|
|
Browse by Tags
All Tags » Identity » Windows Presentation Foundation (RSS)
-
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments give the green light, hence I won't discuss those here; however I think it's interesting to share with you a summary of some of the things that I worked on, just to give you a measure of how .NET3.0 (especially CardSpace in my case) is relevant. It should give you an hint of how much impact you can have working in my group, so you'll be able to put announcements like this in the right perspective! I also hope that this will boost your confidence that the content of our upcoming book is based on very solid real world experience, earned by working daily with our key accounts in the identity space: the PG intent is tempered by immersing it in requirements from customer actually shipping solutions based on this thing that we call CardSpace. Which, by the way, is the reason for which I'm still at the computer at this time... big stuff is going on in cardspaceland! Projects, Briefings, Deep Dives This year I've worked with or briefed more than 45 enterprise companies on CardSpace/WCF/WF, good part of it at the very top of the fortune100 and global100 (ah, btw: just subscribed to Fortune. I was buying it all the times anyway). Sometimes it was just a 2 hours personalized QA, some other Read More...
|
-
[Edit: Added Silverlight SxS con WPF/E] In short: this is a tutorial on invoking Cardspace from a Sliverlight [WPF/E] control and how to use Silverlight [WPF/E] for showing data from a token . So easy that a long haired architect can do it :-) Silverlight [WPF/E] is Microsoft's technology for developing rich internet applications, but it is also going to be CROSS PLATFORM ( the CTP it is already available for Mac ). In light of the awesome work of the Bandit guys on an identity selector on other platforms , I believe it is important to start thinking about how to use this new RIA technology together with identity. In recent times I'm hearing more and more people interested in Rich Internet Applications, or RIA. That usually brings the discussion pretty quickly on Silverlight [WPF/E], our cross platform presentation technology that leverages a subset of XAML for doing cool things inside your browser. I am often asked how to plug CardSpace into it, so I thought to put toghether a post that shows how to do that. As you know it's few years that I am a server guy, so I don't spend too much time on colorful stuff: however I also like to cross pollinate different technologies, and I especially love to do it with CardSpace (I did it with WPF , with WF , with WCF and WPF ). Yesterday night I downloaded the WPF/E SDK , the WPF/E runtime for Windows and blocked 1 hour on the calendar of my excellent colleague Laurence Moroney , probably the best mentor I could get for ramping up super fast Read More...
|
-
In short: this is a tutorial on invoking Cardspace from a WPF/E control and how to use WPF/E for showing data from a token . So easy that a long haired architect can do it :-) WPF/E is Microsoft's technology for developing rich internet applications, but it is also going to be CROSS PLATFORM ( the CTP it is already available for Mac ). In light of the awesome work of the Bandit guys on an identity selector on other platforms , I believe it is important to start thinking about how to use this new RIA technology together with identity. In recent times I'm hearing more and more people interested in Rich Internet Applications, or RIA. That usually brings the discussion pretty quickly on WPF/E, our cross platform presentation technology that leverages a subset of XAML for doing cool things inside your browser. I am often asked how to plug CardSpace into it, so I thought to put toghether a post that shows how to do that. As you know it's few years that I am a server guy, so I don't spend too much time on colorful stuff: however I also like to cross pollinate different technologies, and I especially love to do it with CardSpace (I did it with WPF , with WF , with WCF and WPF ). Yesterday night I downloaded the WPF/E SDK , the WPF/E runtime for Windows and blocked 1 hour on the calendar of my excellent colleague Laurence Moroney , probably the best mentor I could get for ramping up super fast on this technology. Thank you man!!!! My objective was to use that hour for coming out with a Read More...
|
-
If you are watching the Card-space, I'm sure you didn't miss it: the Otto Store smart client application, announced during TechEd Europe and VSLive, is now up and running. You can download and install it from there . This news is relevant to this blog in different ways. The Otto store is the first application available on the internet to use managed cards. It is the first application to secure web services call via CardSpace. And among the customers I have worked with in the last year, Otto is the first one to release a CardSpace based application. Hoooray! It was a pleasure to work with everybody on the project, I can't tell you the satisfaction of seeing all this beautifully coming together. I could fill the entire post just with juicy annedoctes, like the time when me and Jaime (the great guy who dealt with the WPF parts here in Corp) flew in Germany for the first ADS: we took an early cab from downtown Munich to the offices, and it was the very first ride of the very first work day of our extremely young driver. A 20 mins drive became a 45 mins tour in the foggy & frozen countryside around Munich, with the driver increasily panicking: the GPS was banned by his company policy, so I could not pull out my beloved Universal and give him a hand. He was very brave and professional! In the end we did it to the meeting, though with some delay: looking at he app today, anyway, looks like that delay didn't really matter that much. But you're not interested in annedoctes, are you: Read More...
|
-
The comments to my blog stopped working. I am working on it, but in the meanwhile here there's the answer to a comment left by Matt to my former post on PPID vs UniqueID . Monday, January 15, 2007 6:55 AM by Matt Ellis # re: UniqueID and PPID Hi Vittorio. I'm wondering what happens if the IP's cert changes (perhaps the private key is compromised)? With a bit of co-ordination, you can update your copy of their public key, so you can still verify incoming tokens, but would the unique id now be incorrect? Is this even a situation that can happen? Cheers! Matt Hello Matt, apologies for the delay. We exclude from the discussion the selfissued card case: if the public key changes, this means that the eintire card changed (including the PPID) and it makes sense to ask to repeat the registration. That said: Your unique ID can be a function of the public key of the IP and of the PPID: Uid = F(Pipkey,PPID) In theory, if you (the RP) stored the PPID somewhere (and it didn't change in the process, more about it later) you could just reapply the F above and substitute the Uid value in your store. In practice: when you use a managed card, you can't be sure of what the PPID value will be. Actually, we recommend to IPs to make that claim available but they can choose not to add it at all. For self issued cards the PPID is a function of the cardID and of the public key of the RP: PPID = G(Prpkey,Cardid) Even if we'd apply the same formula for managed cards: the Prpkey may not be available to the Read More...
|
-
Well, what a alliterative title :-) I've been asked in several occasions how to use managed cards, and specifically the simple STS sample , together with the surprisingly popular WPF smartclient sample . It is not especially difficult: few changes in the configuration and you're all set. The only nuisances arise from the fact that when you set up a full end to end CardSpace scenario sample on a single machine you are basically trying to sing, play the guitar and the drums at the same time: setting up SSL for RPs and IPs, tweaking the hosts file for mapping website names to IPs, setting up certificates and permissions, making sure that web proxies and ISA will not sabotage your "artificial" connectivity, setting up virtual directories for CRLs and logotypes... those are all things that need to be done. In this case we can make some serious semplification by not adding any virtual directory, since all moving parts live in a dedicated process (RPs and STS in their own console app, the client in the WPF app). That would mean no logotypes and no CRL, though. While for the sake of the example we can go around the former, the latter has the potential of upsetting WCF big time; we'll how to mitigate that. Just remember that logotypes and CRL would be something you don't want to give up in production, here we are simply trying to see CardSpace in action. In this post I am making the assumption that you set up the simple STS at the address , and that it is secured by a certificate with Read More...
|
-
Well, what a week :) Monday and Tuesdsay, @ S.Diego for the Gartner Healthcare Summit . Ben Flock (mighty PSA!), Chris Henchey (COO & Cofounder of Choicelinx ) and I presented a case study about cross entity authentication in Healthcare. The session was largely based on the learnings derived from a WCF early adoption project we had with Cigna/Choicelinx: incidentally, the case study of that project is out :) let me know if you like the picture! During the session, though, we demonstrated the next step: that is to say, CardSpace-enabling the scenario and seeing dev times becoming from small (with WCF) to risible. I am truly impressed with Chris: in my experience his openness to completely novel ideas is something that is not easy to find in his environment. I'm truly honored we copresented! Anyway, as soon as I was back I had an internal CardSpace show&tell with colleagues form another division. It was supposed to be 30 mins, but we ended up doing 1:30 :-) yes, I'm horribly verbose, but to my defense nobody stopped me! And we came out with very interesting questions, though. Then, the craziest times of all: I had to prepare for the EMEA tour I'm doing. Not that easy! Close mails, review docs, push out the WPF/WCF smartclient secured with cardspace with caching , install vista RTM.... vista is not a difficult install per se, actually it was a breeze: it's that my machines are practically protesic extensions of my brain, and if something malfunctions... it's a problem. So Read More...
|
-
Hello everybody. It's some time that I have this sample in the buffer: I am publishing now in a rush, since this sundaly I leave for 2 weeks in EU for some nice CardSpace briefings here and there. I won't be on mail very much, so I hope you will hold most questions for when I will be back in Redmond :-) I would really love to speak at lenght about this, but I really don't have much time (I have also to mention all the ones that helped, and the list is long!:)). For the time being I am including an exerpt of the sample documentation: later I'll go deeper on it. Enjoy :) Vittorio --------------------------------------------- Windows CardSpace, WCF and Token Caching Windows CardSpace provides a consistent experience across web and rich client scenarios. Windows Communication Foundation (WCF) supports CardSpace out of the box, supplying a powerful means of handling authentication in web service based applications: users enjoy an easy experience that shields them from the complexities of WS-Policy, while WCF receives a token for securing the messages. The WCF programming model stores credentials on a per-channel basis: hence, in normal conditions the user would be prompted to choose a card as many times as a channel is created and used. WCF extensibility model, however, offers an easy way of modifying this behavior. The sample presented here demonstrates how a simple WPF application can leverage CardSpace for securing the access to two different WCF web services, prompting the user Read More...
|
|
|
|