|
|
Browse by Tags
All Tags » Architecture - ... » Wild Ideas (RSS)
-
In the last week or so Paul Madsen made at least a couple of posts with strong visual components: one that resumed my old 2005 post on a notation for message crypto, the other on Feynman diagrams . Nice! Paul, when I am in that mood I find especially pleasant to thumb through Tufte : I highly recommend it. Like Paul, in a former life I dealt with completely different stuff: I spent few years on computational geometry first , and on scientific visualization later. I am absolutely in love with what I do now ( proof ?), but I still have some residual forma mentis from those times. There's nothing on TV until Friday (can't wait for the next Battlestar Galactica!), and I am not focused enough to make real work; hence for this post I will indulge my inner geek a bit. On the topic of notation and diagrams, I often wonder if it would be of value to find an expressive representation of the claim propagation pattern. Would a circuit-like notation work? Or a network flow would work better? The main idea can be simple: all the claims inserted in the circuit must be there for a reason, since at a certain point the policy of an RP requested them; so for every claim produced there must be a piece of biz logic that eventually uses ("consumes") it. Hence IPs are sources and RPs are sinks; an initial coarse simplification may indirectly factor out subjects, by assuming that an RP-IP edge is in the schema if the subject chose to disclose. Let's take the example of one RP that implements a content Read More...
|
-
It's that time again. Few months ago the Italian government fell, and as a good citizen I am called to the right-duty of casting my vote for electing the new one. There's a little detail, though: while in the past that meant taking a short walk through my scenic little home town and meet few old friends at the voting office, the fact that I am now a resident of the Washington state in USA makes the walk a little too long. Luckily, technology comes to the rescue: I can cast my vote via mail :-). Since it is an interesting exercise in transmitting sensitive data, regardless of the transport, I thought it would be worth to go through it. Friday I received in the mail an envelope with all the stuff depicted below. The two voting slips are the forms on which I can express my preference for our two government chambers. Both slips are realized in thick paper, covered by a lines pattern that prevents to see what was the vote even if held against a bright light. You may think that it is an attempt of guaranteeing confidentiality . The two voting slips should be closed inside the voting slip envelope. Once closed, reopening it will irremediably ruin the envelope thus giving away the fact that the votes were seen or possibly spoofed. Again, you may think of this envelope as a mechanism of enforcing integrity . The voting slip envelope goes inside a preprinted mailing envelope, addressed to the Italian consulate. In the same mailing envelope goes the Tagliando Elettorale, which I loosely Read More...
|
-
(continues from Part I and Part II ) Finally we've lined up all the elements we need for understanding how we can get rid of the 1-2-3 tyranny, and deal with our business requirements directly instead of relying on an old model that forces us to perform unnecessary steps and introduces artificial dependencies. For making sense of what I write in this post you *really* need to read part I and II as well; without the right context, some of those things could be badly misinterpreted. Sorry :-) Outsourcing user authentication As much as I'd like to think that everybody is super interested in authentication, reality is that you may care very little about it. Let's say you are hosting your own blog, and comment spammers harass you. You can make their life more difficult by adding an authentication step, that will ask your readers to sign in before being able to comment. That's not a perfect system, but you know... security is a ladder. If you discouraged 70% of the spammers, you already made a great job. Or did you? Now you need to set up the authentication system, and above all maintain it. That means handling lost passwords; attacks to your credentials store, which may (read: will) contain passwords (well, hopefully hash derivations) your users are reusing with websites which feature higher value transaction; and many other annoyances. The blog example is a bit extreme on the low value gamut, but there are many other situations in which owning direct credentials authentication may Read More...
|
-
(continues from Part I ) You can consider this post and the fine grained analysis we made in Part I as a down payment for grasping the implications we'll see in Part III, which I plan to post in few hours (almost done). I was planning to have just 2 parts, but it came out far too long and I need 3 :). Here we'll see a very general architecture that can support the traditional authentication practice we described so far. Let me refresh your memory with those few key points we established last time: When we feel the need of authenticating users before giving access to our application, usually that's because we need the answer to some questions in order to execute correctly the service we are offering The question "are you a returning user" can be verified directly by using some mechanism, such as asking to the user to submit credentials . For almost all other questions we need to get an answer that satisfies us without a chance of verifying it directly in-band (messy, but if you read part I you'll understand) When we authenticate a user in "traditional" way, we essentially do three distinct things at the same time: We answer the question "are you a returning user?" by verifying the credentials We link the credentials to a profile in our archive We "dehydrate" that profile, and we use its content for answering our other questions We'll now review what are the architectural components that we customarily use for traditional authentication, that is to say what do we need for performing Read More...
|
-
From time to time it's healthy to challenge the assumptions, and look at (allegedly) familiar things with new eyes. Few weeks ago I had to do just that with the idea of authentication : I wanted to shake a bit an audience of architects, and make them * think* about the problem instead of relying on the stereotypes they had about it. Judging from the evals I've got, it worked :-) if you want to give it a try, check in at the door what you already know on the subject and come to play! The Tao of Authentication authentic being actually and exactly what is claimed from M-W When I say "authentication", what do you think of? No, I don't mean you identirati people, put your hands down; I mean what's the intuitive idea in the collective imagery. The typical answer you get from a generic audience is something like "it's when you check the identity of the user before giving access". That sounds in line with what traditionally happens as of today, but we'll see that there's more than meet the eye. Why do we authenticate, whatever that means? Simple. During the execution of the service we are offering we need the answer to some specific questions: the authentication phase is one of the ways in which we obtain the answer to those questions. Too abstract? Let me give you some notable examples. Questions Looks different from my usual messy sketches, eh? :) Well, that's a sample of my slides style. Some says they're too busy, some likes them... pick your camp. But I digress. Here we see our usual Read More...
|
-
Last week Caleb and I have been surprised in my office by Charles "Carlo" Torre and his camera. The result is an impromptu interview about CardSpace , which is currently on the front page of Channel9 (direct link here ). If you have time, take a look… we laugh a lot, but we manage to make some serious point here and there :-) and of course we mention the book , which is even on the "front frame". I have to remark that I am *always* amazed by Carlo 's skills as interviewer. He provides a fresh perspective, making the right questions, and yet he discreetly blends giving space to who is interviewed to make his point with his own personal style. And he's not afraid to put you in the spot and ask tough questions... he really takes the part of the audience. Carlo, it's always a pleasure to chat with you :-) Read More...
|
-
Ah, the beauty of models. A good model can capture the essence of a system, a phenomenon, anything: it allows you to easily manipulate things, make predictions, transport the knowledge you already have of a domain to a new one. It's just great, and as we will disclose more things about Oslo I am sure you'll have chance to experience this thing first hand. For the time being, let me dig a bit on a model factory we know very well: the identity metasystem. Back in November, during my EU tour , I had a great discussion with a policy maker: this person has an amazing understanding of the identity metasystem, a deep knowledge of the eID landscape, made all the right questions, he was just a pleasure to converse with. At a certain point he described how they were currently dealing with the problem of transporting in application form a very complex scenario, already tamed from the analytic & regulatory perspective. That prompted me to express a thought about how the identity metasystem could have helped there, and I was surprised by how well received that thought was: he told me he never heard things explained from that point of view, so I thought there could be some value in repeating that here. One of the powers of the identity metasystem, and its architectural backbone WS-*, is that it gives you the tools for describing the relevant aspects of existing relationships: who is affiliated with whom, what are the information an entity needs for making business with somebody, what the Read More...
|
-
It turns out that the channel9 video on ws-trust was down for (quite?) some time. I am pretty surprised by the number of people that is still checking out that clip! Now it works again, provided that you view it by clicking the download button (which, by the way, points to here ) as shown in the screenshot below. The embedded video control is still not working. Thanks to everybody who raised the issue ( Adlai , now I understand your comment about the video... sorry for not getting it earlier) and to Charles who fixed the problem at record speed. Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
On a flight from Rome to Warsaw: apparently the droning noise of the plane (or what's left of it after this ) inspires me, and now I finally have the means of pulling out live writer from a pocket and start writing. This time I'd like to explore with you some further consequences of the shift toward claims, and specifically some novel ways of thinking about authorization. The seeds of this discussion are already in the Tao of Claims , but its sheer length makes them accessible only to the very patient reader :-) If you take the time to have a chat with somebody involved in writing software that deal with authorization, you'll likely discover they are driven by 2 main tropisms: 1) stopping unauthorized calls as early as possible in the invocation pipeline and 2) empowering as much as possible the infrastructure guys to specify authorization policies as deployment time options. Both are perfectly sound principles, rooted in the reality of enterprise life: you want to consume as little resources as possible, and you want to be able to translate the company caste system of roles & groups in actual privileges in resource handling. IMHO, however, the view of authorization that those heuristics imply is somewhat crippled and does not exploit the claims system to its full potential. My point is basically rooted on two basic consideration: a) the outcome of an authorization operation is not necessarily just a boolean "yes you can call"/"no you can't call this method"; Read More...
|
|
|
|