Thursday, April 30, 2009

openinfocard new version

I just uploaded a new version of the openinfocard selector to http://code.google.com/p/openinfocard/downloads/list.
Please give it a try.

The changes are mainly internal but huge and important. After over a year of despair caused by several java plugin2 hiccups and a lingering "stale reference to a java vm"-error I think that I now have improved the code so that development of new features makes much more sense then before. I had the feeling that SUN and Mozilla are pulling away the ground under my feet, but now I think this period is over.

Some improvements are "visible" when you try the selector with "complicated" IdP's. I improved the metadata parsing through hefty use of E4X. The OSIS endpoints do not fall into this category but if you test this openinfocard version e.g. with a Geneva server you might see what I mean. We have set up Geneva servers in our lab and openinfocard immediately failed. I fixed this; although I am sure that there are WS-* variants that still cause the selector to flip.
BTW: By fixing some of these faults I "improved" the internal cardstore format. This causes old cardstores to become unusable. Sorry, please remove the cards from your current cardstore and reimport them. There is no automatic conversion...

Jave6 u12 or newer is now a requirement. I have only tested it on Windows XP SP3 32bit but I am quite confident that this selector runs everywhere where Firefox 3 and java6 is available.

Next steps:
- code cleanup. Throw away now unused code.
- XRDS support for X-XRDS-Location meta tag (nearly ready)
- phone selector integration

Friday, April 24, 2009

user-agent pollution .NET CLR 3.5.30729

Don't know when this started but currently the Firefox user-agent string is polluted by new a new addition "(.NET CLR 3.5.30729)".

Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 (.NET CLR 3.5.30729)

Maybe the new add-on "Microsoft .NET Framework Assistant" is to blame.

But although I disabled it the user-agent string was not reverted to normal.

Who gave Microsoft the right to blurt about the fact that .NET3.5 is installed on my computer?! Well, others are not better: If the Azigo Selector is installed then it adds itself to the user-agent string too.

Maybe SUN should add the installed Java version and whether OpenOffice is installed, and Adobe the installed Acrobat Reader version and the Flash version, and Apple the Quicktime and iTunes version and ...

Wednesday, April 22, 2009

Oracle Identitymanagement 20% off

the book price as seen in the RSA conference bookstore today.

I am sure this has nothing to do with the current aquisition of opensso by Oracle from SUN, or has it?!

Another book of probably only historical value:
contains everything about the past of identitymanagement and authentication on Unix and Windows systems but nothing that is newer than - let's say - three years. What is that good for? A door stopper or a lesson in what does not scale and is inflexible?!

Tuesday, April 21, 2009

Kantara, Standards, Open Source Projects

Please pardon the crude title of this post...

On Monday, April 20, 2009 the Kantara Initiative (the server is currently down...) was launched. Although I subscribe to the goals of the initiative I still know too little to make a reasonable decision about it. My feeling is that it is too big. While it certainly helps to have an organisation and most of the legal (IPR, bylaws, etc) stuff is already handled for a new Kantara working group e.g. openFOO/BAR/BAZ I fear that the influence of the big companies might be unhealthy for openFOO. Sure it helps to have supports from experts in e.g. protocol design and standardization to make the openFOO protocol consistent, sound, complete, modular and extensible and everything a protocol or data format should be; but Liberty Alliance, Microsoft, IBM and the other big companies have a tendency to create complex beasts that the normal open source project can not tame.

If some enthusiasts come together, join forces to solve a problem and to make the Internet "suck less" then the outcome is sometimes simple, not modular, not extensible or whatnot but if it solves the problem, well...

A counter example: Yesterday I awoke a 1am (jet lag) and tried the openinfocard selector "against" an IdP that is based on Microsoft Geneva. I imported the Information Card that was issued by that server and boom: openinfocard could not handle it. So I fixed this small problem. (Although this fix will lead to a changed internal format of the openinfocard cardstore and will break existing cardstores. Hm. Sorry). Now I try to use the card and boom: the retrieved WS-Metadata is so complex that the openinfocard selector can not handle it; So I fixed this not so small problem and learned a lot about several of the friendly members of the WS-* family...; and of Mozilla’s E4X implementation. This introduces a new level of complexity to the openinfocard code that surely will lead to trouble in the future.

What does this have to do with Kantara? Well, sure the designers of WS-* are not all members of Kantara but the Liberty Alliance Project has created similar complex specifications (This server is down too; in fact it turns out it is the same server 74.124.198.86).
Now consider you want to implement a cool program on a mobile phone and have to use these standards. Good luck with e.g. ID-WSF and e.g. kxml2. Doable, but this takes probably more than half an hour.

So I am sceptical for small, fast, just-doit openFOO groups.

Monday, April 20, 2009

Oracle will buy SUN

Living in interessting times... (still).

http://www.sun.com/third-party/global/oracle/index.jsp

This raises many questions regarding e.g. mysql etc but most notably I am very curious what this means for opensso and SUN's access manager and ...

This merger will be a hot topic for the identity people here at RSA conference too, I am sure. Can't wait to hear what e.g. Uppili and Pat say.

Friday, April 17, 2009

Waiting for CardSpace Geneva



I wanted this video to loop forever but could not find how this is possible.
Maybe Microsoft should open source CardSpace Geneva; then we could help to bring it into the world.

Monday, April 06, 2009

xmldap.org is down

I am sorry that xmldap.org is down.

Nulli Secundus, the former employer of Pamela Dingle, hosted xmldap.org until now. A big thank you for that.

Chuck and I have not found an alternative until now.
But I am an ethernal optimist too ;-)

similar people at quillp

Today I tried a new social network quillp that claims to help to establish a new cosmos for me by knowing how I like or not-like books I have read.

They have a subservice that offers a list of books of people similar to me:

I seems I am special and not many readers are similar to me.
Or they don't have their database and algorithms straight.
Well, about every ten click leads to a .NET error like: "table 0 not found".

What I do not like about Quillp: Somebody must explain oauth to them now!

Anyway: I subscribe to the mantra "publish early, publish often" too. And "if your not embarassed by your first version then you published to late".
Quillp has some work to do but I like the idea and happily divulge my bookshelve to them but not my password to other sites.

Wednesday, April 01, 2009

Mozilla weave and Information Cards

Mozilla labs just announced that they released version 0.3 of weave. I think Information Cards should be added to the weave cloud:

And maybe passwords should be stored as Information Cards to leverage THE SELECTOR's anti-phishing capabilities to protect username/password credentials.