| Eron Wright's profileLive CoderBlogLists |  Tools  Help |
|
April 23 Operations Manager 2007: MPUNSEAL.EXEIf you are planning to deploy and customize the great System Center Operations Manager 2007, you should study the various management packs that are available for it. Developing a management pack involves designing a health model for your application, meaning you have to define a taxonomy of entities and corresponding health states, relationships, discoveries, etc. What better way to learn how best to do this than to study the existing packs? For this, you must figure out how to unseal a .mp file. Lutz's Reflector can show you how in a hurry: an .mp file is an assembly with a single resource of type byte[]. The byte[] is a GZIP-compressed stream of Unicode characters that is the original XML document. Spend a few minutes to do this - the resultant knowledge is worth it! The second most important resource is AuthorMPs.com, which contains great information about the architecture of OpsMgr. Enjoy! September 26 Can Sony Convince Developers and Consumers of the PS3's Dominance?Regarding the Question of the Week posed at Gamasutra, Can Sony Convince Developers and Consumers of the PS3's Dominance?, here are my thoughts:
Nintendo and Sony have taken opposite approaches. Nintendo has set out to build, as always, a fun, inexpensive gaming appliance. Sony has set out to build a general-purpose computer, which puts them on a collision course with Windows platform itself. This lies at the heart of the matter and deserves attention.
Consider the strengths of the Windows platform. It is backed by the largest software developer in the world. It has extensive experience in
networking and is a primary contributor to Web Service standards. It has a razor-like focus on "platform-building", that is, extending Windows to every computing device on earth. It has had not inconsiderable success in doing so: from desktop, to mobile, to server, to media devices and the home theatre, and crucially to gaming devices. Virtually every product that has attempted to compete with Windows has failed (with the possible exception of Apple and Linux in specific categories).
Developer tools are a major part of the Windows platform. The all-encompassing Visual Studio is the platform for development on all devices, and it benefits from integration with hundreds of major third-party software products, and is multi-language to boot. A gaming company can hire developers from a broad range of disciplines yet they are all familiar with the same tool.
DirectX, XNA, and the .NET Framework are key advantages as well. Developers can target Windows and Xbox simultaneously using the highly-productive and mainstream .NET Framework. It is perhaps worth noting that the XNA platform can be used to assist the development of "other platform" games as well.
Let's not forget the Windows Media juggernaut, providing the DRM backbone for virtually all non-Apple media hardware today. The synergy is undeniable in subscribing to music with a third-party such as Napster, streaming the content to 360 or a media device, then sharing the music with friends, legally using DRM technology. I, for one, anticipate that the Nintendo Wii will function as a Windows Media Center Extender.
Xbox Live requires no explanation as it is a huge success. No wonder – Microsoft has extensive experience in networking and is a primary contributor to Web standards. With respect to the fact that usage is not free, it should be considered that maintaining servers for online play is difficult and expensive, and many games in the PC space have suffered for it. This is why top-tier PC games use a for-pay model. I am thrilled that for as little as $5/month I ensure that any game I buy or rent (an important and overlooked matter in my opinion) will have a good online experience. Note that free Gold subscriptions often come bundled with games as well. Finally, Microsoft recently announced that XNA and Xbox Live will support user-created content. Just as Microsoft has always done with the Windows platform, hobbyists and companies can create games for Xbox without needing expensive licenses and tooling.
This is the framework for understanding the Sony/Microsoft conflict. Can Sony create a compelling alternative universe to Windows? To what extent will Sony integrate with the Windows platform?
September 11 TAPI Programming LinksHere are some links to Windows Telephony API (TAPI) programming information. I am dumping these here because I am cleaning a drive in preparation for Vista RC1.
Andreas Marschall's TAPI and TSPI FAQ, IVR Application (MS TAPI 2.X) Source Code, unofficial TAPI FAQ, Sample Code and Tools, TAPI 2.x to TAPI 3.x Cross-Reference, TAPI 3.1 (MSDN), KB: TAPI functionality is not supported from managed code, To Learn About the Voice Modem Extensions for Windows 95, Press 1 Now!, vbCity-DevCity.NET Forums VOSP Code Bank TAPI 3.0, Answering Machine sample
Hope this helps
July 28 ADFS Email ClaimsADFS supports three types of claims: identity claims, group claims, and custom claims. With respect to identity claims, three types of identifiers are supported: User Principal Name (UPN), Email Name, and Common Name.
For a given account partner, only one type of identifier can be enabled. The Email Identity Claim has an interesting limitation in that you must confine the mapping to specific email domain suffixes. UPN has a similar limitation, but this is less onerous because the account partner typically has control over the UPN suffix. So UPN is typically the primary identity claim.
How should email addresses be handled when UPN is used as the identity claim? The documentation suggests that they be treated as simple custom claims. With some effort, however, it is possible to treat email as a second identity claim - at least by the time it reaches the resource - without defining specific domain suffixes. Here's how:
The basic technique is to take advantage of the fact that ADFS converts any custom claim with the name 'EmailAddress' to an email claim. The conversion routine actually occurs twice: once when incoming claims are mapped to organization claims ("pre-transform stage"), and again when organization claims are mapped to outgoing or resource claims ("post-transform stage"). The effect is that if the account partner provides a custom claim with the name 'EmailAddress' then the 'pre' conversion - with email filter - will be applied. To avoid the filter, the account partner must provide a custom claim with a name other than 'EmailAddress'. Map that claim to an organization claim with the name 'EmailAddress', and the 'post-transform' conversion will instead take place with no filter. Voila, your claims-enabled application will see an 'EmailName' identity claim!
Guess what? This technique breaks when you use transform modules. ADFS will report an error to the effect of: "Argument 'name' cannot equal EmailAddress if type equals WebSsoClaimType.Custom". The fix unfortunately impacts your account partners: the partner must provide the email as a true email identity claim ('EmailAddress'), and your transform module must manually propagate the claim from the incoming collection to the corporate collection. You can then enable the 'E-mail' identity claim for applications that should receive the email address.
Hope this helps! June 06 IIS and SSL CertificatesI was working on a project involving multiple websites using SSL. I needed to set up two websites in a single IIS instance and generate corresponding test certificates. The standard tool to generate test certificates is SelfSSL but it contains a bug wherein only the last test certificate is useable. There is, however, a fixed version in the IIS Diagnostics Tools.
To generate test SSL certificates, follow these steps:
It is a little-known fact that, starting with Windows Server 2003 SP1, IIS +can+ use host headers in an SSL scenario. The limitation is that the IIS snap-in does not support it, so a metabase edit is necessary. Here are the instructions.
Hope this helps! May 31 Microsoft Motion 'Lite'Microsoft posted an article regarding the self-help edition of the Microsoft Motion methodology called 'Motion Lite'.
I love Motion, at least aethetically so far; I have the reference map printed on my wall.
 May 30 Identity Federation with ADFS: Part 1I have identity federation fever. For a recent partner integration project, we decided to use WS-Federation to enable web single sign-on across two applications on separate domains. This has taken me on a whirl-wind tour of products and technologies, as well as some serious coding in the end.
Identity Federation is becoming a hot feature for web applications. Salesforce.com now supports federation, such that your corporate network credentials can be used to access the applications. Boeing, for another example, is federating its employee accounts to dozens of applications. I have personally yearned for Passport/Live ID integration for years, and this is an enabler for that too. Ws-Federation ProductsI identified numerous products that seem to support WS-Federation.
WS-Federation and Passport (aka Windows Live ID)It is public knowledge that Live ID will support WS-Federation. It will no doubt plug in seamlessly into ADFS (or other federation server) as an account partner, such that your claims-enabled application can use Live ID accounts with ease. This has long been envisioned by Microsoft; see this "Network of Trust" article. ADFS and Account Stores (Active Directory)ADFS, acting as a resource server, can be useful without the involvement of Active Directory. But let's face it, you are likely porting an application with legacy accounts, so you must also act as an account partner to your own application. How to best hook your assumedly database-backed accounts into ADFS? You have at least four options. One, migrate your accounts into AD or ADAM. Two, use a product such as Microsoft Identity Integration Server to synchronize the accounts with AD. Three, implement WS-Federation directly. Four, buy a federation product with good support for database-backed credentials. I chose the third option, which I will discuss below. ADFS DevelopmentTo implement WS-Federation to act as an account server, I located a great piece of sample code from the Microsoft Patterns & Practices group. The SAML STS for WSE 3.0 QuickStart sample provides much of the code needed to generate and sign a SAML 1.1 token, which is the most substantial aspect of implementing WS-Federation. The missing ingredient in the QuickStart is support for WS-Federation Passive Profile, which in essence consists of an HTTP handler, some user/roles lookup code, and some federation-specific claims code. This code was surprisingly easy to write. Achieving interop with ADFS was, on the other hand, a bit of a nightmare. ADFS simply rejected my SAML token with a vague validation error. By instrumenting and debugging the ADFS server library (using this great technique) I identified the four problems that were behind it:
Of course, whenever developing with ADFS be sure to enable the myriad of debug flags in the snap-in, in the server's web.config, and perhaps in the registry as documented in the troubleshooting guide. I whoteheartedly recommend experimenting using the ADFS Virtual Lab, then subsequently using Virtual Server on your workstation (complete with undo disks) to develop an ADFS solution. ADFS ProfileHere is some facts I know about ADFS, after long hours of debugging. More interop knowledge can be obtained by examining the Shibboleth source code and notes. With respect to SAML attribute statements, ADFS supports a single namespace to carry the group and custom claims:
The SAML authentication statement supports the following identifier formats:
Note that ADFS requires a suffix to be present on a given UPN (userid@adatum.com, for example). The suffix must be listed in the configuration for the given account partner.
ADFS does not support the SAML SubjectLocality clause, and will reject the token with a validation error.
With respect to XML signatures, ADFS supports two types of key identifiers:
Note that security token references are not supported.
ADFS in the FutureADFS is a maturing component of Windows Server. Today it supports only the WS-Federation Passive Requestor Profile, which allows browsers to support single sign-on. Future versions will support the Active Client Profile, which allows web services to support impersonation of federated identities. Longhorn appears to be taking it further yet (beyond Active Directory perhaps):
Hope this information helps! April 20 Microsoft Motion Framework - Further ReadingAs I mentioned in a previous post, Motion is an exciting new methodology for understanding your business and taking advantage of SOA. Note that I have updated the links in that post.
Numerous "Motion" articles and presentations refer to the book "Reengineering the Corporation" as "an essential basis to understanding more about Motion and Business Capabilities" (Matt Deacon's blog). I quickly purchased the audio version of the book at audible.com. I will post a review shortly.
I am truly struck at how rapidly the "Motion" initiative is surfacing in journals, conferences, and the like. This is going to be big! April 18 Microsoft Architect Insight ConferenceCheck out the fabulous presentations from the Microsoft Architect Insight Conference, covering such topics as Microsoft Motion Framework, Domain-Specific Languages, Microsoft Solutions Framework, SOA, and security best practices. April 09 Microsoft Motion Framework - Introducing Business CapabilitiesA revolution in enterprise architecture is underway. Check out the new Microsoft Motion Framework - a stunning new methodology for building business solutions that can be more easily described, take better advantage of infrastructure, and use service-orientation.
Watch the channel9 video - Microsoft gets down to business with Motion initiative - and marvel at business capability maps. As Ric Merrifield explains, a map of business capabilities - the "what" rather than the "how" - can inform business acquisitions and mergers, better describe your IT requirements, and empower service-orientation. Additional interviews with Ric are here and here.
Read the article - A Business-Oriented Foundation for Service Orientation - which then discusses how to build a map. The modeling process is also described in this presentation from the Microsoft Architect Insight Conference, and in the article Service-Oriented Modeling for Connected Systems in The Architecture Journal - Issue 7. Update: Part 2 is now online.
The rabbit hole continues with the complementary notion of Infrastructure Capabilties. It describes how business capabilties can, as Ric suggests, be mapped to infrastructure capabilties. The interesting Windows Server System Reference Architecture is also mentioned.
Ric's map bears such a wonderful resemblance to the Team System Distributed System Designers. I can only hope that the VS platform will in the future support business capability mapping. In the meantime I would love a chance to employ the Microsoft Services team!
Update: Oddur provides more details in this blog post - note the comment regarding the availability of docs. The Architecture Journal has a related article called Service-Oriented Business Intelligence.
April 07 Windows Live Custom Domains + Live SpacesLive Custom Domains provides free hosted e-mail accounts for domain name owners.
Custom Domains is a key enabler for not only Live Mail but Live Spaces as well. I asked the CD team when support for Live Spaces will be available. The response:
I hope it will operate at a host level, such that a single domain can serve multiple applications (one of which being Spaces). April 02 HowTo: Change Your Passport Email AddressOnce thought impossible, you can indeed change your Passport email address! Use
the MSN Account Services,
Credentials section. Your MSN contacts will be preserved. March 29 Windows Media: Microsoft Will WinI have often said that Microsoft tends to 'win' everywhere it extends the Windows platform. Microsoft has a razor-like focus on platform-building through developer relations, partner relations, file formats, and APIs. Consequently it has had considerable success in extending the Windows platform everywhere from desktop to server, mobile, media, gaming, software tools, and web services (aka Live).
I believe that Microsoft has already won the media wars and will win the gaming wars. Here's why:
The true platform for media is the file format itself, especially given the lock-in that occurs with digital rights-protected content. If you survey the media landscape today, you find that virtually all portable hardware makers, music stores, and digital home theatre makers are using Windows Media format. This creates an ecosystem of compatible hardware and software, such that whether I buy music at Walmart.com, use a subscription service, use podcast software, buy a portable music player, or stream protected content to my home theatre (using an Xbox 360 or another media extender), I know that it will "work together". This constitutes an army of companies, from Walmart to Panasonic to Linksys to Creative, that are promoting the Windows Media platform.
For example, I subscribe to Napster ($10/month), which lets me download virtually any album for free. The content is protected, meaning that I can't copy it and that it will expire if my subscription is cancelled. Nonetheless, my Xbox 360 can connect to my computer (where the media is located) and play those albums while I'm playing a video game. Will the Playstation 3 connect to my Windows PC and be able to stream protected content?
This is a great example of how a focus on platform can beat even popular products (in this case iPod and Playstation) in the long run.
March 22 RSS content negotiation and the HTTP Accept headerHave any discussions occurred at MIX06 regarding the problem of RSS content negotiation or reader capabilities? If not, would someone make some noise for me?
RSS feed implementors face tough choices regarding which modules to use in a given feed. It is unrealistic that all clients support, say, RSS 2.0 with Yahoo media module. It is tempting to overload the feed with numerous alternative formats (say, iTunes) but this is clearly sub-optimal and not general-purpose.
A common solution is to vary by User-Agent as does FeedBurner. However, varying the response by user-agent has caused years of pain in the world of HTML and leads to heinous browsercaps files. Worse, it limits the effectiveness of downstream caches, and as a huge Akamai fan I must protest.
HTTP 1.1 supports two forms of content negotation which could assist the RSS community: server-driven negotiation (Accept and Vary) and client-driven negotation ("300 - Multiple Choices"). A proposal for each might need to be made.
It is interesting to note that the Vary header is most effective when the target header has a small set of possible values. User-Agent is thus a bad candidate.
I posted my proposal for server-driven negotiation of RSS content on rss-extensions.org. How to best advance this proposal? Suggestions welcome!
March 21 RSS Basic Profile ProposalThis is a plea for the community to develop an RSS Basic Profile - a set of modules and practices to ensure basic compatibility.
Interoperability is tough with RSS today, due in part to a multitude of RSS variants, datetime issues, content-encoding issues, and so on. We must develop a set of profiles to facilitate common scenarios such as reading, aggregation, and synchronization.
I believe that the Basic Profile should include RSS 2.0, dc:created, content:encoded, and the Simple List Extensions.
The RSS Advisory Board has a wiki with a skeleton implementation.
Here is a guide to profile development from the W3C.
Talking about microformats and WinFSI have been addressing the problem of large schemas using modularization. That is, I decompose the schema into independently useful modules. I then combine a specific subset of those modules with common RSS modules (such as Media RSS) to form a profile.
XHTML 1.0, for example, was modularized to address the varying capabilities of devices. It was decomposed into such modules as Core Module, Tables Module, Forms Module, and Image Module. Profiles include XHTML-Basic, XHTML-Print, and WICD-Mobile. The WS-I Basic Profile is another good example of a profile. The W3 has some good suggestions on profile development.
It is important to note that numerous modules can target the same namespace. This could suggest a semantic difference between RSS module and microformat. Quote microformats and WinFS Windows Live Expo: no bulk upload for nowMy company operates a large community of real estate professionals, we help maximize the promotional value of their listings on the web thru content syndication. I got really excited when Expo was announced, figuring that we would syndicate our members' listings to it. I contacted a PM within the team to explore the issues, and am sad to report that Expo does not plan on releasing a bulk API at this time. They are focusing on "community content as opposed to commercial content". Given that a leading concern for realtors is duplicate entry of data, I doubt that the housing category will see much action until that policy changes. It is interesting nonetheless to consider what would theoretically be required to syndicate listings to Expo. Consider that Expo exposes a rich communications UI, notably IM integration, Alerts for seller feedback, and a private message center. Consequently, each individual listing must be associated with a Passport account. On one hand, a bulk upload could use a single Passport account for all listings, but the communications stuff would break. On the other hand, each realtor could associate a Passport with his/her account such that the listings were tagged accordingly. The latter solution represents a form of impersonation; the Expo server must trust my server to impersonate the realtor and post listings on his/her behalf. It's an interesting problem that might best be solved with a user interface, similar to Alerts, that compels the realtor to configure Expo to accept listings from my servers. Reasons to Love Windows Live: Part 1Windows Live is an exciting new Web 2.0 platform from Microsoft, offering literally dozens of software components for use in web applications.
The list of Live platform services is growing by the day, but here is a quick survey of my favorite APIs:
Windows Live ID: The evolution of Passport, Live ID provides shared identity and SSO for web applications. Rather than compelling your users to create yet another account, allow the use of a pre-existing Passport account and reap the benefits since ID appears to be a prerequisite to most other services. Advanced issues include federation (non-Passport credentials), impersonation (server-to-server trust in performing actions on behalf of a Passport account, such as bulk postings to Expo), and the use of Passport in blog commentary.
Windows Live Contacts: The Unified Contact List stores public contact information, a roster of friends, and ACLs for web resources. Live Contacts is the evolution of the MSN ABCH service and can enable such scenarios as:
Windows Live Alerts: Alerts provides a multi-modal communication service spanning email, IM, and SMS. The hard reality is that commercial email, even to legitimate subscribers, is unreliable. With Alerts, your site can now reliably communicate with its members (think about it: Microsoft sends the email!). Unique to Alerts is presence information (Online, Away, Mobile, Offline, etc) which intelligently routes the message to ensure that members get it when/where they need it.
Windows Live Messenger: The platform for real-time communications, including the sexy Activity API. An application hosted as an activity can benefit from the Messenger communication stack, making short work of building interactive, chat-like applications.
MSN Spaces: A blogging platform which nowadays every solution must bundle. Supports MetaWeblog API for automated posting, which begins to frame Spaces as a platform piece.
Windows Live Storage: A hosted storage network for media, documents, etc. Used in conjunction with Spaces.
Windows Live Favorites: Specialized storage for links with built-in IE UI. To the extent an API surfaces is the extent to which it is a platform piece.
Microsoft Gadgets: A sophisticated API for, among other things, RSS behaviors (similar to DHTML behaviors) to augment user interfaces that involve feeds. Current or planned hosts for Gadgets include live.com, IE7, the Vista Sidebar, and I assume Spaces.
Windows Live Clipboard: The 'hello world' of application interop, the shared clipboard. The specification is here. Indicative of things to come.
It is worth mentioning that Windows Live is but one part of the broader Live platform including Office Live and Xbox Live.
In addition to platform services, Microsoft is rolling out a set of premiere applications such as MSN Spaces, Live Expo, Live Messenger, a revamped Xbox Live, and Office Live products. Some things are clearly both platform pieces and end-user products, meaning that they can be used as both a canned product and as a component of a Web 2.0 solution.
Software developers who care about emerging trends should pay close attention to Windows Live. Microsoft's core competence is in platform development - the art of building infrastructure that allow applications and sites to interoperate. Such infrastructure is much needed in the Web 2.0 world, where content syndication and mashups are intensifying the need for common user identities, common contact lists, common favorites, common storage, and advanced communications.
February 23 Simple List Extensions: the nuances of RSS feeds and listsMicrosoft recently announced an extension to RSS 2.0 called Simple List Extensions. It helps clarify a long-standing confusion surrounding RSS feeds: some feeds are lists.
The emerging world-view is this: an RSS collection can be a feed or a list. A list is a complete list of some information items, like a music list or a list of homes for sale. Lists grow and shrink over time. A feed is chronological log of changes to some list. The feed doesn't contain the data item itself, but likely contains a human description of some change made to an item. A feed might announce the listing and subsequent sale of a home (two events over a single data item). Feeds and lists are typically complimentary.
An interesting aspect of this model is the issue of data formats. A list is likely to be highly structured, leveraging RSS 2.0 modules such as the geo extensions, the media extensions, enclosures, and so on. Exchanging a list with a partner is likely to be technically challenging given the need for deep structure. A feed, on the other hand, remains a conventional log of descriptive text (the associated list is linked or implied). The set of partners for exchanging such information is significantly different.
As organizations attempt to use RSS feeds for marketing, branding, and data syndication purposes, an awareness of these concepts can make a big difference. Services like EdgeIO (which scrapes classified ads from blogs) will have to tackle this issue sooner than most. Hopefully they pay attention to the Simple List Extensions.
September 22 LINQ powered: transparent query caching and optimizationCheck out the Query Comprehensions section of the Visual Basic 9.0 Overview in the VB LINQ Preview download. It suggests a whole new means for optimizing and potentially caching query results using extension methods.
Interesting. I am not sure if this implies that the order of 'using' statements is significant, which is probably a deal breaker. DLINQ must expose hooks to allow optimizers to get involved.
|
|
|
