Scott Hanselman

CardSpaces/InformationCard Screencast

November 02, 2006 Comment on this post [2] Posted in Screencasts

Sponsored By

There's lots of talk lately about CardSpaces and the underlying WS-* technologies (that aren't Microsoft-specific, which is a good thing) that make it all happen.

We did this week's Hanselminutes on Identity, with CardSpaces as the primary focus. I realized that it's a pretty hard thing to visualize as the user interface for Windows CardSpace has some new UI techniques like the "Curtain of Security" (my term) that loads the CardSpaces application in a separate desktop context to defeat keyloggers and others evils.

Stuart Celarier at Corillian worked recently on a project to integrate CardSpaces with our eFinance Platform. We've been working with various pre-release versions of CardSpaces for a while, and last month we took a team up to Microsoft to get a live Voyager (Voyager is the name of our eFinance Platform) system integrated with CardSpaces "for real" - as opposed to static demoware. This week Stuart recorded a CardSpace Screencast of the process.

In this demo, we log in as bill27 using a Username and Password, the way folks usually log in. Then while logged in, we visit the Self Service page and ask to associate an Information Card with that account.

When we click Select Information Card, there's an <object> tag within the HTML that asks for specific claims like this:

<OBJECT type="application/x-informationCard" name="xmlToken">
<PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion">
<PARAM Name="requiredClaims"
Value="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/personalprivateidentifier
"/>
</OBJECT>

This object tags requests the givenname, surname, email and a privatepersonalidentifier that is unique to the site/user combination. It's suitable for use as a key.

On this machine we haven't created or imported any Information Cards yet, so we create a Personal Card. This is a "Self Issued Card." Basically a we act as our authority and a local Security Token Service (STS) issues the card. There's two kinds of cards, Personal/Self-Issued and Managed. Managed cards will be issued by wholespace identity providers, like perhaps Visa or Mastercard, maybe Amazon and Paypal. We shall see. Managed cards have the benefit of being revocable, just like real credit cards.

After we create a card, we send it to the web server (which happens to be running .NET 1.1) that decodes the Security Token and retrieves each of the claims. Once the Information Card is associated with the account, we can log out.

Then rather than using a Username and Password we can log in using only the Information Card. Of course, using an Information Card doesn't preclude the use of additional factors, including passwords, Intelligent Authentication, or challenge questions.

Here's a list of links to check out:

Thanks to my boss for letting us publish this (formerly) internal CardSpace screencast and to Stuart for making it happen.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About Newsletter

Hosting By

Hosted on Linux using .NET in an Azure App Service

Comment on this post [2]

Share on BlueSky or use the Permalink and post anywhere!

Z walks on his 11 month birthday

October 30, 2006 Comment on this post [12] Posted in Parenting | Z

Sponsored By

Big day for us all here at the Hanselman House. My nephew Spox’s 6th birthday was today, so Mo’s sister Nqobile and her husband threw a party.

It's also Z's 11 month birthday if you can believe that, Dear Reader. Here's a video of Z at about one hour old for comparison. ;)

Z has been "cruising" for the last month or so, holding on to the couch and the like. He's taken a few steps here and there, in desperate leaps from parent to parent, but we haven't really felt that was the "official he's walking" event.

This evening I was screwing around with this little cheap Canon Mini DV ZR700 that I won. It's kind of a cheesy camera...I prefer the heft and video quality of my Sony Digital 8mm, but this little Canon has a neat anamorphic 480p-style 16x9 widescreen video that makes family DVDs look more professional and certainly nicer on an HD TV, even though it's not an HD video camera. We'll be taking it to Tanzania where we'll be spending the whole of December.

But, I digress! It was with this little camera that we taped Z walking down our hallway this evening, and with Vista RC2's "Windows Movie Maker" that I squish that video and present it to you here!

File Attachment: ZWalks2.wmv (1950 KB)

About Scott

About Newsletter

Hosting By

Comment on this post [12]

Share on BlueSky or use the Permalink and post anywhere!

Outlook 2007 Beta introduces its own Feed URL Protocol. Ew.

October 29, 2006 Comment on this post [19] Posted in Reviews | Tools | XML

Sponsored By

(This discussion refers to Outlook 2007 Beta 2 Technical Refresh)

I'm really not sure how I feel about this.

There was a big discussion about if the feed:// protocol was needed. Personally I've always said I think it IS needed while the RSS Team at Microsoft disagrees.

However, I just noticed that not only does Outlook store it's RSS in the PST (and syncs with the Common Feed Store, which we already knew), but it also registers two new "Protocol Handlers" explicitly for handling RSS feeds - they are OUTLOOKFEED:// and OUTLOOKFEEDS:// with the latter including an "S" for secure feeds.

This doesn't seem exactly fair or consistent. I understand that an enterprise, especially one using SharePoint would want to have folks subscribe to a feed directly into Outlook. However, not only is Outlook creating these new pseudo-protocols that are Outlook-specific, it's also taking over FEED:// as well. We'll see if there's changes in the next RC.

That doesn't seem fair. What if RssBandit started using RSSBANDITFEED://? Of course, any of these aggregators can try to take over OUTLOOKFEED://, although Outlook will likely bork. However, it's the very existence of this custom psuedoprotocol that I find offensive, it doesn't matter it can probably be disabled.

ASIDE: For some reason FeedDemon always warns me that it isn't the default feed reader (i.e. it's not associated with the feed:// protocol, and even though I want it to be the default aggregator, it keeps prompting. This might be a Vista-specific administrative thing, but I suspect Outlook is taking over feed:// also.

You can test these various protocols on your machine by trying each of the following links:

Also, right now, if you click an RSS Feed while running FeedDemon (just using FeedDemon as an example application that eats RSS but also hosts IE7) then IE7 tries to subscribe using the RSS Platform and the Common Feed Store, when really FeedDemon should be getting the subscription request. I know that Nick @ FeedDemon will eventually fix this with some cleverness, but should he really have to?

I'm just unclear on the usefulness thus far of the Common Feed Store. I like the API (inside msfeeds.dll and a few other places that you'll get quietly when you get IE7), even though it's COM-based, and I like that it handles the retrieval and the parsing/canonicalization of the various feed formats. However, it's unclear how I am to administer it effectively. IE7's interface is a little week if you have 400 feeds. There's no shift-select-delete support in either IE or in Outlook 2007 so I can't remove the hundreds of duplicate feeds that have appeared in the last few weeks. I've found the sync'ing solution from NewsGator to be a decent start - as an idea - but the implementation is NOT working well as it's incredibly slow and 10% of my feeds just don't sync.

Rather than blaming NewsGator or Microsoft, I'm forced to ask, is it really this hard to keep my Feeds and Read Status sync'ed between a few computers and a few applications? Apparently it's wicked hard...this leads me to wonder if ONLINE feed reading is where its at.

Apparently my readership thinks so. At least half of you are using online aggregators (or NewsGator sync'ed aggregators which includes NewsGator proper as well as FeedDemon when you're sync'ing feeds).

What do you think? Do you read your feeds online?

About Scott

About Newsletter

Hosting By

Comment on this post [19]

Share on BlueSky or use the Permalink and post anywhere!

Who moved my Office Cheese - Mapping Office 2003 commands to Office 2007

October 29, 2006 Comment on this post [0] Posted in Reviews

Sponsored By

I'm loving Office 2007 more and more. It really does grow on you. For those of you who are having trouble finding stuff in the new Interface (and haven't discovered the automatic hotkey mapping - that's hot), there's a sexy little Flash Application that lets you select an existing menu item or toolbar item from a Word 2003 interface, then it'll show you the new Word 2007 interface and walk you through where that feature is located.

The same interactive command location finder exists for other apps within the Office 2007 Suite, it's just buried in the help. I say, set it free!

It's very well done and I suspect your Mom/Cousin/Spouse will appreciate it when they start using the new 2007 stuff.

Frankly, the whole Office Online Beta is pretty fantastic. Do check it out if you're trying to get up to speed. I can only hope they will maintain (i.e. 301 redirect) the beta permalinks once Office goes live. It's a shame that these interactive Flash Demos, that I think are very effective, are effectively hidden

About Scott

About Newsletter

Hosting By

Comment on this post [0]

Share on BlueSky or use the Permalink and post anywhere!

Daylight Savings Time and Windows

October 28, 2006 Comment on this post [7] Posted in Internationalization

Sponsored By

We have to change our clocks on Sunday here in the US, but if you're running a server, you need to know about this:

Sunday marks end of daylight savings time
October 27, 2006
[Folks across the country] can look forward to an extra hour of sleep as clocks turn back one hour in observance of daylight savings time at 2 a.m. Sunday morning.
The time shift occurs twice per year in North America: one hour is lost on the first Sunday in April, and the hour is gained back on the last Sunday in October. This policy was enacted by the Uniform Time Act in 1966.
Lawmakers made recent changes that will extend DST four to five weeks beginning in 2007. The Energy Policy Act of 2005 will change DST’s duration from the second Sunday of March to the first Sunday in November. Those in favor of the change said the US will save on energy costs by taking advantage of the extra hour of sunlight during the extended period.

It'll save on energy costs, but I wonder what the IT cost will be. Windows folks can check out http://www.microsoft.com/windows/timezone/dst2007.mspx for more details. Thanks to Tim Heuer and Bill Evjen for the pointers! A test version of the patch is available through support as KB924840.

From that page:

Windows XP SP2 and Windows Server 2003 will require the update. Windows XP SP1 and older operating system versions have passed their end of support dates and will not be receiving the update. Windows 2000 has passed the end of mainstream support and will not be receiving an update without an Extended Support Hotfix Agreement. Find more information about support policies around hotfixes.

So all you Windows 95, 98, ME, and 2000 folks, be prepared to be an hour off until you notice it and change it yourself. I predict 15 minutes until someone writes a freeware utility to fix this problem themselves. Will it be me? Nope, I'm taking Z to the Children's Museum.

About Scott

About Newsletter

Hosting By

Comment on this post [7]

Share on BlueSky or use the Permalink and post anywhere!

Newer Posts >>

<< Older Posts