|
|
Browse by Tags
All Tags » Windows Cardspa... » the Cloud (RSS)
-
The latest issue of the Architecture Journal is available for download here (I am breaking the news even before the rest of the pages are updated from issue 15 to issue16: see how much I care about you?;-)). What makes this especially interesting is that issue 16 is entirely dedicated to identity! I have to admit that I've yet to read most of the articles, but I've definitely went through 2 of them: One is an interview/profile with Kim Cameron. It's a nice read, and I am sure you'll enjoy to know more about Kim The other is an article from yours truly, titled "Claims and Identity, On-Premise and Cloud Solutions". It expands on this post , and rolls in various others Writing for the Architecture Journal is a big honor, as you can see from the list of high profile former contributors, and I am very grateful to Diego for having my article in this issue. Thanks man! And thanks also to Gianpaolo , with whom I had many deep discussions that helped me to keep the abstraction tangents to what i hope is an acceptable level :-) As usual, if you have feedback feel free to send it my way Read More...
|
-
Well, it's almost one month since I wrote the last " useful " posts : you would not believe how incredibly busy I am on stuff I can't talk about just yet (but soon, very soon). In this quick update I am excited to report that I am going to speak at TechEd New Zealand & TechEd Australia ! As strange as it may sound, the 114 flights I've boarded since I moved to Corp (October 2005) never took me under the equatorial line; furthermore, it's since first grade that I'm told how cool it is that New Zealand is at the exact antipodes of Italy, has roughly a boot shape as well, etc... that's the farthest place from home I can travel to without leaving the planet :-) I am going to deliver 2 sessions , both in NZ and in AU: Identity & Cloud Services (Architecture track, level 300) The shift towards cloud computing is one of the major trends in today’s IT industry. As resources and assets are increasingly hosted off-premise, traditional strategies for access control and identity management are proving incapable of handling distributed scenarios and cross-boundary communication. This presentation briefly outlines how architectures relying on claims-based identity management, security tokens and open standards can address cloud computing scenarios with the same ease with which they can handle traditional ones. The identity capabilities of Biztalk Services will be featured as a concrete example of an application of the new paradigm. “Zermatt” Developer Framework: Putting Authentication Read More...
|
-
Almost one year ago I briefly mentioned the Biztalk Service SDK, here and here . A new version has recently been made available: you would not believe the amount of new features that were added to it in this timeframe. The main reason of excitement for me is that this new release supports managed cards ! It's a bit late at night here in Redmond and the drowsiness makes me feel less than bright right now, so I better defer detailed explanations to tomorrow (or the weekend). Anyway, for the identirati tuned in, this basically means that the service bus offers a R-STS that will accept, among many other means of authentication, also third party's managed cards. The behavior of the R-STS can be influenced by using the Biztalk Services identity portal , or by management API; you can translate attribute claims into authorization claims (if an incoming claim has a certain value you can issue a token which tells to the ultimate destination that the caller is authorized to perform the call; you can copy the input claims directly in the issued token so that the info is preserved; and so on). "Artist" rendering below: Again, I'll be more verbose in a later post: in fact, I plan to walk you through a sample that will make you hit the ground running exactly with that feature. The managed card support is the feature that I find most appealing ( surprised ?), but in fact there are many other great additions such as X509 authentication, REST management APIs, support for multiple languages ... Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments give the green light, hence I won't discuss those here; however I think it's interesting to share with you a summary of some of the things that I worked on, just to give you a measure of how .NET3.0 (especially CardSpace in my case) is relevant. It should give you an hint of how much impact you can have working in my group, so you'll be able to put announcements like this in the right perspective! I also hope that this will boost your confidence that the content of our upcoming book is based on very solid real world experience, earned by working daily with our key accounts in the identity space: the PG intent is tempered by immersing it in requirements from customer actually shipping solutions based on this thing that we call CardSpace. Which, by the way, is the reason for which I'm still at the computer at this time... big stuff is going on in cardspaceland! Projects, Briefings, Deep Dives This year I've worked with or briefed more than 45 enterprise companies on CardSpace/WCF/WF, good part of it at the very top of the fortune100 and global100 (ah, btw: just subscribed to Fortune. I was buying it all the times anyway). Sometimes it was just a 2 hours personalized QA, some other Read More...
|
-
Yesterday night I was going through the unresolved parts of the inbox, a fairly boring task, when Dennis rescued me: he chimed in via Messenger reminding me that a new version of the BizTalk Services SDK is out. It wasn't hard to switch my attention to something far more exciting, and I promptly installed it. If you had the old version of the SDK on your machine, I suggest uninstalling it before installing the new one. For the ones that were bold enough to play with the new binding at low level: the changes in the machine.config show how the assembly hierarchy and the object model changed: <!-- <system.serviceModel> <bindings> <relayBinding> <binding name="metadataExchangeRelayBinding" /> </relayBinding> </bindings> <client> <endpoint address="" binding="relayBinding" bindingConfiguration="metadataExchangeRelayBinding" contract="IMetadataExchange" name="net.relay" /> <metadata> <policyImporters> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingElementImporter, Microsoft.ServiceModel.Relay, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </policyImporters> <wsdlImporters> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingImporter, Microsoft.ServiceModel.Relay, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingElementImporter, Microsoft.ServiceModel.Relay, Read More...
|
-
Dennis announces the CTP of the Biztalk Services, one of the webbyest CTP we have: those are actually services, the only thing you need (if you want a quick start) is the SDK . There is much to be said about this new release, and I hope I'll be able to play with it soon (dear Editor, don't worry: I know I have to send the next chapter first :-)). However, I think that the most exciting news is in the following Dennis words: "your service opens at a URI on the connect.biztalk.net machines. Then a client connects to that URI and can start sending messages. We don’t want to be in the way of your app, so our relay will immediately try to establish a direct connection between clients" See? True P2P! What are you doing still reading this post, aren't you toying with it yet? :-) BTW, take a close look to the Identity Selector in the screenshot in Dennis' post: I'm sure that the loyal readers of this blog will recognize some of the cards (thanks James for pointing this out!) Read More...
|
-
[Edit: Added Silverlight SxS con WPF/E] In short: this is a tutorial on invoking Cardspace from a Sliverlight [WPF/E] control and how to use Silverlight [WPF/E] for showing data from a token . So easy that a long haired architect can do it :-) Silverlight [WPF/E] is Microsoft's technology for developing rich internet applications, but it is also going to be CROSS PLATFORM ( the CTP it is already available for Mac ). In light of the awesome work of the Bandit guys on an identity selector on other platforms , I believe it is important to start thinking about how to use this new RIA technology together with identity. In recent times I'm hearing more and more people interested in Rich Internet Applications, or RIA. That usually brings the discussion pretty quickly on Silverlight [WPF/E], our cross platform presentation technology that leverages a subset of XAML for doing cool things inside your browser. I am often asked how to plug CardSpace into it, so I thought to put toghether a post that shows how to do that. As you know it's few years that I am a server guy, so I don't spend too much time on colorful stuff: however I also like to cross pollinate different technologies, and I especially love to do it with CardSpace (I did it with WPF , with WF , with WCF and WPF ). Yesterday night I downloaded the WPF/E SDK , the WPF/E runtime for Windows and blocked 1 hour on the calendar of my excellent colleague Laurence Moroney , probably the best mentor I could get for ramping up super fast Read More...
|
-
In short: I discuss Sidebar Gadgets, and I show you how to invoke a CardSpace-protected WCF service from a simple Gadget. Full source code is provided, along with detailed commentary on the road I've followed for getting there. Added bonus: the code shows how to apply an arbitrary configuration file to WCF, an issue often encountered when hosting WCF code in processes you don't control. Sidebar Gadgets are mini applications which live in the Sidebar, a UI element on the Windows Vista desktop. They are extremely handy for keeping an eye on information you are often interested to; they are also very good at providing you a quick-reach UI for tasks you perform often. As you know I wear the server guy hat, so I'm not really the best person for explaining the advanteges of Gadget: I would suggest visiting Michael and Jaime blogs if you want more details on the subject. When I thought of how the gadget model could be useful for me, I realized that much of the information I'd like to keep an eye on happens to be confidential (like being notified if I received a wire transfer, or getting the access statistics from my website); the actions I want to take when I react to changes in those data are also requiring high security levels (like accessing a portion of my home banking for giving approval for a certain utility bill to be paid). So, would not be great if we could use CardSpace for authenticating the services accessed by a Gadget? I thought for few nights about the issue, devised a Read More...
|
-
Few days ago I have posted a tutorial on combining WPF/E and CardSpace for securing rich internet applications. Literally hours later Daniel Bartholomew , the great guy that extended dotnetnuke with a cardspace ready module , followed the tutorial and published the live example on the web! You can experience that by visiting his test page . Thank you Daniel, this is AWESOME !!!!!! :-) Read More...
|
-
In short: Gianpaolo presents a daring proposition about a deregulated IT . I believe that GP's idea is a very valid one. In the post below I explore the implications of a world where consumerism is brought to the extremes of IT deregulation: in such a world user centric identity management and user control/consent are key enabling aspects that cannot be ignored . From time to time I have nice chats with Gianpaolo, during which he gives me glimpses of his thinking about where IT is going. I especially liked his considerations about consumerism and deregulated IT: not that he finally made a post on the topic , I can share some of the trends and implications I draw from it. The foundation of this entire matter lies in becoming fully aware of the trend that has been dubbed as consumerism. This is already a pretty loaded term already, however I really like the position of Peter Sondergaard (Gartner director of global research), as captured by David Berlind at the Gartner Symposium/ITxpo: Sondergaard went on to describe how consumer technologies and configurations now rival and often exceed in the prowess of the corresponding technologies found in the organizations that are used to serving consumers on their terms ("their" being the organizational side). "Consumers are rapidly creating personal IT architectures capable of running corporate style IT architectures" said Sondergaard. "They have faster processors, more storage, and more bandwidth. In 2012, expect consumer technologies to Read More...
|
-
In short: this is a tutorial on invoking Cardspace from a WPF/E control and how to use WPF/E for showing data from a token . So easy that a long haired architect can do it :-) WPF/E is Microsoft's technology for developing rich internet applications, but it is also going to be CROSS PLATFORM ( the CTP it is already available for Mac ). In light of the awesome work of the Bandit guys on an identity selector on other platforms , I believe it is important to start thinking about how to use this new RIA technology together with identity. In recent times I'm hearing more and more people interested in Rich Internet Applications, or RIA. That usually brings the discussion pretty quickly on WPF/E, our cross platform presentation technology that leverages a subset of XAML for doing cool things inside your browser. I am often asked how to plug CardSpace into it, so I thought to put toghether a post that shows how to do that. As you know it's few years that I am a server guy, so I don't spend too much time on colorful stuff: however I also like to cross pollinate different technologies, and I especially love to do it with CardSpace (I did it with WPF , with WF , with WCF and WPF ). Yesterday night I downloaded the WPF/E SDK , the WPF/E runtime for Windows and blocked 1 hour on the calendar of my excellent colleague Laurence Moroney , probably the best mentor I could get for ramping up super fast on this technology. Thank you man!!!! My objective was to use that hour for coming out with a Read More...
|
-
I LOVE Wired . It's the only magazine I read on regular basis (every issue, actually) for which I DON'T have a subscription. That would deprive me from the pleasure of buying it as soon as I spot it on the shelf, thing that happen with other magazines (I am subscribed to Business2.0 : when I see it on the shelf I can't buy it no matter how appealing the cover story is, because I know I'll get a copy in the mail). I did this only for another publication in the past, "I cavalieri dello zodiaco" (u may know them as Saint Seya or 聖闘士星矢 ), so it's truly a big deal for me:-). I also love neologism, when they capture an important concept that didn't have a name yet. "Crowdhacking" is one of those. Back to the case on point. In the last issue there is a great article that explores the value of online reputation ... and ways of subverting current mechanisms of attributing it/using it. I won't make here the long dissertation you may expect on how Windows CardSpace and user-centric identification schemes can be of immense help there... first, because I'd like you to read the article first (so I don;t have to recreate its context here before saying my thing); second, because when you are writing a book every moment you spend writing something else makes you feel guilty for falling behind schedule :-) The latter is also the reason for which I'm not being very prolific lately, but I promise I'll try to do something about it in the coming weeks. There's really a lot to say on the subject! How Read More...
|
-
Dennis and his team just went live with, no pun intended, the all new & improved live labs STS !! While the former incarnation was a pure resource STS, this is a full fledged Identity Provider STS. If you have a Live ID, you can go throught the easy steps of the registration and get your very own live labs managed card. You have a choice of 2 authentication factors: self issued cards and username/password. Youc an then register the certificate of your RP, and you're all set. You can start playing with it from the very start! I am truly happy of this, you can finally get a direct feeling of what an identity authority is and how to incorporate it in your experiments. Unfortunately I don't have much time now to give more detailed instructions, but I'll do that as soon as I have a second. In the meanwhile, please remember: this is a lab, don't expect commercial-grade assurances. Below a screenshot of my indentity selector after the newly imported live labs card Great job Dennis et al! I suspect that there's the hand of Hervey as well :-) Read More...
|
|
|
|