|
|
Browse by Tags
All Tags » Book » CardSpace » Identity (RSS)
-
It's since April that I don't write about the book (at the time we released the entire Chapter 2 on MSDN ). Last week I received notice that 2 new reviews were published: one is from the Denver Visual Studio User Group , the other is on Paul Van Brenk's blog . Both reviews are extremely nice, for which we are very grateful; I especially like the fact that in both cases the reviewers perceived our intention to deal with the problem from an holistic point of view, regardless of our affiliation with a technology or another. Thank you guys! (update: I've just stumbled in another review I didn't know about, on (in)secure magazine issue 17 . Niiiiice). In fact, in the last months various illustrious figures mentioned our book as well: David Chappell , Drummond Reed and Francis Shanahan wrote extremely nice reviews I never mentioned here until now, while I did mention the first entries from Kim and Mike . Add that to the podcast on Perspectives , the interview on channel9 with Carlo & Caleb, the podcast on SearchWinDevelopment , the bonus chapter on codeproject , the extremely nice reviews on the Amazon US page ... and again, mentions from Neil Hutson , Alexander Strauss , Feliciano Intini , Mario Fontana , ... I am sure I am forgetting something (for which I apologize). And now that I begun to hang out at Identity conferences, I can't tell you how pleasant it is to have complete strangers zeroing on you and telling you all sorts of nice things :-) I guess I am easily recognizable Read More...
|
-
The Cardspace landing page on MSDN has now a reference (link at the very top) to a PDF copy of the chapter 2 of " Understanding Windows CardSpace ", which features the series layout for side comments & perspective boxes (mentioned here ). Thanks to everybody who helped making this happen. Enjoy! :-) Read More...
|
-
Few weeks ago Caleb and I had a nice phone interview with Jack Vaughan, during which we gave a short intro to CardSpace and mentioned the book ; the result is a 6 mins podcast (available here ). Thanks Jack & SearchWinDevelopment ! Read More...
|
-
Jon Udell recently launched a new interesting format on the website perspectives.on10.net. Perspectives is a series of in-depth conversations with passionate innovators. Most work for Microsoft; some work elsewhere; all are advancing the state of the art in areas as diverse as robotics, digital identity, e-science, and social software. Information technology is the common thread, and Perspectives appeals to the technically-minded, but the show also aims to tell stories in ways that make sense to a wider audience. Each installment of Perspectives is delivered as an audio podcast, and supplemented by a partial text transcript. The first episode was an interview with two guys from the Robotics Studio team, Tandy Trower and Henrik Frystyk Nielsen. The quality of the interview is clearly top notch, the scope of the topics strategic & forward looking but still solidly rooted in technology: Jon's editing makes things flow beautifully, and the transcript is incredibly handy for speed readers & search engines. In short, I LOVE IT :-) Hence, it is with ill-concealed pride that I announce the subject of the second episode : it is a chat I had with Jon back in December , just days before the book came out. The casus belli was the book itself, that Jon was so kind to read in prerelease version, but we ended up talking about identity on a much wider sense. We touched on certificates versus managed cards, omnidirectional vs unidirectional identities, WS-*, openID... Jon is a *great interviewer*, Read More...
|
-
As mentioned in a post last November , Kim himself made us the huge honor of writing the foreword of our book "Understanding Windows CardSpace" . Today I had the same thrill as, while opening his blog , I've seen he dedicated an entire post to it ! You know, it's a strange feeling to go through the post and, like with the foreword, once again realize that Kim Cameron took the time to read what we wrote about a subject that owes so much to him :-) The part I personally prefer is the following: Above all, it is a readable book that balances technology with the broader issues of identity. I imagine almost anyone who reads this blog will have something to gain from it. I especially recommend it for people who want a holistic introduction to digital identity, CardSpace and web services. I think the book is excellent for students. I even expect it will be enjoyed by more than one policy maker who wants to understand the underlying technical problems of identity. That's exactly what we hoped to achieve: offering an entry point for whoever wants to participate to the discussion about identity, regardless of their previous knowledge of the subject, while trying to deliver value also to people already fairly familiar with this space. It was a challenging task and those words from Kim are the best validation of our effort we could have ever hoped for. Thanks!!!!! :-) Read More...
|
-
Progress , my friends, is a wonderful thing :-) Read More...
|
-
Very impressive! I am sure that this great ranking is also thanks to the readers of this blog... so THANKS :-) Amazon stats are very volatile (I'll make a more detailed post about it), but it's still great. I think this is the best rank we got since publication. I am so glad that the topic elicits all this attention. I can't imagine what will happen once we'll move to the next phase ;-) Read More...
|
-
[synopsis for the English readers: a financial newspaper in Italy published an article about CardSpace ; I make some considerations about it] Cari lettori italiani, e' parecchio che non scrivo un post nella lingua natia... come e' parecchio che non trovo il tempo di pescare qualche collega italico e immortalarlo per Italia9 ; provero' a fare qualcosa a fine febbraio, ma non prometto nulla :-) Comunque. Oggi sono passato dall'ufficio di Kim Cameron , per portargli una copia del Libro (autografata :-))e ringraziarlo ancora per la sua lusinghiera prefazione. Mentre stiamo amabilmente discutendo come sta andando il libro (bene, grazie!!! ;)) improvvisamente si interrompe ed esclama "ah, I've got something to show YOU". Woah, chissa' cos'e'.. non gli sara' piaciuto qualcosa che ho detto nel video uscito ieri su channel9 e mi vuole bastonare? Si mette ad armeggiare con la stampante e mi porge il printout di un articolo su cardspace ... in italiano! Quando e' passato dall'Italia lo scorso Novembre (Feliciano ne ha parlato qui ) e' stato intervistato da ilSole24Ore, che oggi ha pubblicato un articolo al riguardo . L'articolo e' ben bilanciato, e IMHO riesce bene nel comunicare l'essenza del problema anche ai non addetti ai lavori. Sono davvero felice che una testata prestigiosa come ilSole24Ore contribuisca a portare il problema all'attenzione di tutti e soprattutto dei business decision makers. L'unica cosa che mi sento di sollevare e' lo spelling sbagliato del progetto Higgins ("HiggHins"), Read More...
|
-
Last week Caleb and I have been surprised in my office by Charles "Carlo" Torre and his camera. The result is an impromptu interview about CardSpace , which is currently on the front page of Channel9 (direct link here ). If you have time, take a look… we laugh a lot, but we manage to make some serious point here and there :-) and of course we mention the book , which is even on the "front frame". I have to remark that I am *always* amazed by Carlo 's skills as interviewer. He provides a fresh perspective, making the right questions, and yet he discreetly blends giving space to who is interviewed to make his point with his own personal style. And he's not afraid to put you in the spot and ask tough questions... he really takes the part of the audience. Carlo, it's always a pleasure to chat with you :-) Read More...
|
-
Ah, the beauty of models. A good model can capture the essence of a system, a phenomenon, anything: it allows you to easily manipulate things, make predictions, transport the knowledge you already have of a domain to a new one. It's just great, and as we will disclose more things about Oslo I am sure you'll have chance to experience this thing first hand. For the time being, let me dig a bit on a model factory we know very well: the identity metasystem. Back in November, during my EU tour , I had a great discussion with a policy maker: this person has an amazing understanding of the identity metasystem, a deep knowledge of the eID landscape, made all the right questions, he was just a pleasure to converse with. At a certain point he described how they were currently dealing with the problem of transporting in application form a very complex scenario, already tamed from the analytic & regulatory perspective. That prompted me to express a thought about how the identity metasystem could have helped there, and I was surprised by how well received that thought was: he told me he never heard things explained from that point of view, so I thought there could be some value in repeating that here. One of the powers of the identity metasystem, and its architectural backbone WS-*, is that it gives you the tools for describing the relevant aspects of existing relationships: who is affiliated with whom, what are the information an entity needs for making business with somebody, what the Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
In this post I am going to show you an example of CardSpace and an Office application working together. I know, I still owe you part II of the STS walkthrough ; however I delayed this post for months , and I promised I would have done it this long weekend so I can't really skip it this time. I will write the part II of the STS post in the next days. I don't know about you, but I spend a lot of time working with Office applications: Outlook & Word above all, but also OneNote, Excel... and they are really great. Typically I get data in and out of office by alt-tabbing through other apps, typically the browser. For example: how many times did you fiddle with cut&paste for inserting data from your Internet banking app to an Excel document of yours? Sure, many home banking websites offer you to export data in Money or Quicken format, sometime even in plain CSV; but wouldn't it be great to be able to access the data directly while you're working in Excel itself? Of course, we would not want to trade ease of use with security: importing data should be convenient, no doubts about it, but it should also guarantee levels of security proportionate to the sensitivity of the data handled. Sounds like a good example scenario: let's build around it. Let's assume that the website of our bank is ahead of the curve and allows its customers to sign in with personal cards for performing some simple, read-only operations (such as giving the list of all your accounts or the list of movements Read More...
|
-
Flying from Brussels to Reykjavik (hey, I've finally learned to spell it?). Damn economy seat on the boundary with biz class, the curtain keeps falling in front of the X61 screen. I have tons of things to do, I am behind on a lot of fronts and I know that people will nag me with "if you found time to blog, you can surely do X for me!". I know I know, the only excuse I have is that since the beginning of the month I am literally going from a flight to an auditorium to another flight (at least I didn't change currency for the first 3 countries :-)). I don't feel especially intelligent this night (not that usually I feel particularly gifted, mind you), so I won't hurdle myself in a code sample post (I have few in the buffer) or a " cheap philosopher " one (ditto): instead, I'll do a bit of story telling about our much discussed book . First of all, this thing is giving us big satisfactions even before being on the shelves. Three random ones, in order of appearance. Few weeks ago Mike spent incredibly kind words about our work . Very few people, if any, have a view on today's identity panorama & players as comprehensive as Mike's: being defined "essential resource" gives a very, very nice feeling. Thank you Mike! Some posts ago I teased about the identity (pun sort of intended) of the author of the book's foreword, but now that the rough cut has been updated it does not make sense to keep being silent on that. Imagine having written a book about relativity, and ending up with Read More...
|
-
I was recently browsing the home page of http://cardspace.netfx3.com/ , and a post from the forum caught my eye. The main argument is if the display token violates or not the first law, since the STS may decide to use different values in the display token and in the token itself; then there are a number of considerations about security that suggests we may not have done enough for explaining how things work. I am giving myself 30 mins for providing an alternative explanation and address the points mentioned in the forum post. Anyway, the bottom line is that the display token is actually what makes respecting the first law possible in the first place. Why can't the identity selector show claim values directly from the requested token? There are two main reasons. As correctly mentioned, the token requested may be encrypted for the intended RP hence unreadable from the selector The token may be in a format that is not understood from the subject's machine. CardSpace makes no assumptions about the token format, and leaves the matter in the hand of the RP and IP; the two can agree on a specific format by comparing their policies. This design keeps the door open for extensibility: if today you invent the coconut token (or the Durian oken, as I often say to my SIngapore colleagues & customers :)) you can go ahead and use it without changing anything in CardSpace's installation. So, even if the token given back by the STS would be unencrypted it would still be unwise to expect the Read More...
|
-
In short: I describe why claims are important for every developer and architect (not just the security expert), and I provide some heuristics for helping everybody to reason about claim based systems. I don't think we did an exceptionally good job in explaining claims based programming and its implications. A lot of the literature on the subject is for security experts, hence it explains claims based programming in terms of the delta that differentiates it from more classical methodologies (ACLs, groups, etc). Other material explains the topic for the non-initiated to security, highlighting how digital identity is made of claims and so on; however the point is often lost, because while the reader can see that identity is expressed in a natural way it is not clear *how* the system is superior to classical approaches. In that case a concept easy to grasp, multiple authoritative sources backing it and some generic coolness are all ingredients for a nice information cascade . It reminds of another eminent (IMHO) information cascade : the schema-first approach to service oriented programming. Schema first is great in a number of occasions, but uselessly onerous in many tactical scenario: you don't really need to concoct an XSD for every message you send internally or to system that will never ever have to interoperate, validate complex messages or manipulate standard entities. And yet, *a lot* of people got is as a dogma (ie, without really understanding why it's useful) and started Read More...
|
|
|
|