
Jon Udell recently launched a new interesting format on the website perspectives.on10.net. Perspectives is a series of in-depth conversations with passionate innovators. Most work for Microsoft; some work elsewhere; all are advancing the state of the art in areas as diverse as robotics, digital identity, e-science, and social software. Information technology is the common thread, and Perspectives appeals to the technically-minded, but the show also aims to tell stories in ways that make sense to a wider audience. Each installment of Perspectives is delivered as an audio podcast, and supplemented by a partial text transcript. The first episode was an interview with two guys from the Robotics Studio team, Tandy Trower and Henrik Frystyk Nielsen. The quality of the interview is clearly top notch, the scope of the topics strategic & forward looking but still solidly rooted in technology: Jon's editing makes things flow beautifully, and the transcript is incredibly handy for speed readers & search engines. In short, I LOVE IT :-) Hence, it is with ill-concealed pride that I announce the subject of the second episode : it is a chat I had with Jon back in December , just days before the book came out. The casus belli was the book itself, that Jon was so kind to read in prerelease version, but we ended up talking about identity on a much wider sense. We touched on certificates versus managed cards, omnidirectional vs unidirectional identities, WS-*, openID... Jon is a *great interviewer*, Read More...
|
-
Few days ago I've been notified that the 2nd chapter of our book "Understanding Windows CardSpace" is now available for free online , on the pages of Code Project (takes some time to load from my connection, don't give up). That's a very big chapter, for architects and business decision makers, focused on showing how the identity laws and the identity metasystem are addressing many of the challenges presented in chapter 1. It also shows the role played by WS-Trust & friends . There's not much of Windows CardSpace in this chapter, apart from its positioning as the identity selector that comes with Windows: in fact I like to think that the same text could have been used in a book about Higgins or any of the of the projects in this space. (BTW, Paul says extremely kind things about the book here . Thank you Paul !). Many of the topics in the chapter do not have a natural order of presentation, but they all sort of depend from one another in a way which was pretty difficult to disentangle. Furthermore it is important to introduce all the new concepts in the right context, in a coherent discussion, without forgetting anything important just because you approached the matter form one angle rather than another. To give you an idea of the planning effort it required, I fished from my archives one of my mindmaps for this chapter: Pretty wide, eh? I just *love* MindManager ! See, that's the essence of a discussion I had almost one year ago with my good friend Gianpaolo . We were discussing Read More...
|
-
Last week Caleb and I have been surprised in my office by Charles "Carlo" Torre and his camera. The result is an impromptu interview about CardSpace , which is currently on the front page of Channel9 (direct link here ). If you have time, take a look… we laugh a lot, but we manage to make some serious point here and there :-) and of course we mention the book , which is even on the "front frame". I have to remark that I am *always* amazed by Carlo 's skills as interviewer. He provides a fresh perspective, making the right questions, and yet he discreetly blends giving space to who is interviewed to make his point with his own personal style. And he's not afraid to put you in the spot and ask tough questions... he really takes the part of the audience. Carlo, it's always a pleasure to chat with you :-) Read More...
|
-
Ah, the beauty of models. A good model can capture the essence of a system, a phenomenon, anything: it allows you to easily manipulate things, make predictions, transport the knowledge you already have of a domain to a new one. It's just great, and as we will disclose more things about Oslo I am sure you'll have chance to experience this thing first hand. For the time being, let me dig a bit on a model factory we know very well: the identity metasystem. Back in November, during my EU tour , I had a great discussion with a policy maker: this person has an amazing understanding of the identity metasystem, a deep knowledge of the eID landscape, made all the right questions, he was just a pleasure to converse with. At a certain point he described how they were currently dealing with the problem of transporting in application form a very complex scenario, already tamed from the analytic & regulatory perspective. That prompted me to express a thought about how the identity metasystem could have helped there, and I was surprised by how well received that thought was: he told me he never heard things explained from that point of view, so I thought there could be some value in repeating that here. One of the powers of the identity metasystem, and its architectural backbone WS-*, is that it gives you the tools for describing the relevant aspects of existing relationships: who is affiliated with whom, what are the information an entity needs for making business with somebody, what the Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
In this post I am going to show you an example of CardSpace and an Office application working together. I know, I still owe you part II of the STS walkthrough ; however I delayed this post for months , and I promised I would have done it this long weekend so I can't really skip it this time. I will write the part II of the STS post in the next days. I don't know about you, but I spend a lot of time working with Office applications: Outlook & Word above all, but also OneNote, Excel... and they are really great. Typically I get data in and out of office by alt-tabbing through other apps, typically the browser. For example: how many times did you fiddle with cut&paste for inserting data from your Internet banking app to an Excel document of yours? Sure, many home banking websites offer you to export data in Money or Quicken format, sometime even in plain CSV; but wouldn't it be great to be able to access the data directly while you're working in Excel itself? Of course, we would not want to trade ease of use with security: importing data should be convenient, no doubts about it, but it should also guarantee levels of security proportionate to the sensitivity of the data handled. Sounds like a good example scenario: let's build around it. Let's assume that the website of our bank is ahead of the curve and allows its customers to sign in with personal cards for performing some simple, read-only operations (such as giving the list of all your accounts or the list of movements Read More...
|
-
I was recently browsing the home page of http://cardspace.netfx3.com/ , and a post from the forum caught my eye. The main argument is if the display token violates or not the first law, since the STS may decide to use different values in the display token and in the token itself; then there are a number of considerations about security that suggests we may not have done enough for explaining how things work. I am giving myself 30 mins for providing an alternative explanation and address the points mentioned in the forum post. Anyway, the bottom line is that the display token is actually what makes respecting the first law possible in the first place. Why can't the identity selector show claim values directly from the requested token? There are two main reasons. As correctly mentioned, the token requested may be encrypted for the intended RP hence unreadable from the selector The token may be in a format that is not understood from the subject's machine. CardSpace makes no assumptions about the token format, and leaves the matter in the hand of the RP and IP; the two can agree on a specific format by comparing their policies. This design keeps the door open for extensibility: if today you invent the coconut token (or the Durian oken, as I often say to my SIngapore colleagues & customers :)) you can go ahead and use it without changing anything in CardSpace's installation. So, even if the token given back by the STS would be unencrypted it would still be unwise to expect the Read More...
|
-
In short: I describe why claims are important for every developer and architect (not just the security expert), and I provide some heuristics for helping everybody to reason about claim based systems. I don't think we did an exceptionally good job in explaining claims based programming and its implications. A lot of the literature on the subject is for security experts, hence it explains claims based programming in terms of the delta that differentiates it from more classical methodologies (ACLs, groups, etc). Other material explains the topic for the non-initiated to security, highlighting how digital identity is made of claims and so on; however the point is often lost, because while the reader can see that identity is expressed in a natural way it is not clear *how* the system is superior to classical approaches. In that case a concept easy to grasp, multiple authoritative sources backing it and some generic coolness are all ingredients for a nice information cascade . It reminds of another eminent (IMHO) information cascade : the schema-first approach to service oriented programming. Schema first is great in a number of occasions, but uselessly onerous in many tactical scenario: you don't really need to concoct an XSD for every message you send internally or to system that will never ever have to interoperate, validate complex messages or manipulate standard entities. And yet, *a lot* of people got is as a dogma (ie, without really understanding why it's useful) and started Read More...
|
-
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments give the green light, hence I won't discuss those here; however I think it's interesting to share with you a summary of some of the things that I worked on, just to give you a measure of how .NET3.0 (especially CardSpace in my case) is relevant. It should give you an hint of how much impact you can have working in my group, so you'll be able to put announcements like this in the right perspective! I also hope that this will boost your confidence that the content of our upcoming book is based on very solid real world experience, earned by working daily with our key accounts in the identity space: the PG intent is tempered by immersing it in requirements from customer actually shipping solutions based on this thing that we call CardSpace. Which, by the way, is the reason for which I'm still at the computer at this time... big stuff is going on in cardspaceland! Projects, Briefings, Deep Dives This year I've worked with or briefed more than 45 enterprise companies on CardSpace/WCF/WF, good part of it at the very top of the fortune100 and global100 (ah, btw: just subscribed to Fortune. I was buying it all the times anyway). Sometimes it was just a 2 hours personalized QA, some other Read More...
|
-
As the title says, I added few sketches to the post "Credentials vs. Identity; Authentication vs.... what?" . I honestly think they will help clarifying few things: kudos to who managed to read it without anyway :-) and watch out for the racoon!!! Read More...
|
-
Here there's the cover sketch for our "Understanding Windows CardSpace" book. As you may have noticed, the Independent Technology Guides series has the tradition of putting an animal on the cover. While all the books of the series have gorgeous cover pictures (I especially like the lion on David's " Understanding .NET "), I don't think that there was ever any correlation between the animal chosen and the topic of the book. Well, for our book we tried to keep our choice in context: the racoon, with his mask and reputation (to stay in theme with a recent post , search for "tanuki" on your favorite search engine) seemed a very good candidate for a book about Identity. The guys at AW were very kind and made us happy :-) Read More...
|
|
|
|