|
|
-
I am sure you are all more than familiar with DreamSpark , the amazing (YES, amazing. Bravo Milo!) offer through which Microsoft gives access to developer & designer tools at no charge. That requires, naturally, to be able to prove that you are indeed a student. Eduserv is a not-for-profit UK-based organization that focuses on IT solutions for the education sector: their identity management solutions are used by over 4 millions of students from universities in UK & other countries. And here comes the interesting bit: Eduserv wrote an identity management component for DreamSpark integrated with their OpenAthens SP , and based on WCF & CardSpace :-) you can read about this on a recently published case study (word document here ). With all the identity talent that runs abundant in the Microsoft offices in UK (Paul MacKinnon & Planky, congrats!) it is not really a surprise to see that they are ahead of the curve, but it is most definitely a pleasure :-) congratulations to all the people involved! Read More...
|
-
The latest issue of the Architecture Journal is available for download here (I am breaking the news even before the rest of the pages are updated from issue 15 to issue16: see how much I care about you?;-)). What makes this especially interesting is that issue 16 is entirely dedicated to identity! I have to admit that I've yet to read most of the articles, but I've definitely went through 2 of them: One is an interview/profile with Kim Cameron. It's a nice read, and I am sure you'll enjoy to know more about Kim The other is an article from yours truly, titled "Claims and Identity, On-Premise and Cloud Solutions". It expands on this post , and rolls in various others Writing for the Architecture Journal is a big honor, as you can see from the list of high profile former contributors, and I am very grateful to Diego for having my article in this issue. Thanks man! And thanks also to Gianpaolo , with whom I had many deep discussions that helped me to keep the abstraction tangents to what i hope is an acceptable level :-) As usual, if you have feedback feel free to send it my way Read More...
|
-
With few weeks of delay I finally forced in my schedule the conclusion of my little getting started series "... using Zermatt" (links to former episodes: setting up an STS for smartcard-backed managed cards & issuing smartcard-backed managed cards ). The first posts I wrote about Zermatt were all about producing identity info: today we'll take a look at consuming those info, something that will be done a lot more (there are only few mints, but an ocean of ways to spend the money they produce) and, fortunately, is also a dramatically simpler programming task. Before we go any further: Please. Read. Keith's. White paper . This series of posts is a quick & dirty guide, designed to get you started and to be easily found via search engines when you need a quick lookup: Keith's article is exhaustive & well polished, hence (together with the product documentation) should be your main reference. I am Vittorio Bertocci and I approve of this message (if you don't live in the US, nevermind :-)). Aaaaalllrighty, back to business. Thanks to the 2 former posts, we have an active STS and its associated managed card. Now we want to write a website which uses that STS for acquiring some info about our users in form of claims. Here the highest order bit is not the security paraphernalia we need to be familiar with when we work at the STS level: when designing an RP, the application biz requirements should be king. Taking that in mind, let's wear our web site dev hat and work backward Read More...
|
-
-
Let's avoid the word "credential". It has so many meanings as to be confusing Read More...
|
-
Timely patching of one's operating system needs to be one of the host of requirements placed on any identity provider Read More...
|
-
Passwords seem perfectly natural "because we’ve been trained to repeat them so much" Read More...
|
-
I am pleased to announce the publication of the Identity Selector Interoperability Profile V1.5 and companion guides. The ISIP (as it’s come to be called) documents the protocols and data formats used by Windows CardSpace so as to enable others to build compatible Information Card software.
Version 1.0 of these documents corresponded to the.NET Framework [...] Read More...
|
-
I was dividing my attention between the Scrubs special on TV & Digg on my PC, when an article titled " Experts: Passwords May Not Be a Good Online Defense " caught my eye: well, couldn't agree more!:-) It turns out that the article is from the NY Times, and it's short & sweet hence there's no need for me to summarize it here: Mr. Stross manages to capture the problem pretty effectively, also thanks to some nice quotes from Kim . P.S.: I know, I know. I still owe you an RP post for completing the Zermatt intro series started with the STS and card issuance . Keep the faith, it's coming! ;-) Read More...
|
-
Well, it's almost one month since I wrote the last " useful " posts : you would not believe how incredibly busy I am on stuff I can't talk about just yet (but soon, very soon). In this quick update I am excited to report that I am going to speak at TechEd New Zealand & TechEd Australia ! As strange as it may sound, the 114 flights I've boarded since I moved to Corp (October 2005) never took me under the equatorial line; furthermore, it's since first grade that I'm told how cool it is that New Zealand is at the exact antipodes of Italy, has roughly a boot shape as well, etc... that's the farthest place from home I can travel to without leaving the planet :-) I am going to deliver 2 sessions , both in NZ and in AU: Identity & Cloud Services (Architecture track, level 300) The shift towards cloud computing is one of the major trends in today’s IT industry. As resources and assets are increasingly hosted off-premise, traditional strategies for access control and identity management are proving incapable of handling distributed scenarios and cross-boundary communication. This presentation briefly outlines how architectures relying on claims-based identity management, security tokens and open standards can address cloud computing scenarios with the same ease with which they can handle traditional ones. The identity capabilities of Biztalk Services will be featured as a concrete example of an application of the new paradigm. “Zermatt” Developer Framework: Putting Authentication Read More...
|
-
[I suggest my usual readers to skip this post altogether, you won't find anything useful here :-)] Romeo tagged me with this "How did you get started in software development?" quest. I was already feeling guilty, because given how swamped I am I knew I was not going to have time to reply to the tag: OTOH right now my main PC is unusable, since I am repaving a new HD on it, hence while the network install goes I can write this up. How old were you when you started programming? A quale età hai cominciato a programmare? I was 12. One Christmas parents & siblings joined forces and got me a Commodore16 : it was just *fantastic*. How did you get started in programming? Come hai cominciato a programmare? With the reference manual of the basic 3.5. What was your first language? Qual’è stato il tuo primo linguaggio di programmazione? Basic, the one that came with the Commodore16. What was the first real program you wrote? Qual’è stato il primo programma vero che hai scritto? Hard to define "real" here. I would say that the first program I have wrote for a purpose different than pure enjoyment was a control routine for a Siemens PLC. It was for a shop class, we had those PLC working in AWL-step5. Not very structured, but hey... certainly software! What languages have you used since you started programming? Quali linguaggi hai usato da quando hai cominciato a programmare? Ah, hard to remember them all. Already mentioned Basic and AWL-Step5. At the University it was mainly Pascal, C and Read More...
|
-
It's since April that I don't write about the book (at the time we released the entire Chapter 2 on MSDN ). Last week I received notice that 2 new reviews were published: one is from the Denver Visual Studio User Group , the other is on Paul Van Brenk's blog . Both reviews are extremely nice, for which we are very grateful; I especially like the fact that in both cases the reviewers perceived our intention to deal with the problem from an holistic point of view, regardless of our affiliation with a technology or another. Thank you guys! (update: I've just stumbled in another review I didn't know about, on (in)secure magazine issue 17 . Niiiiice). In fact, in the last months various illustrious figures mentioned our book as well: David Chappell , Drummond Reed and Francis Shanahan wrote extremely nice reviews I never mentioned here until now, while I did mention the first entries from Kim and Mike . Add that to the podcast on Perspectives , the interview on channel9 with Carlo & Caleb, the podcast on SearchWinDevelopment , the bonus chapter on codeproject , the extremely nice reviews on the Amazon US page ... and again, mentions from Neil Hutson , Alexander Strauss , Feliciano Intini , Mario Fontana , ... I am sure I am forgetting something (for which I apologize). And now that I begun to hang out at Identity conferences, I can't tell you how pleasant it is to have complete strangers zeroing on you and telling you all sorts of nice things :-) I guess I am easily recognizable Read More...
|
-
We are back! I hope you had fun with the STS tutorial I posted yesterday night ; here we move a step further and examine how to equip our STS with managed card issuance logic & UI. As anticipated, this is going to be MUCH faster. If you recall, in the last post I asked you not to delete the Default.aspx page that the new web site template created for you: we are going to put our card issuance UI there. At thsi point the visual studio project should look as follows: The only new element I added is the information card image information-card.png, which will be used as the background of the information cards we'll issue. Of course nothing prevents you to get all fancy and allowing the user to upload an image for personalization purposes, but here we want to be quick & dirty (well, at least quick ;-)). The little image is below, for your viewing pleasure. Time to add some UI. Let's open Default.aspx inn the designer and let's drag some controls. <% @ Page Language ="C#" AutoEventWireup ="true" CodeFile ="Default.aspx.cs" Inherits ="_Default" %> <! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> < html xmlns ="http://www.w3.org/1999/xhtml"> < head runat ="server"> < title > Untitled Page </ title > </ head > < body > < form id ="form1" runat ="server"> < div > Managed Card Generator < br /> < br /> Card name: < asp : TextBox ID ="txtCardname" Read More...
|
-
Just back from vacation. The tan barely started to fade, and here I am already playing with the new shiny toy :-). Did you experiment with Zermatt by now? As Kim mentions the samples (and the documentation) are an excellent way to start, and I am sure that blog posts & tutorials will soon start mushrooming here and there in the blogosphere: here I begin my humble contribution with my first technical post about Zermatt . I had *absolutely* no hesitations when deciding which scenario I should tackle first: an active STS which handles requests backed by smartcards . I received asks about from many segments (especially about eID management from governments and high authentication levels for finance) and pretty much from everywhere in the world (especially Europe and Asia): I am really delighted to finally have a chance to give you something about that scenario that you can compile in visual studio, as opposed to the usual whiteboard sketches :-) Before we dive into the code, let me disclaim the disclaimable: as usual, the code you see in this blog is just an example and is by no mean production ready code. My purpose here is to introduce you to new ideas, so I favor readability and clarity over completeness If you consider the definition of best practices as "A technique or methodology that, through experience and research, has proven to reliably lead to a desired result" , I think I can safely say that there are no established best practices yet. Sure, there are some fixed points Read More...
|
-
I am sure you already saw Kim's post about John Fontana's interview with Stuart , appeared on Network World . I like how John communicates the importance of this release, and how it positions it in the context of the broader picture. Recommended reading :) Also, the blogosphere is buzzing: if you toy with your favorite feeds or search engines, you'll find many sources chiming in or even already playing with Zermatt ... that's the spirit! See you next week ;-) Read More...
|
|
|
|