It's since April that I don't write about the book (at the time we released the entire Chapter 2 on MSDN ). Last week I received notice that 2 new reviews were published: one is from the Denver Visual Studio User Group , the other is on Paul Van Brenk's blog . Both reviews are extremely nice, for which we are very grateful; I especially like the fact that in both cases the reviewers perceived our intention to deal with the problem from an holistic point of view, regardless of our affiliation with

Almost one year ago I briefly mentioned the Biztalk Service SDK, here and here . A new version has recently been made available: you would not believe the amount of new features that were added to it in this timeframe. The main reason of excitement for me is that this new release supports managed cards ! It's a bit late at night here in Redmond and the drowsiness makes me feel less than bright right now, so I better defer detailed explanations to tomorrow (or the weekend). Anyway, for the identirati

Jon Udell recently launched a new interesting format on the website perspectives.on10.net. Perspectives is a series of in-depth conversations with passionate innovators. Most work for Microsoft; some work elsewhere; all are advancing the state of the art in areas as diverse as robotics, digital identity, e-science, and social software. Information technology is the common thread, and Perspectives appeals to the technically-minded, but the show also aims to tell stories in ways that make sense to

(continues from Part I and Part II ) Finally we've lined up all the elements we need for understanding how we can get rid of the 1-2-3 tyranny, and deal with our business requirements directly instead of relying on an old model that forces us to perform unnecessary steps and introduces artificial dependencies. For making sense of what I write in this post you *really* need to read part I and II as well; without the right context, some of those things could be badly misinterpreted. Sorry :-) Outsourcing

(continues from Part I ) You can consider this post and the fine grained analysis we made in Part I as a down payment for grasping the implications we'll see in Part III, which I plan to post in few hours (almost done). I was planning to have just 2 parts, but it came out far too long and I need 3 :). Here we'll see a very general architecture that can support the traditional authentication practice we described so far. Let me refresh your memory with those few key points we established last time:

Well, don't get fooled. I'm not going to make any big philosophical considerations about technology and privacy (though I may do that in the future), but I will talk about the little project I've put together after three gintonics & the MIX party at TAO . I am often on the road. When I am homesick I often open a terminal server session with one of my home machines and fire up the webcam; sometime I am in dramatically different timezones, so it's nice seeing that where I am it is dark but back

As mentioned in a post last November , Kim himself made us the huge honor of writing the foreword of our book "Understanding Windows CardSpace" . Today I had the same thrill as, while opening his blog , I've seen he dedicated an entire post to it ! You know, it's a strange feeling to go through the post and, like with the foreword, once again realize that Kim Cameron took the time to read what we wrote about a subject that owes so much to him :-) The part I personally prefer is the following: Above

In short: I show a simple class that checks the signature of self issued tokens sent on a normal HTTP connection (as opposed to HTTPS); the same class takes care of generating a UniqueID and giving access to claims. It basically covers for the NoSSL case the core functions that TokenHelper offers for the SSL case. Today for few hours I found myself living in the early 90s. I agreed with Mario to meet at Victor's , the only place where coffee meets the bar of the Italian community here in Redmond,

You know, even before considering its merits (and they are many): I've always *LOVED* the sheer fact that the Higgins project exists . Higgins in the tangible proof that all this user centered identity talking truly is a movement that touches everyone. You have no idea of how many times, during the many briefings I gave on CardSpace and the IdM in the last 2+ years, somebody in the audience invariably rose to say "Hey, this is all fine and dandy, but you're Microsoft: what guarantees do I have that

From time to time it's healthy to challenge the assumptions, and look at (allegedly) familiar things with new eyes. Few weeks ago I had to do just that with the idea of authentication : I wanted to shake a bit an audience of architects, and make them * think* about the problem instead of relying on the stereotypes they had about it. Judging from the evals I've got, it worked :-) if you want to give it a try, check in at the door what you already know on the subject and come to play! The Tao of Authentication