Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Identity and Authentication Services
Showing posts in English
Tim Callan | 16 May 2006 | 2 comments

You're invited to visit and try out a beta version of an identity service we've provided. It's called the VeriSign Personal Identity Provider (“PIP” for short), and you can find it at http://pip.verisignlabs.com. The VeriSign PIP is designed to provide a “home base” for users who want use OpenID applications. Users who register with the VeriSign PIP get an OpenID – a URL they can use to login and authenticate at sites that accept OpenID. In addition, the VeriSign PIP lets you store profile information, and control how, when and with whom that information can be shared.

What Can I Do With The VeriSign PIP?

When you register at the VeriSign PIP, your user name is used to generate a unique URL for your profile. My username is “mgraves”, so my OpenID is “http://mgraves.pip...

Tim Callan | 12 May 2006 | 0 comments

I was at Internet Identity Workshop 2006 last week, and because it is a conference focused solely on the subject of identity, it served as a good opportunity to take stock of the situation. To be sure, a lot of progress has been made in the last year; if I have my facts right, YADIS – the lightweight discovery protocol for specifying capabilities for URLs – was conceived at last years IIW and has made it all the way to a 1.0 specification this spring. The ecosystem has come a long way towards the issue of identity in the past year too.

 

At Esther Dyson’s PCForum in Carlsbad, CA last month, the theme for the conference was “Erosion of Power: Users in Charge”. As with all forward-looking conferences there’s always an element of wishful thinking and projection in the conference themes. From the myriad conversations I’ve had at PCForum...

Tim Callan | 31 Mar 2006 | 0 comments

ActiveRecord gets a significant upgrade (polymorphic joins and bottomless eager loading for example) in the 1.1 release of Ruby On Rails. What's really impressive in this release though, is RJS -- the ability to write your JavaScript functions in Ruby. Rails was already a superior platform for writing Ajaxian web apps. With this release, the Ajax model stays the same, but you now have an elegant process for writing your JavaScript in Ruby.

I've only had the opportunity to get 1.1 installed and running on my personal machine, but it's clear from just a little exercise that 1.1 is going make a lot of teams that are humming along productively with 1.0 take a look to see when and how they can get 1.1 into their production...

Tim Callan | 20 Feb 2006 | 0 comments

Check out this proposal published by Johannes Ernst of NetMesh. I challenged him a couple weeks ago to apply his skills at developing lightweight, straightforward solutions to the problems presented by XML Digital Signatures, which are too numerous to recount here. XMLDSIG is a powerful technology, but it's very heavy and quite complex, which works against its success in the marketplace, particularly in lightweight development environments.

Just as a gedankenexperiment for Johannes, we wondered what should be done if we wanted something besides XMLDSIG -- something much simpler and lighter -- for identity, publishing and social networking applications we've been looking at. Johannes idea is to forego XML canonicalization -- or transforms of any kind -- and simply sign a single node as a blob, signing the XML in a monolithic way, the way you'd sign a JPEG image....

Tim Callan | 17 Feb 2006 | 0 comments

Dick Hardt and John Merrells of Sxip recently published Fourteen Design Goals for web-based identity systems. As Dick says in his blog entry, these are offered with a nod to Kim Cameron's Seven Laws. I've pulled out the 14 requirements from the doc -- see the doc for more in-depth discussion:

Tim Callan | 15 Feb 2006 | 0 comments

Matt Mower brings up an issue that has come up a lot for me lately as we look for ways to tackle the problems of comment spam. I've looked at the solution offered by CoComment, and their approach pretty much convinced me that the blog comments, as they exist today, are a bad idea.

Don't get me wrong; I'm all for vigorous discussion, wide-ranging and free-wheeling. The idea behind blog comments is obvious and important. The implementation is just terribly flawed, however.

Tim Callan | 15 Feb 2006 | 0 comments

No sooner do I post about Rails powering the long tail of web apps then do I learn of Google's acquisition of MeasureMap (via DHH's LoudThinking blog).

MeasureMap is a Ruby on Rails app, and according to David Heinemeier Hansson, the first Rails app to get acquired in the Web2.0 era. Didn't even launch before getting acquired. Congrats to the MeasureMap team.

I'll be interested to see what happens to MeasureMap platform-wise as it gets grafted into the fabric of Google. But it serves notice that Rails isn't just about RAD, demos and weekend one-offs. There's a flurry of activity right now building heavy-duty Web2.0 apps like MeasureMap -- if you don't believe me, try and find a quality Rails developer for hire. Go ahead, try it.

Tim Callan | 15 Feb 2006 | 0 comments

My colleague Kiran Dandekar has been doing something I've been doing lately: working with Ruby on Rails applications in the same way others work with PowerPoint, Visio, or Rational Rose. There's often a need to "sketch out" a web service, build some "wireframes" or "workflow diagrams" as a means to think through architectural and other issues, and also as a way to socialize the idea across the team. There are any number of tools available to facilitate this process, but Ruby on Rails is unique in its approach to sketching out a web application: build the web app itself.

I'll spare you the sermon on Rails; if you've tried it out, you don't need any convincing from me (and if you have been bitten by the Rails bug you aren't wasting time reading my blog, you're building web apps). If you're not familiar with Ruby on Rails, I'll just say this: Rails makes building basic, solid, functional web apps easier and quicker...

Tim Callan | 15 Feb 2006 | 0 comments

I've been getting great results from my efforts and experiments with Ruby on Rails in the past few months. More on that another time.

But a couple projects I've been working on could benefit from the UI Library and Design Patterns Library released today by Yahoo!. Rails developers are already in a pretty nice position with resources like script.aculo.us and Open RICO so nicely integrated with the Rails framework. But after just a cursory review this afternoon, it's clear that Yahoo!'s contribution is a big step forward for web developers.

Tim Callan | 13 Feb 2006 | 0 comments

Over on the OpenID mailing list, I made some comments outlining concerns about OpenID/YADIS/LID and the prospect of managing directional identity. Drummond Reed emailed shortly after I posted my thoughts, pointing out that he had covered this topic in depth on his blog back in December.

So he has. And, suprise, we came up with essentially the same solution. My suggestions were largely informed by the Sxip approach to the problem of directed identity, so I suppose its fair to say that I've essentially just been agreeing with Dick Hardt and his team, as well as Drummond and his: a robust single sign-on technology -- even a lightweight one -- should support on-the-...