Author: Administrator

Why does OAuth need request tokens?

OAuth's current access dance is based getting a request token that is later exchanged for an access token. Introducing the request token takes what could have been a 4 round trip protocol and makes it into a 6 round trip protocol. Couldn't we just simplify OAuth down to 4 round trips by getting rid of the request token all together? Or is there some critical use case enabled by request tokens that makes all the complexity worth the price?

[5/26/2009 – Updated with Q&A on open redirectors]

[6/2/2009 – Updated with a note from Allen Tom on another way to prevent open redirector attacks]

Continue reading Why does OAuth need request tokens?

Claims, Tickets and HTTP – Security protocols for services

I'm writing an enterprise service. A request comes in. Do I honor the request or reject it? Answering this apparently trivial access control question has spawned whole universes of interlocking protocols. Kerberos, Shibboleth, SAML, WS-*, Liberty, OAuth, OpenID and so on. Before I can pick which protocol to use I need to define my requirements.

DISCLAIMER: Although I am an architect on .NET Services' Access Control Service nothing said in this document necessarily represents the opinions of my employer, my friends, my enemies or my teddy bears. No warranty express or implied. Your mileage may vary. Do not remove tag.

Continue reading Claims, Tickets and HTTP – Security protocols for
services

Autosocking it through the winter

How do you get a Prius through the snow? I didn't used to care but in the last few years Redmond has had snow sitting on the ground for a week or two. There are low profile chains that will work on a Prius but that's a bad solution for me because the main roads in Seattle will be clear of snow, it's the neighborhood roads and side streets that will be covered. So after a mile or two of driving I would have to take the chains off. Studded tires could work but most of the time there is no snow on the ground and having to have my wheels put on and off is a pain. Snow tires could work but the snow season is only a month long and temperatures go all over the place, besides we get more water than ice/snow towards the end of the down fall and snow tires do badly on that. In the end I found and have tried out a reasonable solution to my problem âÄì The Autosock.

I tried out the autosock on my car last winter and this winter. Both times they worked really well. They gave me excellent traction both on packed and loose snow. They take literally 60 seconds to put on and take off. They aren't perfect but they work pretty well. Where I ran into problems with them is on slushy snow. I had to rock the car several times, driving back and forth, to get through a few really slushy patches. And when the snow started to seriously melt the autosock met it's match and stopped working. But so long as the snow was reasonably solid (e.g. power or packed) they worked well. I tried them on the steep hills around my home and they gave excellent traction both going up and down hills. Besides the looks on people's faces as a Prius with what looked like a shower cap on its wheels confidently drove past in the two foot snow was priceless.

I have never driven a four wheel drive but my guess is that autosocks are no substitute for a four wheel drive or real snow tires. But they got me around just fine and the cost is certainly right.

11/04/2008 – Primary Election – Redmond, King County, Washington

I guess I got lucky because all the folks I voted for made it to the general election so I don't have to go back and revisit those choices. The big choices then were President, which I covered in a separate article and the various initiatives which I cover below.

  • President/Vice President- Ralph Nader/Matt Gonzalez

  • United States Representative – Congressional District No. 1 – Jay Inslee

  • Governor – Christine Gregoire

  • Lieutenant Governor – Marcia McCraw

  • Secretary of State – Jason Osgood

  • State Treasurer – Allan Martin

  • State Auditor – Brian Sonntag

  • Attorney General – Rob McKenna

  • Commissioner of Public Lands – Peter J. Goldmark

  • Superintendent of Public Instruction – Randy Dorn

  • Insurance Commissioner – Mike Kreidler

  • State Representative – Legislative Dist No. 45 – Position 1 – Roger Goodman

  • State Representative – Legislative Dist No. 45 – Position 2 – Larry Springer

  • State Supreme Court – Justices of the Supreme Court – Position 3 – Mary Fairhurst

  • State Supreme Court – Justices of the Supreme Court – Position 4 – Charles W. Johnson

  • State Supreme Court – Justices of the Supreme Court – Position 7 – Debra L. Stephens

  • Court of Appeals, Division No. 1 – District No. 1 – Judge Position 5 – Lau, Linda

  • Court of Appeals, Division No. 1 – District No. 1 – Judge Position 6 – Ann Schindler

  • Superior Court – Judges of the Superior Court – Position 1 – Tim Bradshaw

  • Superior Court – Judges of the Superior Court – Position 22 – Julia Garratt

  • Superior Court – Judges of the Superior Court – Position 37 – Jean Rietschel

  • Initiative Measure No. 985 – No

  • Initiative Measure No. 1000 – Yes

  • Initiative Measure No. 1029 – No

  • King County Charter Amendment No.1 – No

  • King County Charter Amendment No. 2 – Yes

  • King County Charter Amendment No. 3 – Yes

  • King County Charter Amendment No. 4 – No

  • King County Charter Amendment No. 5 – Yes

  • King County Charter Amendment No. 6 – Yes

  • King County Charter Amendment No. 7 – No

  • King County Charter Amendment No. 8 – No

  • Sound Transit – Proposition No. 1 – No

Continue reading 11/04/2008 – Primary Election – Redmond, King County,
Washington

11/04/2008 – Primary Election – President of the United States of America – Ralph Nader

Those I have told my intention to vote for Mr. Nader have generally had one of two reactions. Either they said I was throwing away my vote or they said that I was helping McCain to win. My response to these accusations is that my vote is about indicating where I want this country to go and I don't want it to go to the same corporate owned, poll driven, pork barrel politics we have had to date. I am confident that neither Obama nor McCain will make any substantive changes to what ails this country so I feel duty bound to vote for someone who I think will make a real difference. Therefore I am voting for Ralph Nader.

Continue reading 11/04/2008 – Primary Election – President of the United
States of America – Ralph Nader

Executing Our College Savings Plan

Now that we have decided to use CollegeSure CDs to save for our daughter's college the question is – how? The answer turns out to be non-trivial in that we need to figure out how many CDs of what duration at what cost to buy each year between now and when she finishes college. After some experimentation I came up with an approach that seems to provide a reasonable cost and purchase plan. Below I explain how the approach works and provide a calculator that creates a purchase plan using the approach. Please keep in mind however that I'm no financial expert, that the code hasn't been properly tested and that objects may be closer than they appear.

Continue reading Executing Our College Savings Plan

8/19/2008 – Primary Election – Redmond, King County, Washington

The denial of service attack continues. By putting such a large number of candidates on the ballot the only conceivable result is less effective representation. Unless one dedicates one's life to reviewing candidates (and how does on review judges anyway?) there is no way to give effective overview to so many candidates. The only practical result I can see from this deluge of candidates is less people voting and for those who do vote, less attention being paid to each candidate.

  • United States Representative – Congressional District No. 1 – Jay Inslee

  • Governor – Christine Gregoire

  • Lieutenant Governor – Marcia McCraw

  • Secretary of State – Jason Osgood

  • State Treasurer – Allan Martin

  • State Auditor – Brian Sonntag

  • Attorney General – Rob McKenna

  • Commissioner of Public Lands – Peter J. Goldmark

  • Superintendent of Public Instruction – Randy Dorn

  • Insurance Commissioner – Mike Kreidler

  • State Representative – Legislative Dist No. 45 – Position 1 – Roger Goodman

  • State Representative – Legislative Dist No. 45 – Position 2 – Larry Springer

  • State Supreme Court – Justices of the Supreme Court – Position 3 – Mary Fairhurst

  • State Supreme Court – Justices of the Supreme Court – Position 4 – Charles W. Johnson

  • State Supreme Court – Justices of the Supreme Court – Position 7 – Debra L. Stephens

  • Court of Appeals, Division No. 1 – District No. 1 – Judge Position 5 – Lau, Linda

  • Court of Appeals, Division No. 1 – District No. 1 – Judge Position 6 – Ann Schindler

  • Superior Court – Judges of the Superior Court – Position 1 – Tim Bradshaw

  • Superior Court – Judges of the Superior Court – Position 10 – Regina S. Cahan

  • Superior Court – Judges of the Superior Court – Position 22 – Julia Garratt

  • Superior Court – Judges of the Superior Court – Position 26 – Laura Gene Middaugh

  • Superior Court – Judges of the Superior Court – Position 37 – Jean Rietschel

  • Superior Court – Judges of the Superior Court – Position 53 – Mariane Spearman

  • King County Initiative 26 and Council Proposed Alternative – Question 1 & 2 – No/Council-Proposed Alternative

Continue reading 8/19/2008 – Primary Election – Redmond, King County,
Washington

What do program managers on the Cosmos team do anyway?

In previous articles (here and here) I have talked about what software program managers do. And in another previous article I talked about Cosmos. In this article I bring the two topics together and talk about what Cosmos program managers actually do. (For those just joining us Cosmos is Microsoft's internal platform for reliably storing and processing petabytes of information such as all of Microsoft's log data from its various websites.) The issue of what PMs on the Cosmos team do is near and dear to my heart because I'm the lead program manager for Cosmos and we are hiring!

Continue reading What do program managers on the Cosmos team do anyway?

What is Microsoft's Cosmos service?

Cosmos is Microsoft's internal data storage/query system for analyzing enormous amounts (as in petabytes) of data. As the lead Program Manager for Cosmos I can't say too much about it but what I can do is take a tour of the information that Microsoft has published about Cosmos. So read on if you are interested in the architecture Microsoft uses to store and query petabytes of data and what technical issues Microsoft's approach brings up.

Continue reading What is Microsoft's Cosmos service?

Tools of the Software Program Manager Trade

In my previous article about what a PM does I talked about contracts. While I didn't mean contracts in the literal sense of a legally binding document the best PM groups I've worked with do produce a specific set of documents which serve to record what has been agreed to, track status and help to identify and resolve problems. Below I walk through those documents and what their purpose is.

Continue reading Tools of the Software Program Manager Trade