|
|
Browse by Tags
All Tags » Identity » Wild Ideas (RSS)
-
You would not believe how often I have to set up identity enabled web sites: for verifying a theory, for proving a point with colleagues, for demos and events... really really often. Vast majority of cases those are barely proofs of concept, nothing elaborated, so I've been working for reducing the overhead that every project entails. Needless to say, Zermatt has been a miracle balm for this: instead of cut&paste reuse, I finally have a tool with most of the capabilities I need few intellisense steps away. However my laziness knows no boundaries, so I came out with something that's even faster: a Visual Studio template for web sites, which sets up the few knobs that Zermatt needs directly at project creation time. Oh, don't expect anything fancy: this is basically the RP project I walked you through few posts ago . The only difference is that instead of adding references, creating pages, dragging controls and working with the web.config the template itself takes care of that. I am providing the template as attachment to this post : you can just drop the ZIP it in C:\Users\<your user>\Documents\Visual Studio 2008\Templates\ProjectTemplates\Visual Web Developer (or equivalent, if you use another disk/OS) and next time you'll create a new web site with Visual Studio you'll find it under "My Templates" as shown below. Now. ALL possible disclaimers apply for this template, the web site produced is just an example and lacks A LOT of key capabilities that should instead be Read More...
|
-
In the last week or so Paul Madsen made at least a couple of posts with strong visual components: one that resumed my old 2005 post on a notation for message crypto, the other on Feynman diagrams . Nice! Paul, when I am in that mood I find especially pleasant to thumb through Tufte : I highly recommend it. Like Paul, in a former life I dealt with completely different stuff: I spent few years on computational geometry first , and on scientific visualization later. I am absolutely in love with what I do now ( proof ?), but I still have some residual forma mentis from those times. There's nothing on TV until Friday (can't wait for the next Battlestar Galactica!), and I am not focused enough to make real work; hence for this post I will indulge my inner geek a bit. On the topic of notation and diagrams, I often wonder if it would be of value to find an expressive representation of the claim propagation pattern. Would a circuit-like notation work? Or a network flow would work better? The main idea can be simple: all the claims inserted in the circuit must be there for a reason, since at a certain point the policy of an RP requested them; so for every claim produced there must be a piece of biz logic that eventually uses ("consumes") it. Hence IPs are sources and RPs are sinks; an initial coarse simplification may indirectly factor out subjects, by assuming that an RP-IP edge is in the schema if the subject chose to disclose. Let's take the example of one RP that implements a content Read More...
|
-
It's that time again. Few months ago the Italian government fell, and as a good citizen I am called to the right-duty of casting my vote for electing the new one. There's a little detail, though: while in the past that meant taking a short walk through my scenic little home town and meet few old friends at the voting office, the fact that I am now a resident of the Washington state in USA makes the walk a little too long. Luckily, technology comes to the rescue: I can cast my vote via mail :-). Since it is an interesting exercise in transmitting sensitive data, regardless of the transport, I thought it would be worth to go through it. Friday I received in the mail an envelope with all the stuff depicted below. The two voting slips are the forms on which I can express my preference for our two government chambers. Both slips are realized in thick paper, covered by a lines pattern that prevents to see what was the vote even if held against a bright light. You may think that it is an attempt of guaranteeing confidentiality . The two voting slips should be closed inside the voting slip envelope. Once closed, reopening it will irremediably ruin the envelope thus giving away the fact that the votes were seen or possibly spoofed. Again, you may think of this envelope as a mechanism of enforcing integrity . The voting slip envelope goes inside a preprinted mailing envelope, addressed to the Italian consulate. In the same mailing envelope goes the Tagliando Elettorale, which I loosely Read More...
|
-
(continues from Part I and Part II ) Finally we've lined up all the elements we need for understanding how we can get rid of the 1-2-3 tyranny, and deal with our business requirements directly instead of relying on an old model that forces us to perform unnecessary steps and introduces artificial dependencies. For making sense of what I write in this post you *really* need to read part I and II as well; without the right context, some of those things could be badly misinterpreted. Sorry :-) Outsourcing user authentication As much as I'd like to think that everybody is super interested in authentication, reality is that you may care very little about it. Let's say you are hosting your own blog, and comment spammers harass you. You can make their life more difficult by adding an authentication step, that will ask your readers to sign in before being able to comment. That's not a perfect system, but you know... security is a ladder. If you discouraged 70% of the spammers, you already made a great job. Or did you? Now you need to set up the authentication system, and above all maintain it. That means handling lost passwords; attacks to your credentials store, which may (read: will) contain passwords (well, hopefully hash derivations) your users are reusing with websites which feature higher value transaction; and many other annoyances. The blog example is a bit extreme on the low value gamut, but there are many other situations in which owning direct credentials authentication may Read More...
|
-
(continues from Part I ) You can consider this post and the fine grained analysis we made in Part I as a down payment for grasping the implications we'll see in Part III, which I plan to post in few hours (almost done). I was planning to have just 2 parts, but it came out far too long and I need 3 :). Here we'll see a very general architecture that can support the traditional authentication practice we described so far. Let me refresh your memory with those few key points we established last time: When we feel the need of authenticating users before giving access to our application, usually that's because we need the answer to some questions in order to execute correctly the service we are offering The question "are you a returning user" can be verified directly by using some mechanism, such as asking to the user to submit credentials . For almost all other questions we need to get an answer that satisfies us without a chance of verifying it directly in-band (messy, but if you read part I you'll understand) When we authenticate a user in "traditional" way, we essentially do three distinct things at the same time: We answer the question "are you a returning user?" by verifying the credentials We link the credentials to a profile in our archive We "dehydrate" that profile, and we use its content for answering our other questions We'll now review what are the architectural components that we customarily use for traditional authentication, that is to say what do we need for performing Read More...
|
-
From time to time it's healthy to challenge the assumptions, and look at (allegedly) familiar things with new eyes. Few weeks ago I had to do just that with the idea of authentication : I wanted to shake a bit an audience of architects, and make them * think* about the problem instead of relying on the stereotypes they had about it. Judging from the evals I've got, it worked :-) if you want to give it a try, check in at the door what you already know on the subject and come to play! The Tao of Authentication authentic being actually and exactly what is claimed from M-W When I say "authentication", what do you think of? No, I don't mean you identirati people, put your hands down; I mean what's the intuitive idea in the collective imagery. The typical answer you get from a generic audience is something like "it's when you check the identity of the user before giving access". That sounds in line with what traditionally happens as of today, but we'll see that there's more than meet the eye. Why do we authenticate, whatever that means? Simple. During the execution of the service we are offering we need the answer to some specific questions: the authentication phase is one of the ways in which we obtain the answer to those questions. Too abstract? Let me give you some notable examples. Questions Looks different from my usual messy sketches, eh? :) Well, that's a sample of my slides style. Some says they're too busy, some likes them... pick your camp. But I digress. Here we see our usual Read More...
|
-
Last week Caleb and I have been surprised in my office by Charles "Carlo" Torre and his camera. The result is an impromptu interview about CardSpace , which is currently on the front page of Channel9 (direct link here ). If you have time, take a look… we laugh a lot, but we manage to make some serious point here and there :-) and of course we mention the book , which is even on the "front frame". I have to remark that I am *always* amazed by Carlo 's skills as interviewer. He provides a fresh perspective, making the right questions, and yet he discreetly blends giving space to who is interviewed to make his point with his own personal style. And he's not afraid to put you in the spot and ask tough questions... he really takes the part of the audience. Carlo, it's always a pleasure to chat with you :-) Read More...
|
-
Ah, the beauty of models. A good model can capture the essence of a system, a phenomenon, anything: it allows you to easily manipulate things, make predictions, transport the knowledge you already have of a domain to a new one. It's just great, and as we will disclose more things about Oslo I am sure you'll have chance to experience this thing first hand. For the time being, let me dig a bit on a model factory we know very well: the identity metasystem. Back in November, during my EU tour , I had a great discussion with a policy maker: this person has an amazing understanding of the identity metasystem, a deep knowledge of the eID landscape, made all the right questions, he was just a pleasure to converse with. At a certain point he described how they were currently dealing with the problem of transporting in application form a very complex scenario, already tamed from the analytic & regulatory perspective. That prompted me to express a thought about how the identity metasystem could have helped there, and I was surprised by how well received that thought was: he told me he never heard things explained from that point of view, so I thought there could be some value in repeating that here. One of the powers of the identity metasystem, and its architectural backbone WS-*, is that it gives you the tools for describing the relevant aspects of existing relationships: who is affiliated with whom, what are the information an entity needs for making business with somebody, what the Read More...
|
-
It turns out that the channel9 video on ws-trust was down for (quite?) some time. I am pretty surprised by the number of people that is still checking out that clip! Now it works again, provided that you view it by clicking the download button (which, by the way, points to here ) as shown in the screenshot below. The embedded video control is still not working. Thanks to everybody who raised the issue ( Adlai , now I understand your comment about the video... sorry for not getting it earlier) and to Charles who fixed the problem at record speed. Read More...
|
-
Back in October 2005, few weeks after I moved to the US, I wrote a blog post in which I introduced the idea of a collective name for the federated resources accessible to a company. One of the names I proposed was federnet . At the time I made a quick search on the Internet to see if anybody was already using the term for something of the sort, but nobody appeared to. Well, I actually used the term in the book ; I don't know how I managed to get it past the severe reviewers of AW, but I did! :-) Now: since it appears on a publication, with its nice ISBN & classification according to the Library of Congress, I am tempted to say that it made a further step in the long road toward inclusion. We are still far from Merriam Webster or even just wikipedia , of course, but hey... you never know ;-) Before writing this post I made a short search on the term, just to see if it enjoyed any uptake, and I was pretty surprised to find an article on the CIO Magazine website that mentions the term federnet! The article, with a date almost a year after my blog post (the website says September the 13th, 2006), takes the consumer angle and a way more centralized approach, but its results are not too different from mine after all (use of standards, benefits of federation). It even mentions intranet and Internet vs federnet (though they are mentioned for assonance reasons, rather than conceptual kinship). I am sure that at the time a query for "federnet" on any search engine would have brought Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
On a flight from Rome to Warsaw: apparently the droning noise of the plane (or what's left of it after this ) inspires me, and now I finally have the means of pulling out live writer from a pocket and start writing. This time I'd like to explore with you some further consequences of the shift toward claims, and specifically some novel ways of thinking about authorization. The seeds of this discussion are already in the Tao of Claims , but its sheer length makes them accessible only to the very patient reader :-) If you take the time to have a chat with somebody involved in writing software that deal with authorization, you'll likely discover they are driven by 2 main tropisms: 1) stopping unauthorized calls as early as possible in the invocation pipeline and 2) empowering as much as possible the infrastructure guys to specify authorization policies as deployment time options. Both are perfectly sound principles, rooted in the reality of enterprise life: you want to consume as little resources as possible, and you want to be able to translate the company caste system of roles & groups in actual privileges in resource handling. IMHO, however, the view of authorization that those heuristics imply is somewhat crippled and does not exploit the claims system to its full potential. My point is basically rooted on two basic consideration: a) the outcome of an authorization operation is not necessarily just a boolean "yes you can call"/"no you can't call this method"; Read More...
|
-
In short: I describe why claims are important for every developer and architect (not just the security expert), and I provide some heuristics for helping everybody to reason about claim based systems. I don't think we did an exceptionally good job in explaining claims based programming and its implications. A lot of the literature on the subject is for security experts, hence it explains claims based programming in terms of the delta that differentiates it from more classical methodologies (ACLs, groups, etc). Other material explains the topic for the non-initiated to security, highlighting how digital identity is made of claims and so on; however the point is often lost, because while the reader can see that identity is expressed in a natural way it is not clear *how* the system is superior to classical approaches. In that case a concept easy to grasp, multiple authoritative sources backing it and some generic coolness are all ingredients for a nice information cascade . It reminds of another eminent (IMHO) information cascade : the schema-first approach to service oriented programming. Schema first is great in a number of occasions, but uselessly onerous in many tactical scenario: you don't really need to concoct an XSD for every message you send internally or to system that will never ever have to interoperate, validate complex messages or manipulate standard entities. And yet, *a lot* of people got is as a dogma (ie, without really understanding why it's useful) and started Read More...
|
-
In short: I briefly discuss some differences between the password based authentication model and the token based one; then I propose that we lack a proper term for describing some of the transactions enabled by cardspace and the token based model. Sometime we get so used to the metaphors used in computer science, that they cease to be metaphors. When I use my Windows' desktop I certainly don't think of my physical desk (though they are messy in a very similar fashion), nor I think of real folders when I design the directory structure of a Visual Studio project. During almost 2 years spent explaining CardSpace to a wide variety of people, I have noticed some consequences of this phenomenon in the identity management space. The Identity Metasystem offers a very natural way of thinking about identity, one that allows us to leverage the knowledge and skills that serve us well in identity-related transactions in the offline world (the beaten up driving license for buying alcohol example comes to mind). CardSpace supports that fully, by supplying a solid & intuitive way of handling tokens and exercising full control on what information is disclosed to whom. However, is that message intuitively compatible with the idea that the typical web site tenant have of authentication? In my experience, not always; luckily, however, bridging the gap is very easy and takes few simple considerations. In basic scenarios, authentication is often viewed as one mechanism for making sure that who Read More...
|
-
This morning I was reading Newsweek (before you get any ideas: I subscribed to BOTH Newsweek and Time) and the interesting account they made about the history of a person. Much is being written on the subject, just browse your favourite news website for the details: however the summary is that this person was traveling through Europe while having a drug-resistant form of tuberculosis, raising worries about the spread of the disease. Health officials tried to locate him and minimize his chances of infecting others (apparently the infection is much more likely to occur when you spend a long time with the subject, like in an airplane cabin). When they finally managed to talk to him he was in Rome: since there was no way for him to travel in "normal" ways back to US without endangering also the pilot, the guy was advised to hire a private jet or go to an Italian hospital. NOW there's the part of the story that is relevant to identity. This person didn't go to stay in an Italian hospital, nor he hired a private jet: he boarded a commercial flight and simply flew home. How did he do that? According to Newsweek, his name was promptly included in the no-fly list; however the man flew from the EU to Montreal, and apparently Canada was not alerted about the situation. Once entered in Canada he rented a car and drove into the US, managing to go through the border after few routine questions. The article I read is available in electronic form here . This story uncovers one drawback of relying Read More...
|
|
|
|