| Eron Wright さんのプロフィールLive Coderブログリスト |  ツール  ヘルプ |
Live CoderEron Wright's Blog 4月23日 Operations Manager 2007: MPUNSEAL.EXEIf you are planning to deploy and customize the great System Center Operations Manager 2007, you should study the various management packs that are available for it. Developing a management pack involves designing a health model for your application, meaning you have to define a taxonomy of entities and corresponding health states, relationships, discoveries, etc. What better way to learn how best to do this than to study the existing packs? For this, you must figure out how to unseal a .mp file. Lutz's Reflector can show you how in a hurry: an .mp file is an assembly with a single resource of type byte[]. The byte[] is a GZIP-compressed stream of Unicode characters that is the original XML document. Spend a few minutes to do this - the resultant knowledge is worth it! The second most important resource is AuthorMPs.com, which contains great information about the architecture of OpsMgr. Enjoy! 9月26日 Can Sony Convince Developers and Consumers of the PS3's Dominance?Regarding the Question of the Week posed at Gamasutra, Can Sony Convince Developers and Consumers of the PS3's Dominance?, here are my thoughts:
Nintendo and Sony have taken opposite approaches. Nintendo has set out to build, as always, a fun, inexpensive gaming appliance. Sony has set out to build a general-purpose computer, which puts them on a collision course with Windows platform itself. This lies at the heart of the matter and deserves attention.
Consider the strengths of the Windows platform. It is backed by the largest software developer in the world. It has extensive experience in
networking and is a primary contributor to Web Service standards. It has a razor-like focus on "platform-building", that is, extending Windows to every computing device on earth. It has had not inconsiderable success in doing so: from desktop, to mobile, to server, to media devices and the home theatre, and crucially to gaming devices. Virtually every product that has attempted to compete with Windows has failed (with the possible exception of Apple and Linux in specific categories).
Developer tools are a major part of the Windows platform. The all-encompassing Visual Studio is the platform for development on all devices, and it benefits from integration with hundreds of major third-party software products, and is multi-language to boot. A gaming company can hire developers from a broad range of disciplines yet they are all familiar with the same tool.
DirectX, XNA, and the .NET Framework are key advantages as well. Developers can target Windows and Xbox simultaneously using the highly-productive and mainstream .NET Framework. It is perhaps worth noting that the XNA platform can be used to assist the development of "other platform" games as well.
Let's not forget the Windows Media juggernaut, providing the DRM backbone for virtually all non-Apple media hardware today. The synergy is undeniable in subscribing to music with a third-party such as Napster, streaming the content to 360 or a media device, then sharing the music with friends, legally using DRM technology. I, for one, anticipate that the Nintendo Wii will function as a Windows Media Center Extender.
Xbox Live requires no explanation as it is a huge success. No wonder – Microsoft has extensive experience in networking and is a primary contributor to Web standards. With respect to the fact that usage is not free, it should be considered that maintaining servers for online play is difficult and expensive, and many games in the PC space have suffered for it. This is why top-tier PC games use a for-pay model. I am thrilled that for as little as $5/month I ensure that any game I buy or rent (an important and overlooked matter in my opinion) will have a good online experience. Note that free Gold subscriptions often come bundled with games as well. Finally, Microsoft recently announced that XNA and Xbox Live will support user-created content. Just as Microsoft has always done with the Windows platform, hobbyists and companies can create games for Xbox without needing expensive licenses and tooling.
This is the framework for understanding the Sony/Microsoft conflict. Can Sony create a compelling alternative universe to Windows? To what extent will Sony integrate with the Windows platform?
9月11日 TAPI Programming LinksHere are some links to Windows Telephony API (TAPI) programming information. I am dumping these here because I am cleaning a drive in preparation for Vista RC1.
Andreas Marschall's TAPI and TSPI FAQ, IVR Application (MS TAPI 2.X) Source Code, unofficial TAPI FAQ, Sample Code and Tools, TAPI 2.x to TAPI 3.x Cross-Reference, TAPI 3.1 (MSDN), KB: TAPI functionality is not supported from managed code, To Learn About the Voice Modem Extensions for Windows 95, Press 1 Now!, vbCity-DevCity.NET Forums VOSP Code Bank TAPI 3.0, Answering Machine sample
Hope this helps
7月28日 ADFS Email ClaimsADFS supports three types of claims: identity claims, group claims, and custom claims. With respect to identity claims, three types of identifiers are supported: User Principal Name (UPN), Email Name, and Common Name.
For a given account partner, only one type of identifier can be enabled. The Email Identity Claim has an interesting limitation in that you must confine the mapping to specific email domain suffixes. UPN has a similar limitation, but this is less onerous because the account partner typically has control over the UPN suffix. So UPN is typically the primary identity claim.
How should email addresses be handled when UPN is used as the identity claim? The documentation suggests that they be treated as simple custom claims. With some effort, however, it is possible to treat email as a second identity claim - at least by the time it reaches the resource - without defining specific domain suffixes. Here's how:
The basic technique is to take advantage of the fact that ADFS converts any custom claim with the name 'EmailAddress' to an email claim. The conversion routine actually occurs twice: once when incoming claims are mapped to organization claims ("pre-transform stage"), and again when organization claims are mapped to outgoing or resource claims ("post-transform stage"). The effect is that if the account partner provides a custom claim with the name 'EmailAddress' then the 'pre' conversion - with email filter - will be applied. To avoid the filter, the account partner must provide a custom claim with a name other than 'EmailAddress'. Map that claim to an organization claim with the name 'EmailAddress', and the 'post-transform' conversion will instead take place with no filter. Voila, your claims-enabled application will see an 'EmailName' identity claim!
Guess what? This technique breaks when you use transform modules. ADFS will report an error to the effect of: "Argument 'name' cannot equal EmailAddress if type equals WebSsoClaimType.Custom". The fix unfortunately impacts your account partners: the partner must provide the email as a true email identity claim ('EmailAddress'), and your transform module must manually propagate the claim from the incoming collection to the corporate collection. You can then enable the 'E-mail' identity claim for applications that should receive the email address.
Hope this helps! 6月6日 IIS and SSL CertificatesI was working on a project involving multiple websites using SSL. I needed to set up two websites in a single IIS instance and generate corresponding test certificates. The standard tool to generate test certificates is SelfSSL but it contains a bug wherein only the last test certificate is useable. There is, however, a fixed version in the IIS Diagnostics Tools.
To generate test SSL certificates, follow these steps:
It is a little-known fact that, starting with Windows Server 2003 SP1, IIS +can+ use host headers in an SSL scenario. The limitation is that the IIS snap-in does not support it, so a metabase edit is necessary. Here are the instructions.
Hope this helps! 5月31日 Microsoft Motion 'Lite'Microsoft posted an article regarding the self-help edition of the Microsoft Motion methodology called 'Motion Lite'.
I love Motion, at least aethetically so far; I have the reference map printed on my wall.
 5月30日 Identity Federation with ADFS: Part 1I have identity federation fever. For a recent partner integration project, we decided to use WS-Federation to enable web single sign-on across two applications on separate domains. This has taken me on a whirl-wind tour of products and technologies, as well as some serious coding in the end.
Identity Federation is becoming a hot feature for web applications. Salesforce.com now supports federation, such that your corporate network credentials can be used to access the applications. Boeing, for another example, is federating its employee accounts to dozens of applications. I have personally yearned for Passport/Live ID integration for years, and this is an enabler for that too. Ws-Federation ProductsI identified numerous products that seem to support WS-Federation.
WS-Federation and Passport (aka Windows Live ID)It is public knowledge that Live ID will support WS-Federation. It will no doubt plug in seamlessly into ADFS (or other federation server) as an account partner, such that your claims-enabled application can use Live ID accounts with ease. This has long been envisioned by Microsoft; see this "Network of Trust" article. ADFS and Account Stores (Active Directory)ADFS, acting as a resource server, can be useful without the involvement of Active Directory. But let's face it, you are likely porting an application with legacy accounts, so you must also act as an account partner to your own application. How to best hook your assumedly database-backed accounts into ADFS? You have at least four options. One, migrate your accounts into AD or ADAM. Two, use a product such as Microsoft Identity Integration Server to synchronize the accounts with AD. Three, implement WS-Federation directly. Four, buy a federation product with good support for database-backed credentials. I chose the third option, which I will discuss below. ADFS DevelopmentTo implement WS-Federation to act as an account server, I located a great piece of sample code from the Microsoft Patterns & Practices group. The SAML STS for WSE 3.0 QuickStart sample provides much of the code needed to generate and sign a SAML 1.1 token, which is the most substantial aspect of implementing WS-Federation. The missing ingredient in the QuickStart is support for WS-Federation Passive Profile, which in essence consists of an HTTP handler, some user/roles lookup code, and some federation-specific claims code. This code was surprisingly easy to write. Achieving interop with ADFS was, on the other hand, a bit of a nightmare. ADFS simply rejected my SAML token with a vague validation error. By instrumenting and debugging the ADFS server library (using this great technique) I identified the four problems that were behind it:
Of course, whenever developing with ADFS be sure to enable the myriad of debug flags in the snap-in, in the server's web.config, and perhaps in the registry as documented in the troubleshooting guide. I whoteheartedly recommend experimenting using the ADFS Virtual Lab, then subsequently using Virtual Server on your workstation (complete with undo disks) to develop an ADFS solution. ADFS ProfileHere is some facts I know about ADFS, after long hours of debugging. More interop knowledge can be obtained by examining the Shibboleth source code and notes. With respect to SAML attribute statements, ADFS supports a single namespace to carry the group and custom claims:
The SAML authentication statement supports the following identifier formats:
Note that ADFS requires a suffix to be present on a given UPN (userid@adatum.com, for example). The suffix must be listed in the configuration for the given account partner.
ADFS does not support the SAML SubjectLocality clause, and will reject the token with a validation error.
With respect to XML signatures, ADFS supports two types of key identifiers:
Note that security token references are not supported.
ADFS in the FutureADFS is a maturing component of Windows Server. Today it supports only the WS-Federation Passive Requestor Profile, which allows browsers to support single sign-on. Future versions will support the Active Client Profile, which allows web services to support impersonation of federated identities. Longhorn appears to be taking it further yet (beyond Active Directory perhaps):
Hope this information helps! 4月20日 Microsoft Motion Framework - Further ReadingAs I mentioned in a previous post, Motion is an exciting new methodology for understanding your business and taking advantage of SOA. Note that I have updated the links in that post.
Numerous "Motion" articles and presentations refer to the book "Reengineering the Corporation" as "an essential basis to understanding more about Motion and Business Capabilities" (Matt Deacon's blog). I quickly purchased the audio version of the book at audible.com. I will post a review shortly.
I am truly struck at how rapidly the "Motion" initiative is surfacing in journals, conferences, and the like. This is going to be big! 4月18日 Microsoft Architect Insight ConferenceCheck out the fabulous presentations from the Microsoft Architect Insight Conference, covering such topics as Microsoft Motion Framework, Domain-Specific Languages, Microsoft Solutions Framework, SOA, and security best practices. 4月9日 Microsoft Motion Framework - Introducing Business CapabilitiesA revolution in enterprise architecture is underway. Check out the new Microsoft Motion Framework - a stunning new methodology for building business solutions that can be more easily described, take better advantage of infrastructure, and use service-orientation.
Watch the channel9 video - Microsoft gets down to business with Motion initiative - and marvel at business capability maps. As Ric Merrifield explains, a map of business capabilities - the "what" rather than the "how" - can inform business acquisitions and mergers, better describe your IT requirements, and empower service-orientation. Additional interviews with Ric are here and here.
Read the article - A Business-Oriented Foundation for Service Orientation - which then discusses how to build a map. The modeling process is also described in this presentation from the Microsoft Architect Insight Conference, and in the article Service-Oriented Modeling for Connected Systems in The Architecture Journal - Issue 7. Update: Part 2 is now online.
The rabbit hole continues with the complementary notion of Infrastructure Capabilties. It describes how business capabilties can, as Ric suggests, be mapped to infrastructure capabilties. The interesting Windows Server System Reference Architecture is also mentioned.
Ric's map bears such a wonderful resemblance to the Team System Distributed System Designers. I can only hope that the VS platform will in the future support business capability mapping. In the meantime I would love a chance to employ the Microsoft Services team!
Update: Oddur provides more details in this blog post - note the comment regarding the availability of docs. The Architecture Journal has a related article called Service-Oriented Business Intelligence.
4月7日 Windows Live Custom Domains + Live SpacesLive Custom Domains provides free hosted e-mail accounts for domain name owners.
Custom Domains is a key enabler for not only Live Mail but Live Spaces as well. I asked the CD team when support for Live Spaces will be available. The response:
I hope it will operate at a host level, such that a single domain can serve multiple applications (one of which being Spaces). 4月2日 HowTo: Change Your Passport Email AddressOnce thought impossible, you can indeed change your Passport email address! Use
the MSN Account Services,
Credentials section. Your MSN contacts will be preserved. 3月29日 Windows Media: Microsoft Will WinI have often said that Microsoft tends to 'win' everywhere it extends the Windows platform. Microsoft has a razor-like focus on platform-building through developer relations, partner relations, file formats, and APIs. Consequently it has had considerable success in extending the Windows platform everywhere from desktop to server, mobile, media, gaming, software tools, and web services (aka Live).
I believe that Microsoft has already won the media wars and will win the gaming wars. Here's why:
The true platform for media is the file format itself, especially given the lock-in that occurs with digital rights-protected content. If you survey the media landscape today, you find that virtually all portable hardware makers, music stores, and digital home theatre makers are using Windows Media format. This creates an ecosystem of compatible hardware and software, such that whether I buy music at Walmart.com, use a subscription service, use podcast software, buy a portable music player, or stream protected content to my home theatre (using an Xbox 360 or another media extender), I know that it will "work together". This constitutes an army of companies, from Walmart to Panasonic to Linksys to Creative, that are promoting the Windows Media platform.
For example, I subscribe to Napster ($10/month), which lets me download virtually any album for free. The content is protected, meaning that I can't copy it and that it will expire if my subscription is cancelled. Nonetheless, my Xbox 360 can connect to my computer (where the media is located) and play those albums while I'm playing a video game. Will the Playstation 3 connect to my Windows PC and be able to stream protected content?
This is a great example of how a focus on platform can beat even popular products (in this case iPod and Playstation) in the long run.
3月22日 RSS content negotiation and the HTTP Accept headerHave any discussions occurred at MIX06 regarding the problem of RSS content negotiation or reader capabilities? If not, would someone make some noise for me?
RSS feed implementors face tough choices regarding which modules to use in a given feed. It is unrealistic that all clients support, say, RSS 2.0 with Yahoo media module. It is tempting to overload the feed with numerous alternative formats (say, iTunes) but this is clearly sub-optimal and not general-purpose.
A common solution is to vary by User-Agent as does FeedBurner. However, varying the response by user-agent has caused years of pain in the world of HTML and leads to heinous browsercaps files. Worse, it limits the effectiveness of downstream caches, and as a huge Akamai fan I must protest.
HTTP 1.1 supports two forms of content negotation which could assist the RSS community: server-driven negotiation (Accept and Vary) and client-driven negotation ("300 - Multiple Choices"). A proposal for each might need to be made.
It is interesting to note that the Vary header is most effective when the target header has a small set of possible values. User-Agent is thus a bad candidate.
I posted my proposal for server-driven negotiation of RSS content on rss-extensions.org. How to best advance this proposal? Suggestions welcome!
3月21日 RSS Basic Profile ProposalThis is a plea for the community to develop an RSS Basic Profile - a set of modules and practices to ensure basic compatibility.
Interoperability is tough with RSS today, due in part to a multitude of RSS variants, datetime issues, content-encoding issues, and so on. We must develop a set of profiles to facilitate common scenarios such as reading, aggregation, and synchronization.
I believe that the Basic Profile should include RSS 2.0, dc:created, content:encoded, and the Simple List Extensions.
The RSS Advisory Board has a wiki with a skeleton implementation.
Here is a guide to profile development from the W3C.
|
|
|||||||||||||||||||||||||||||||||||||
|
|
