January 29, 2015

Matthew Gertner - AllPeersLiving Off the Grid with Wind Energy [Technorati links]

January 29, 2015 06:46 PM

farm for wind energyIncreasingly common is the choice to begin living off the grid. There are many ways to generate energy to make this a relatively painless transition regardless of the reasons for doing so. One of those ways is to use wind energy. Using wind to live off the grid is such an appealing choice because of the many advantages associated with it. This explains why wind energy is now the fastest-growing energy source in the world. Some of the advantages are that it does not cause pollution, it is low in cost, and it is continually a renewable resource.

One advantage of using wind energy is that it is a clean source of fuel. This means that it doesn’t pollute the air. The wind energy is generated by using wind turbines, which are mounted on towers to capture energy. When the wind blows, the blades begin to spin and this causes the rotor to turn like a propeller on a helicopter. When that happens, a generator begins to spin and it makes electricity. The rotor blades do cause some noise which can take a little getting used to.

The cost of energy is high for many methods of generating electricity. This is not the case when it comes to generating electricity using wind. In fact, it is one of the most cost-effective forms of electricity that is in use today. The reason for this is that the cost of manufacturing wind turbines is lowering due to increased technology, and the placement of wind turbines is being carefully examined to generate the most amount of power out of what turbine. Another factor which helps to keep the costs low is that once a wind turbine is in place, it can continue to run and be effective for at least the next twenty years.

Another aspect of using wind energy that is definitely a positive and contributes greatly to the increased use of this energy source is that wind is something that continues being renewed. Wind cannot ever be used up or depleted. This is a great advantage over many other sources of energy. The down side of using wind is that it is unpredictable. Wind is not constantly available in the way that we need it at the exact place that we need it. When using wind to live off the grid, you do want it to be a reliable source of energy.

Not without challenges, wind energy will continue to grow as an energy source for many communities across the globe. The advantages of using wind for a main energy source outweigh the disadvantages when it comes to the cleanliness and renewable aspects of it. For those who gain a sense of pride and accomplishment from living off the grid, this is a good choice. With increasing technology and increasing awareness of the issues with some of our current ways of generating electricity, we are sure to have even more options available for using wind energy in the future.

Kuppinger ColeAmazon WorkMail – a new player on the Enterprise Email and Calendaring market [Technorati links]

January 29, 2015 05:11 PM
In Alexei Balaganski

Amazon Web Services has again made headlines today by announcing Amazon WorkMail – their managed email and calendaring service targeted at corporate customers. This is obviously a direct take on their biggest competitors, namely, Google and Microsoft, and the biggest differentiators Amazon is focusing on are ease of use and security.

Amazon WorkMail is described as a completely managed replacement for an organization’s own legacy email infrastructure. Since the service is compatible with Microsoft Exchange and is capable of integrating with an existing on-premise Active Directory, the process of migration should be quick and seamless. Since AWS will take over most administrative processes, such as patching or backups, this can dramatically decrease administration efforts and costs.

Although WorkMail has its own web interface, AWS is more focused on supporting existing mail and calendaring tools. Any ActiveSync-capable program, including Microsoft Outlook for Windows and OS X, as well as native iOS and Android email clients, can be supported without installing any plug-ins. Migration from an on-premise Exchange server can be completely transparent and does not require any changes on end user devices. A migration wizard is provided as a part of the package.

With the new service, AWS is also placing big emphasis on security. Since email has long been an integral part of our daily business processes, a lot of sensitive corporate information passes through it and ends up getting stored on the mail server. By integrating with AWS Key Management Service, WorkMail will automatically encrypt all email data at rest, while giving customers complete control over the encryption keys. It is also possible to restrict where this information is stored to a specific geographical region to ensure compliance with local privacy regulations.

Last year, AWS announced their Zocalo service for secure storage and sharing of enterprise data, a direct competitor to other cloud storage services like Dropbox or Google Drive. Needless to say, WorkMail is tightly integrated with Zocalo, allowing the secure exchange of documents instead of sending them as unprotected attachments. In fact, AWS offers a bundle of WorkMail with Zocalo for an attractive price.

There is one potential misunderstanding, however, which I feel obligated to mention. Even with all security features integrated into WorkMail, it still cannot be considered a true end-to-end encryption solution and is thus potentially vulnerable to various security problems. This is another example of a tradeoff between security and convenience, and Amazon simply had to make it to ensure compatibility with existing email programs and protocols.

Still, with an impressive integrated offering and traditionally aggressive pricing model, Amazon WorkMail is definitely another step in AWS’s steady push towards global market leadership.

Kuppinger ColeAdvisory Note: Enterprise Big Data IAM – Challenges and Opportunities - 71207 [Technorati links]

January 29, 2015 08:10 AM
In KuppingerCole

The problem of enterprises grappling with large multiple data and information systems is nothing new. What has changed are the internal and external market expectations, the new technology choices and the constraints and opportunities provided by emerging regulations. Take a deep breath and really get to grips with what is needed and what is achievable.


more
January 28, 2015

MythicsGoldenGate 12c Setup with Oracle 12c Pluggable Multi-Tenant DB and OEM GoldenGate Plugins [Technorati links]

January 28, 2015 04:02 PM

I recently built out a new installation of GoldenGate using the latest versions and features, namely the Integrated Capture and Replication capabilities for…

January 27, 2015

KatasoftBuild a Java Web App with Instant User Management [Technorati links]

January 27, 2015 03:00 PM

Java SDK w/ Servlet Support

We just released a major upgrade of our Java SDK, which now includes Java Webapp (Servlet 3.0+) support with a ton of user automation. Just drop our Servlet plugin into your Java web application and boom – instant user management with little to no coding required.

This post is a quick tutorial to show you just how quickly you can build a Java web app with a complete set authentication and user management features and user interfaces.

If you’ve built a Java web application, you know the time and pain involved in building out proper authentication and user management. Even if you use a great framework like Apache Shiro or Spring Security, there’s still a lot of boring UI work and high risk backend work.
At a minimum, you have to build UI screens for registration, login, and forgot password in addition to controllers processing each view, logout handlers, etc. And then you have to worry about security issues like password hashing schemes, updating hashing algorithms as computation improves, CSRF protection, XSS attacks, and more.

Stormpath hooks into typical Java web applications and gives developers all that “user stuff” out-of-the-box so you can get on with what you really care about – your application. In fact, you get full user interfaces without writing a single line of code. Awesome.

By the time you’re done with this 15 minute tutorial you’ll have a fully-working Java web application. We will focus on our Stormpath-Servlet plugin that has a ton of user automation. You just drop a plugin into your web application and boom – instant user management with little to no coding required.

What You’ll Build

You’ll build a simple Java web application using the standard Servlet 3+ and JSP APIs. When you’re done, you’ll be able to:

And here’s the best part – for all of the above, you won’t have to write a single line of code – just some configuration!

But, just for fun, we will code a simple welcome page and a user account dashboard page that are likely to exist in real applications.

Sound good? Great! Let’s get started!

What You’ll Need

How to Complete this Guide

You can start from scratch and complete each step or you can skip the basic setup steps you’re already familiar with.

Start From Scratch

If you’d like to start from scratch, you’ll need to first get a Stormpath API Key.

Then you’ll need to Build With Maven or Build With Gradle, depending on your preferences.

Get an API Key

All communication with Stormpath must be authenticated with an API Key.

  1. If you haven’t already, sign up for Stormpath for free. You’ll be sent a verification email.

  2. Click the link in the verification email.

  3. Log in to the Stormpath Admin Console using the email address and password you used during registration.

  4. Click the Manage API Keys link on the middle-right of the dashboard.

  5. Under Security Credentials, click Create API Key.

    This will generate your API Key and download it to your computer as an apiKey.properties file.

  6. Save the file in your home directory in the following location:

    • ~/.stormpath/apiKey.properties on Unix, Linux and Mac OS
    • C:\Users\YOUR_USERNAME\.stormpath\apiKey.properties on Windows
  7. Change the file permissions to ensure only you can read this file. For example:

     chmod go-rwx ~/.stormpath/apiKey.properties
    
  8. To be safe, you might also want to prevent yourself from accidentally writing/modifying the file:

     chmod u-w ~/.stormpath/apiKey.properties
    

On Windows, you can set file permissions similarly.

Build With Maven

Choose a directory that you wish to use for your project. Within that directory, create the following maven pom.xml file:

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.stormpath.samples</groupId>
    <artifactId>stormpath-webapp-tutorial</artifactId>
    <version>0.1.0</version>
    <packaging>war</packaging>

    <dependencies>
        <dependency>
            <groupId>com.stormpath.sdk</groupId>
            <artifactId>stormpath-servlet-plugin</artifactId>
            <version>1.0.RC3.1</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.0.1</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>1.0.13</version>
            <scope>runtime</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <version>2.2</version>
                <configuration>
                    <path>/</path>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

Build With Gradle

Choose a directory that you wish to use for your project. Within that directory, create the following build.gradle file:

build.gradle

buildscript {
    repositories {
        jcenter()
    }

    dependencies {
        classpath 'com.bmuschko:gradle-tomcat-plugin:2.0'
    }
}

apply plugin: 'java'
apply plugin: 'war'
apply plugin: 'com.bmuschko.tomcat'

sourceCompatibility = 1.6
version = '0.1.0'
war.baseName = 'stormpath-webapp-tutorial'

repositories {
    mavenLocal()
    mavenCentral()
}

dependencies {
    compile group: 'com.stormpath.sdk', name: 'stormpath-servlet-plugin', version: '1.0.RC3.1'
    compile group: 'javax.servlet', name: 'jstl', version: '1.2'
    providedCompile group: 'javax.servlet', name: 'javax.servlet-api', version: '3.0.1'
    runtime group: 'ch.qos.logback', name: 'logback-classic', version: '1.0.13'

    def tomcatVersion = '7.0.57'
    tomcat "org.apache.tomcat.embed:tomcat-embed-core:${tomcatVersion}",
            "org.apache.tomcat.embed:tomcat-embed-logging-juli:${tomcatVersion}"
    tomcat("org.apache.tomcat.embed:tomcat-embed-jasper:${tomcatVersion}") {
        exclude group: 'org.eclipse.jdt.core.compiler', module: 'ecj'
    }
}

tomcatRun.contextPath = '/'
tomcatRunWar.contextPath = '/'

task wrapper(type: Wrapper) {
    gradleVersion = '2.2.1'
}

Skip The Basics

Add the dependency to your web app (.war) project:

Maven:

<dependency>
    <groupId>com.stormpath.sdk</groupId>
    <artifactId>stormpath-servlet-plugin</artifactId>
    <version>1.0.RC3.1</version>
</dependency>

Gradle:

dependencies {
  compile 'com.stormpath.sdk:stormpath-servlet-plugin:1.0.RC3.1'
}

Build the App

We’ll need to create some files in various directories. Ensure the following directory structure exists under your project directory:

-- src/
 |-- main/
   |-- java/
   |   |-- tutorial/
   |-- webapp
     |-- WEB-INF/
       |-- jsp/
       |-- tags/

For example, on *nix operating systems:

mkdir -p src/main/java/tutorial
mkdir -p src/main/webapp/WEB-INF/jsp
mkdir -p src/main/webapp/WEB-INF/tags

Page Template

We’ll likely want our web app’s pages to have the same look and feel. We can do this easily using a page template. And because JSP 2.0 supports page templates automatically via JSP Tags, there is no need to pull in additional template libraries. Let’s create a new template tag file with the following contents:

src/main/webapp/WEB-INF/tags/page.tag

<%@tag description="Default Page template" pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@attribute name="title" required="false" %>

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Stormpath Webapp Sample | <c:out value="${!empty title ? title : ''}"/></title>
    <link href="https://stormpath.com//maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" rel="stylesheet">
    <%-- <link href="${pageContext.request.contextPath}/assets/css/style.css" rel="stylesheet" --%>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
    <script src="https://stormpath.com//maxcdn.bootstrapcdn.com/bootstrap/3.3.2/js/bootstrap.min.js"></script>
</head>
<body>
    <div class="container">

        <div class="header">

            <ul class="nav nav-pills pull-right">
                <c:set var="uri" value="${requestScope['javax.servlet.forward.request_uri']}"/>
                <li<c:if test="${fn:endsWith(uri,'/')}"> class="active"</c:if>><a href="${pageContext.request.contextPath}/">Home</a></li>

                <%-- Change upper right context menu depending on if the user is logged in or not: --%>
                <c:choose>
                    <c:when test="${!empty account}">
                        <li<c:if test="${fn:endsWith(uri,'dashboard')}"> class="active"</c:if>><a href="${pageContext.request.contextPath}/dashboard">Dashboard</a></li>
                        <li><a href="${pageContext.request.contextPath}/logout">Logout</a></li>
                    </c:when>
                    <c:otherwise>
                        <li<c:if test="${fn:endsWith(uri,'login')}"> class="active"</c:if>><a href="${pageContext.request.contextPath}/login">Login</a></li>
                    </c:otherwise>
                </c:choose>
            </ul>

            <h3 class="text-muted">Stormpath Webapp Sample</h3>

        </div>

        <jsp:doBody/>

    </div>
</body>
</html>

This is just a standard JSP file with a .tag extension instead of a .jsp extension. The <jsp:doBody/> element will be replaced with the page content for any page that uses this template.

Home Page

For security reasons, we like to ensure that JSP files themselves are never directly accessible during a request. Instead, we want a Controller to process the request and then render the JSP to the request. To do this, we’ll create a simple ‘Home’ controller that renders the internal home.jsp page:

src/main/java/tutorial/HomeController.java:

package tutorial;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class HomeController extends HttpServlet {

    public static final String VIEW_TEMPLATE_PATH = "/WEB-INF/jsp/home.jsp";

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        req.getRequestDispatcher(VIEW_TEMPLATE_PATH).forward(req, resp);
    }
}

src/main/webapp/WEB-INF/jsp/home.jsp:

<%@ page session="false"%>
<%@ page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<%@ taglib prefix="t" tagdir="/WEB-INF/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<t:page>
    <jsp:attribute name="title">Welcome!</jsp:attribute>
    <jsp:body>
        <div class="jumbotron" id="welcome">

            <h1>Welcome to the Stormpath Webapp Sample Application!</h1>

            <p class="lead">
                <br/>
                <br/>
                Welcome to this <i>gloriously simple</i>
                <a href="https://docs.stormpath.com/java/servlet-plugin/">Stormpath Java Webapp</a> sample application!
                <ul>
                    <li>First, take a look through this very basic site.</li>
                    <li>Then, check out this project's source code
                        <a href="https://github.com/stormpath/stormpath-sdk-java/examples/servlet">on GitHub</a>.</li>
                    <li>Lastly, integrate Stormpath into your own sites!</li>
                </ul>
            </p>

            <br/>
            <br/>

            <h2>What This Sample App Demonstrates</h2>

            <br/>
            <br/>

            <p>This simple application demonstrates how easy it is to register, login, and securely authenticate
                users on your website using the Stormpath Servlet Plugin.</p>

            <p>Not a Stormpath user yet? <a href="https://stormpath.com">Go signup now!</a></p>

            <br/>
            <br/>

            <p class="bigbutton"><a class="bigbutton btn btn-lg btn-danger"
                                    href="${pageContext.request.contextPath}/register" role="button">Register</a></p>
        </div>
    </jsp:body>
</t:page>

Finally, we’ll need to add a web.xml file to tell the servlet container to invoke our Home Controller when the web app’s default path is accessed:

src/main/webapp/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <servlet>
        <servlet-name>HomeController</servlet-name>
        <servlet-class>tutorial.HomeController</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>HomeController</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/assets/*</url-pattern>
    </servlet-mapping>

</web-app>

Try it!

Can you believe that after adding a single home page, you’d have a functional web application with full user management capability?

Don’t believe me? Let’s try it!

Using your build tool of choice, let’s start up the web application. For example:

Maven:

maven tomcat7:run

Gradle:

gradle tomcatRun

Open up a browser and visit http://localhost:8080. You’ll see the home page we just created above:

Stormpath Java Webapp Sample Home Page Screenshot

Pretty cool! Now, to be honest, this isn’t wildly exciting. That is what is supposed to happen after all. But the awesome features – the part you have been waiting for – is all the automatic stuff. For example, the login page!

Login Page

Click the Login button at the top right of the page, or manually visit http://localhost:8080/login, and you’ll see this:

Stormpath Java Webapp Plugin Login Page Screenshot

That’s right! A login page with best practice CSRF-protection built right in, and you didn’t have to write a single line of it. Now that is awesome! You can customize which fields are displayed in which order, as well as the entire look and feel if you wanted, with full internationalization (i18n) capabilities. That’s out of scope for this article, but you can read about customizing views later if you wanted.

It doesn’t stop there of course – you get all sorts of goodies, like user account registration, email verification and forgot password automation, token authentication and much more!

New User Registration Page

Now you can’t login until you create a user account, so go ahead and click the ‘Create Account’ link or manually visit the http://localhost:8080/register page and you’ll see this:

Stormpath Java Webapp Plugin Register Page Screenshot

Go ahead and fill out and submit the form – you’ll be given a new user account that you can use to log in right away.

Email Verification

Now, what about email verification? Many web applications want to ensure that newly registered users must verify their email address before they can login to the application. This helps ensure that:

This is covered too! You just have to enable email verification as described in the documentation. Since this is a shorter tutorial, we’ll move on, but feel free to turn that on if you like and try it out.

Logout

If you are still logged in, click the logout button on the upper right. This will visit /logout, which will automatically log you out and then redirect you back to the web app’s context root page (/) by default (you can customize this next URI later).

We’ll also make one more change to the web app, so go ahead and shut down the application by pressing CTRL-C.

Forgot Password, Change Password, etc.

The plugin supports other views out of the box as well, which you can read about in the documentation. But we want to show you one more thing before we wrap up this tutorial: access control.

Access Control

The Stormpath Java Webapp Plugin also has the ability to enforce access control based on URI path. For example, you can ensure that only authenticated users may visit the /account URI within your application. Or that maybe only accounts within the admin group can visit the /admin URI.

To demonstrate this, we’ll create a /dashboard view that only authenticated users should be able to see. This represents a common ‘landing page’ that a user might be shown immediately after login.

Let’s create a ‘Dashboard’ controller:

src/main/java/tutorial/DashboardController.java

package tutorial;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.directory.CustomData;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.servlet.account.AccountResolver;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class DashboardController extends HttpServlet {

    private static final String VIEW_TEMPLATE_PATH = "/WEB-INF/jsp/dashboard.jsp";

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        String birthday = "";
        String color = "";

        Account account = AccountResolver.INSTANCE.getAccount(req);
        if (account != null) {
            CustomData data = account.getCustomData();
            birthday = (String)data.get("birthday");
            color = (String)data.get("color");
        }

        req.setAttribute("birthday", birthday);
        req.setAttribute("color", color);
        req.getRequestDispatcher(VIEW_TEMPLATE_PATH).forward(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        String birthday = req.getParameter("birthday");
        String color = req.getParameter("color");

        //get the currently-logged-in account:
        Account account = AccountResolver.INSTANCE.getAccount(req);
        if (account != null) {

            CustomData data = account.getCustomData();

            if (Strings.hasText(birthday)) {
                data.put("birthday", birthday);
            } else {
                data.remove("birthday");
            }

            if (Strings.hasText(color)) {
                data.put("color", color);
            } else {
                data.remove("color");
            }

            data.save();
        }

        req.setAttribute("birthday", birthday);
        req.setAttribute("color", color);
        req.getRequestDispatcher(VIEW_TEMPLATE_PATH).forward(req, resp);
    }
}

The DashboardController demonstrates a really nice Stormpath feature: the ability to ‘attach’ your own custom data directly to Stormpath REST resources, such as a user account’s birthday or favorite color.

Let’s create the view file that will be rendered by the controller:

src/main/webapp/WEB-INF/jsp/dashboard.jsp

<%@ page session="false"%>
<%@ page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<%@ taglib prefix="t" tagdir="/WEB-INF/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<t:page>
    <jsp:attribute name="title">Dashboard</jsp:attribute>
    <jsp:body>
        <div class="dashboard">
            <div class="row">
                <div class="col-lg-12">
                    <div class="jumbotron">
                        <h1>Dashboard</h1>

                        <br/>
                        <br/>

                        <p>Welcome to your user dashboard!</p>

                        <p>This page displays some of your account information and also allows you to change custom
                            data.</p>

                        <p>If you click the Logout link in the navbar at the top of this page, you'll be logged out
                            of your account and redirected back to the main page of this site.</p>
                        <br/>
                        <br/>

                        <h2>Your Account Custom Data</h2>
                        <br/>
                        <br/>

                        <p>Your Email: <span class="data">${account.email}</span></p>

                        <c:set var="noBirthday" value="You haven't entered a birthday yet!"/>
                        <p>Your Birthday: <span class="data">${!empty account.customData['birthday'] ? account.customData['birthday'] : noBirthday}</span></p>

                        <c:set var="noColor" value="You haven't entered a color yet!"/>
                        <p>Your Favorite Color: <span class="data">${!empty account.customData['color'] ? account.customData['color'] : noColor}</span></p>

                        <br/>
                        <br/>

                        <p>Stormpath allows you to store up to 10MB of custom user data on
                            each user account. Data can be anything (in JSON format). The above
                            example shows two custom fields (<code>birthday</code> and
                            <code>color</code>), but you can add whatever fields you'd like.</p>

                        <p>You can also store complicated nested JSON documents!</p>
                        <br/>
                        <br/>

                        <h2>Update Custom Data</h2>
                        <br/>
                        <br/>

                        <p>If you enter values below, we'll send and store these
                            values with your user account on Stormpath.</p>

                        <p>Please note, we are not doing any validation in this simple
                            example -- in a real world scenario, you'd want to check user input on the server side!</p>
                        <br/>
                        <br/>

                        <form method="post" class="bs-example form-horizontal" action="${pageContext.request.contextPath}/dashboard">
                            <div class="form-group">
                                <label for="birthday" class="col-lg-2 control-label">Birthday</label>

                                <div class="col-lg-4">
                                    <input type="text" class="form-control" id="birthday" name="birthday" placeholder="mm/dd/yyyy"
                                           value="${!empty account.customData['birthday'] ? account.customData['birthday'] : ''}">
                                </div>
                            </div>
                            <div class="form-group">
                                <label for="color" class="col-lg-2 control-label">Favorite Color</label>
                                <div class="col-lg-4">
                                    <input type="text" class="form-control" id="color" name="color" placeholder="color"
                                           value="${!empty account.customData['color'] ? account.customData['color'] : ''}">
                                </div>
                            </div>
                            <div class="form-group">
                                <div class="col-lg-10 col-lg-offset-2">
                                    <button type="submit" class="btn btn-primary">Update Custom Data</button>
                                </div>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </jsp:body>
</t:page>

And we’ll need to update web.xml to tell the Servlet Container about our new view. web.xml should now look like this:

src/main/webapp/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <servlet>
        <servlet-name>HomeController</servlet-name>
        <servlet-class>tutorial.HomeController</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>HomeController</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <servlet>
        <servlet-name>DashboardController</servlet-name>
        <servlet-class>tutorial.DashboardController</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>DashboardController</servlet-name>
        <url-pattern>/dashboard</url-pattern>
    </servlet-mapping>


    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/assets/*</url-pattern>
    </servlet-mapping>

</web-app>

Stormpath Config

Notice that, until now, we did not need to configure the plugin itself at all: everything ‘just works’. But now that we have some application-specific enforcement rules, we’ll need to tell the plugin what to do via a simple stormpath.properties configuration file. Let’s create this file:

src/main/webapp/WEB-INF/stormpath.properties

stormpath.web.login.nextUri = /dashboard

stormpath.web.uris./dashboard = authc

Try it!

Now that we’ve added a dashboard view and controller, and a simple stormpath.properties file, let’s try it out!

If you haven’t already, shut down the application by pressing CTRL-C.

Now start it up:

Maven:

maven tomcat7:run

Gradle:

gradle tomcatRun

Now try to visit http://localhost:8080/dashboard – you will be redirected to login as expected. Log in with a user account you created previously and then it will automatically redirect you back to the dashboard. Nice!

Stormpath Java Webapp Plugin Dashboard Page Screenshot

Summary

Congratulations! You now have a complete web application, with automatic user registration, login, forgot password/reset workflows, logout, custom data editing, and access control enforcement!

But we’ve just scratched the surface of what you can do. Also supported:

Please see the complete Stormpath Java Servlet Plugin Documentation for full information.

Kuppinger ColeExecutive View: NetIQ Access Manager - 71054 [Technorati links]

January 27, 2015 10:55 AM
In KuppingerCole

NetIQ Access Manager is an example of an integrated Access Management and Identity Federation solution. In fact, NetIQ has been the first vendor to combine federation functionality with web access management features, thus providing a completely integrated solution based on a solid consistent architecture. Initially released in 2006, the product includes Single Sign-On for web applications, support for all major federation standards, as well as an SSL VPN server, all managed in a single...
more

Ludovic Poitou - ForgeRockA fresh look for the OpenDJ and OpenIG snapshot documentation… [Technorati links]

January 27, 2015 09:08 AM

OpenDJ Administration Guide ScreenshotThanks to Chris Lee, the most recent technical writer at ForgeRock, there is now a new visual design for the snapshot documentation for our open source projects.
Check it out on the OpenDJ Administration Guide, the OpenDJ SDK Developer’s Guide, the OpenIDM Integrator’s Guide or the Guide to OpenIG


Filed under: General Tagged: community, documentation, ForgeRock, openam, opendj, openidm, openig

Julian BondI wish I could be as optimistic as this. [Technorati links]

January 27, 2015 08:51 AM
I wish I could be as optimistic as this.
http://blog.longnow.org/02015/01/26/jesse-ausubel-seminar-media/

Why nature is rebounding – a summary by Stewart Brand

Over the last 40 years, in nearly every field, human productivity has decoupled from resource use, Ausubel began. Even though our prosperity and population continue to increase, the trends show decreasing use of energy, water, land, material resources, and impact on natural systems (except the ocean). As a result we are seeing the beginnings of a global restoration of nature.

Some of the examples are a little bizarre. eg 10,000 foxes in London is an example of nature returning? And it's repeating some of the old canards about increasing CO2 levels and temperate region temperatures is leading to greater plant growth. Mostly it feels like trying to say that if we can just put a few more sticking plasters on, we'll be able to mend the broken leg.

So what are we to make of the relentless optimism of the Long Now people? Or the relentless pessimism of the environmental people?
 Jesse Ausubel Seminar Media »
This lecture was presented as part of The Long Now Foundation

[from: Google+ Posts]
January 26, 2015

Kuppinger ColeExecutive View: i-Sprint AccessMatrix Universal Sign-On - 71064 [Technorati links]

January 26, 2015 02:52 PM
In KuppingerCole

i-Sprint Innovations is a vendor of Identity, Credentials and Access Management solutions based in Singapore. Established in 2000, i-Sprint is focusing on providing solutions for financial industry and other high security environments. Since 2011, the company is a wholly owned subsidiary of Automated Systems Holdings Ltd. Backed by Chinese investors, i-Sprint has a significant presence, either directly or through authorized partners, in many countries of Asia-Pacific region, including...
more

MythicsODA X5-2: Just Plain More Everything! [Technorati links]

January 26, 2015 01:54 PM

Every time a major manufacturer announces a new system, we hear the same common messages from marketing.  More CPU, more RAM, faster than…

Julian BondAh, Politics. The sentiment below is of course about Scotland and the SNP. But lots of us feel exactly... [Technorati links]

January 26, 2015 12:42 PM

Ludovic Poitou - ForgeRockHappy New Year 2015! [Technorati links]

January 26, 2015 09:42 AM

 

 

The new year is well engaged, but it’s still time for me to give you my best wishes for 2015…

Happy New Year 2015

May this new year bring you (more) love, happiness, success… And a peaceful journey towards your personal or professional goals !

 


Filed under: General Tagged: 2015, ForgeRock
January 25, 2015

IS4UFIM 2010: SSPR with one-way trust [Technorati links]

January 25, 2015 02:05 PM

Intro

This article describes and documents an SSPR setup between two AD forests with a one-way trust. FIM is deployed in the internal domain is4u.be. Users from the domain dmz.be are being imported and managed by FIM. There is a one-way incoming trust on the dmz.be domain. All prerequisites from the password reset deployment guide are already satisfied.

DMZ connector configuration

SSPR requires that the DMZ connector service account has local logon rights on the FIM synchronization server. If the service account is from the DMZ domain, a two-way trust is required to allow this setting. Since this is not a valid option in this scenario, a service account from the IS4U domain needs to be delegated the proper rights on the DMZ domain. This includes at least the following:
  1. Replicating directory access
  2. Reset password

WMI verification

The configuration as is was tested and worked, but after a week, following the same scenario resulted in the following error:
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
Following up on the error, the event viewer gave following info:
Password Reset Activity could not find Mv record for user
This is a very clear error message indicating a problem with the WMI permissions. Checking up on this resulted in the conclusion that the permissions were set correctly. Lookups for accounts in the IS4U domain worked, but lookups for accounts in the DMZ domain failed.

Finding the PDC

Going back to the event viewer, we were given another clue:
DsGetDCName failed with 1355
A bit of researching learned us that the SetPassword call of SSPR always calls DsGetDCName because SSPR needs to find and target the PDC (domain controller with the PDC emulator role). This call seems to fail. We tried getting more info by running this specific call via nltest nltest /dsgetdc:dmz /netbios, but failed with following message:
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
However, resolving the FQDN using nltest /dsgetdc:dmz.be /netbios succeeded. And, even more strange, retrying to resolve using the netbios name did work! Some googling pointed to caching of certain information, which explained why the netbios lookup works after the FQDN lookup and why the initial configuration worked and then broke a week later.

WINS

NetBIOS recognizes domain controllers by the [1C] service record registration, but we could not find the correct WINS configuration, maybe because of the one-way trust.

Solution

The solution involved changing the advanced IP configuration settings. By adding the is4u.be and be suffixes the DsGetDCName call is enforced to always resolve the FQDN by searching for dmz.be instead of dmz.

References

January 24, 2015

Julian BondSo farewell then, Edgar Froese, [Technorati links]

January 24, 2015 07:30 AM
So farewell then, Edgar Froese,
http://reynoldsretro.blogspot.com/2015/01/interview-with-edgar-froese-rip.html

I used to love your analogue synthesiser noodlings with Tangerine Dream and found them strangely hypnotic. But my Mother-in-law complained that the bleepy repetition gave her a headache.

It's Kosmische, Motherf*cker.
 interview with Edgar Froese (RIP) »
RIP Edgar Froese, who I interviewed eight years ago for this piece on the analogue synth epic genre.  THE FINAL FRONTIER: The Analogue Synth Gods of the 1970s Groove, 2007 by Simon Reynolds Ask people about synthesisers in ...

[from: Google+ Posts]
January 23, 2015

GluuGluu Server… So Fast! [Technorati links]

January 23, 2015 08:53 PM

speedy_gonzalez

One of the questions we get a lot here at Gluu is “How fast is the Gluu Server?” All of the Gluu Server components are horizontally scalable, so the short answer is… “as fast as you want.” Numbers-oriented left-brain engineers feel uncomfortable with this answer.

There is an inherent trade-off between speed and flexibility. If you want the fastest possible person identification, your authentication API needs to be very fast. And probably the fastest authentication API out there is performing an LDAP search or LDAP bind operation (i.e. check password). However, LDAP does not allow for a lot of flexibility in the business logic. For example, you can require a username / password to match, or even another attribute, for example, status=active. But if you want to call your intrusion detection system, LDAP doesn’t enable you to do this.

Fraud detection, asking for a second step out-of-band authentication, or other steps to make the person identification more reliable may delay an authentication. But preventing a breach can make slower performance worth the price–you’re not going to make an API call to an external system without it taking a few milliseconds.

But assuming we’re dealing with a low value person authentication, where throughput is the main concern… how does the Gluu Server do in that situation? Below are some considerations that favor the Gluu Server over monolithic access management platforms.

One of the most important performance advantages for oxAuth is its stateless REST design. Even in a two-step authentication, there is no assumption that the person is redirected to the same oxAuth server. This enables an enterprise to elastically grow the oxAuth authentication service to meet their needs at the moment. The previous generation of access management servers were not stateless, and required “sticky sessions” to be configured in the load balancer. This had serious negative implications for scale.

There is another important design consideration: whether oxAuth is keeping server side sessions. In a really large deployment, server side sessions are bad. If Google had to keep a server side session for every web browser on the Internet logged into Gmail, they’d need a pretty big farm of servers to do it. For super large deployments, the IDP pushes a lot of the work of session management to the browser. However, in smaller enterprise deployments, server side sessions can be handy.

For example, the Gluu Server offers custom logout interception scripts. These allow a Gluu Server admin to write some special code to be performed when a person logs out, like make sure you close that Siteminder session, or make sure the portal session is terminated. Eliminating server sessions has a performance advantage because it reduces the amount of disk I/O at authentication time, and Gluu supports this configuration. But if you do want server side sessions, don’t fret. We use LDAP to to replicate the changes and make them available to all the oxAuth servers in the cluster. And scaling LDAP performance is a pretty well trodden technical problem.

There is a small benefit to the OpenID Connect protocol. As a JSON standard, it is smaller on the wire than XML based protocols. JSON also requires less compute and memory to process.

In large scale deployments, benchmarking is always advisable. If you want to do your own benchmarking, Gluu provides some guidance on how to use JMeter for this purpose. Ultimately, no other organization has the same servers, the same network, the same data profile, and the same security requirements as yours! You’re unique! So remember, seeing is believing. Do your research, and you can get a very good understanding of how to deploy the Gluu Server to achieve any requirement from small to mega-huge!

Performance is really not a competitive differentiator for Gluu. Our softwares performance is about the same as any other IAM platform. But this makes sense because we are using the same java encryption libraries, the same protocols, and the same underlying persistence mechanism. For a few reasons, we think its a little faster, and a little easier to scale. If you’re really concerned about performance for a large deployment, please schedule a meeting with us, and we’d love to discuss some of the factors you should consider.

January 22, 2015

Mike Jones - MicrosoftJWK Thumbprint -01 draft incorporating feedback from Jim Schaad [Technorati links]

January 22, 2015 10:27 PM

IETF logoThe JSON Web Key (JWK) Thumbprint draft has been updated to incorporate feedback received from Jim Schaad, including defining the JWK Thumbprint computation in a manner that allows different hash functions to be used over time. The specification is available at:

An HTML formatted version is also available at:

OpenID.netRegistration is Now Open for the OIDF Workshop on April 6, 2015 [Technorati links]

January 22, 2015 07:37 PM

Registration is now open for the OpenID Foundation Workshop on April 6 (the Monday before IIW) from 12:00 – 5:00 PM at Aol offices in Palo Alto, CA.

This OpenID Foundation Workshop will provide early insight and influence on important new online identity standards like OpenID Connect. We will provide a hands-on tutorial on the OpenID Connect Self Certification Test Suite led by its developer Roland Hedberg. We’ll review progress on the Mobile Profile of OpenID Connect as well as other protocols in the pipeline like HEART, Account Chooser and Native Applications. Leading technologists from Forgerock, Microsoft, Google, Ping Identity and others will update developments with these key protocols, review work group progress and discuss how they help meet enterprise business challenges. Thanks to OpenID Foundation Board Member George Fletcher and teamAol for hosting.

Planned Agenda:

Don Thibeau

Kuppinger ColeAdvisory Note: Software Defined Infrastructures - 71111 [Technorati links]

January 22, 2015 08:57 AM
In KuppingerCole

Enabling development speed and agility also brings heightened risk to the business. Risks can be greatly reduced by applying appropriate controls, and business benefits increased by leveraging SDI. 


more
January 21, 2015

Kuppinger ColeMinimal disclosure becoming reality [Technorati links]

January 21, 2015 10:35 AM
In Martin Kuppinger

This week, the EU-funded project ABC4Trust, led by Prof. Dr. Kai Rannenberg, Goethe University Frankfurt, announced that they successfully implemented two pilot projects. The target of the project has been what Kim Cameron in his Seven Laws of Identity has defined as law #2, “Minimal disclosure for a constrained use”. It also observes law #1, “User control and consent”.

Using Microsoft’s U-Prove technology and IBM’s Idemix technology, the project enables pseudonymity of users based on what they call ABC: Attribute-based credentials. Instead of expecting a broad range of information about users, ABC4Trust focuses on the minimum information required for a specific use case, e.g. the information that someone successfully passed some exams instead of his full name and other personal information or just the fact that someone is above 18 years of age, instead of his full date of birth.

This aligns well with the upcoming UMA standard, a new standard, which is close to finalization. I will publish a post on UMA soon.

So there are working solutions enabling privacy while still confirming the minimum information necessary for a transaction. The biggest question obviously is: Will they succeed? I see strong potential for UMA, however the use cases in reality might be different from the ones being focused on in the development of UMA. I am somewhat skeptical regarding ABC4Trust, unless regulations mandate such solutions. Too many companies are trying to build their business on collecting personal data. ABC4Trust stands in stark contrast to their business models.

Thus, it will need more than academic showcases to verify the real-world potential of these technologies. However, such use cases exist. The concept of Life Management Platforms and more advanced approaches to Personal Data Stores will massively benefit from such technologies – and from standards such as UMA. Both help leveraging new business models that build on enforcing privacy.

Furthermore, ABC4trust shows that privacy and pseudonymity can be achieved. This might be an important argument for future privacy regulations – that privacy is not just theoretical, but can be achieved in reality.

Julian BondAnother good reason to avoid Nuclear power. It's centralised, needs centralised control and centralised... [Technorati links]

January 21, 2015 08:48 AM
Another good reason to avoid Nuclear power. It's centralised, needs centralised control and centralised military protection.

http://www.bloomberg.com/news/2015-01-20/paris-terror-spurs-plan-for-military-zones-around-nuclear-plants.html 
 Paris Terror Spurs Plan for Military Zones Around Nuclear Plants »
Lawmakers in France want to create military zones around its 58 atomic reactors to boost security after this month’s Paris terror attacks and almost two dozen mystery drone flights over nuclear plants that have baffled authorities.

[from: Google+ Posts]

WAYF NewsNordic federations met at Trondheim [Technorati links]

January 21, 2015 08:43 AM

January 13-14, WAYF met in Trondheim, Norway with her Nordic sister organisations, to discuss operation and development of identity federations. FEIDE, Norway's federation, hosted the meeting, and Sweden was represented by SWAMID.

WAYF NewsNordic federations met at Trondheim [Technorati links]

January 21, 2015 08:43 AM

January 13-14, WAYF met in Trondheim, Norway with her Nordic sister organisations, to discuss operation and development of identity federations. FEDIE, Norway's federation, hosted the meeting, and Sweden was represented by SWAMID.

Kuppinger ColeAdvisory Note: Your Business is Moving to the Cloud - 71156 [Technorati links]

January 21, 2015 08:25 AM
In KuppingerCole

Take a pro-active rather that re-active approach to the adoption of Cloud services. Plan your move to the Cloud taking a strategic view of your requirements, processes and deployment options. Make the Cloud perform for you - not the other way around.

The question posed in the title of this Advisory Note is rhetorical. The move to the Cloud is inevitable and to be embraced, not only for the benefits touted by Cloud Service Providers, but as an opportunity to make significant changes...
more

January 20, 2015

Kuppinger ColeMastering the Digitalization of Business: Digital Identities and the Cloud [Technorati links]

January 20, 2015 11:00 AM
In KuppingerCole Podcasts

How to make use of cloud services and digital identities of employees, partners, customer and things to leverage your business to the next level

It is the combination of identity services, mobility support, and cloud services that allows organizations not only digitalizing their business, but keeping it secure anyway. It is about enabling business agility while not ending up with unprecedented risks. Combining business innovation with IT innovation, particularly around identities and the cloud, is the foundation for successfully mastering the digital revolution.





Watch online
January 19, 2015

Kuppinger ColeExecutive View: BalaBit Shell Control Box - 71123 [Technorati links]

January 19, 2015 04:58 PM
In KuppingerCole

BalaBit IT Security wurde im Jahr 2000 in Ungarn gegründet. Ihr erstes Produkt war eine Application Layer Firewall Suite mit der Bezeichnung Zorp. Seitdem hat BalaBit sich zu einer internationalen Holding mit Sitz in Luxemburg entwickelt und verfügt über Vertriebsstellen in mehreren Ländern Europas, den Vereinigten Staaten und Russland sowie über ein großes Partner-Netzwerk. Das Unternehmen genießt breite Anerkennung in der Open-Source-Community, da sie...
more

Julian BondThink Bigger! [Technorati links]

January 19, 2015 12:36 PM
Think Bigger!

in <134> "It seems to me that the Chinese are the ones who still get it about legitimating a government with concerted, focussed efforts of mega-engineering."

To add further substance to that point, here's two recent articles on Chinese megaprojects:

108 Chinese Infrastructure Projects That Are Reshaping The World
http://www.businessinsider.com/108-giant-chinese-infrastructure-projects-that-are-reshaping-the-world-2011-12?op=1

In China, Projects to Make Great Wall Feel Small
http://www.nytimes.com/2015/01/13/business/international/in-china-projects-to-make-great-wall-feel-small-.html?_r=0

via http://www.well.com/conf/inkwell.vue/topics/478/Bruce-Sterling-Cory-Doctorow-Jon-page06.html#post150
 108 Giant Chinese Infrastructure Projects That Are Reshaping The World »
They do big things.

[from: Google+ Posts]
January 18, 2015

Drummond Reed - CordanceFounderDating Breaks the First Rule of Trust—I Will Never Use This Site [Technorati links]

January 18, 2015 10:15 PM

True story: two weeks ago I received an email an entrepreneur I know and respect (who will remain unnamed). It read as follows:

Hi Drummond,

I’ve just joined FounderDating (no, it’s NOT romantic) – a handpicked network of entrepreneurs connecting with advisors and other talented entrepreneurs. Can you do me a quick favor by leaving a quick vouch (aka reference) for me as an advisor? Should take 2 minutes.
http://members.founderdating.com/advisor/vouch/63582/

(To prove that you’re the real Drummond, you will be asked to use LinkedIn.)

Unlike with some systems, this will help me make much more meaningful connections with potential advisees.

Thank you,
[Name Withheld]

Knowing that this entrepreneur was a very discriminating person who chose his words carefully, I considered this a pretty ringing endorsement of this new site. So I went out of my way to provide a vouch for him.

The site subsequently contacted me with the following email with the subject line, “VIP Invite”:

Hi Drummond:

We noticed your background and wanted to invite you to be a part of a select group of current FounderDating members that are Advisors on FD:Advisors. It’s an expansion of the FounderDating platform that allows entrepreneurs and advisors to meaningfully connect. Others members on FD:Advisors include, Aaron Batalion (CTO/Cofounder, LivingSocial), Josh Handy (Lead Designer, Method Products), Katherine Woo (Chief Product Officer, Kiva) and Sean Byrnes (Cofounder, Flurry), just to name a few.

It’s an opportunity to showcase your expertise, help awesome entrepreneurs and streamline the advisor requests you already get even if you’re not open to others. There is no upfront time commitment. Just click on the button below and fill in your areas of expertise (the ones you want to advise on). We curate the network, but with this invite you are pre-approved.

START ADVISING

Hope to see you online,

Jessica

Cofounder/CEO, FounderDating

Again, given the enthusiasm of the original note I received from the original entrepreneur—and that I am a student of Internet reputation systems given my work on the Respect Trust Framework and Connect.Me—I decided to go ahead and take the plunge. I filled out a few forms, selected a few interest areas, and then did the obligatory selection of a few people would who might vouch for me—chosen from a list of my LinkedIn contacts, of course.

FounderDating never asked me to write or customize a message to them. But this morning, one of them forwarded the email he received (again, I’m redacting his name to protect the innocent):

Hi [Name-Withheld],

I’ve just joined FounderDating (no, it’s NOT romantic) – a handpicked network of entrepreneurs connecting with advisors and other talented entrepreneurs. Can you do me a quick favor by leaving a quick vouch (aka reference) for me as an advisor? Should take 2 minutes.

http://members.founderdating.com/advisor/vouch/63582/

(To prove that you’re the real [Name-Withheld], you will be asked to use LinkedIn.)

Unlike with some systems, this will help me make much more meaningful connections with potential advisees.

Thank you,
Drummond

Ah-ha. I immediately realized that the email I first received was NOT written by the entrepreneur who I thought composed it, but rather forged on his behalf, just like this one was forged on my behalf.

Poof. There went all the trust I will ever have in FounderDating.com. I strongly urge that you do no patronize this site. I will not respond to any email or any vouch request from them again.

P.S. When I went to the site to delete my account (for which they had never given me a credential), I clicked the sign-in button and got this error message:

{“connections”:1}

 

 

 

 

 


Julian BondA review of King Crimson live. In 2015! It makes me pleased that one of the greatest bands of the 20th... [Technorati links]

January 18, 2015 08:55 AM
A review of King Crimson live. In 2015! It makes me pleased that one of the greatest bands of the 20th century is still producing great performances. http://thequietus.com/articles/17026-king-crimson-live-at-the-orpheum-review

And then this in the comments:- For my own part, I think the really interesting part of this equation is the fact that there's clearly a compelling demand from music fans of all stripes for nostalgia as mainstream entertainment. Why do we seem to have developed a morbid inability to just let go of the past? It's like we're participating in the collective recital of a Really Important Dream, lest its details slip away...

"The collective recital of an important dream, lest its details slip away" This. I've recently been listening to FourTet/Floating points 6hr set and then dipping into Caribou's 1000 track playlist. And in both I was struck by their reverence for the late 60s and early 70s mainly in the form of barely remembered soul and funk. Do we have to keep deliberately remembering this to avoid forgetting it? Or is this turning into some tribal memory kept alive by the elders repeating it to each new generation.

btw. Go and listen to "Starless" and "One more red nightmare" again off King Crimson's album Red. And turn it all the way up to 11. Fair makes the hair stand up on the back of the neck. But this is the one that gets me every time. The Letters from the album Islands.
https://www.youtube.com/watch?v=b2dPNF2Jt24
 The Quietus | Reviews | King Crimson »

[from: Google+ Posts]
January 17, 2015

Kevin MarksWe Like IndieWeb Software [Technorati links]

January 17, 2015 11:48 PM

a response to Anil Dash's I Like Blogging Software

Recently on Twitter Anil Dash and I had a bit of a back and forth:

Hi, it's been two years, will somebody go build this set of tools and go make millions of dollars please? http://t.co/jLX0Dp5DxI

— Anil Dash Dot Com (@anildash) January 14, 2015

@anildash all that's been shipped as #indieweb tools, except we use html instead of json because web. Try it.

— Kevin Marks (@kevinmarks) January 14, 2015
(told for tools there is an autocorrect failure)

@kevinmarks I want products, not toolkits. Cobbling stuff together is too time-consuming & this stuff isn't all in one place.

— Anil Dash Dot Com (@anildash) January 14, 2015

@anildash then use @withknown and send feature requests. Build tools, not specs.

— Kevin Marks (@kevinmarks) January 14, 2015
Marco Rogers chided me for being short with Anil:

@kevinmarks @anildash these are feature requests. From a potential customer. Listening is a good strategy. Berating, less so.

— Marco Rogers (@polotek) January 14, 2015
This is a fair point, and so here is a post going into more detail.

The quoted parts are from Anil's blog post - I'll respond inline:

So, my contribution is to collect some of the notes I've been gathering for the last few years about what I'd like to see in a blogging tool. I know there are apps with many, perhaps even all, of these features, but I'd like to see one emerge as a leading platform for doing innovative work.

(emphasis added)

Here Anil is explicitly calling out for a monoculture, rather than a set of interoperable tools and protocols. As Anil mentions, he used to work at Six Apart, which built several blogging tools in that way, each hoping to be the one. Indeed seeing the success of silos, their monolithic nature can be seen as contributing to this; their widespread adoption coming from focusing on innovating and improving user experience rather than interoperability with others.

With indieweb we are trying a different approach by working through our own wishlists, reusing common components, and making sure we interoperate along the way. This gives us a composable set of tools that do plug together - the toolkit Anil both is and isn't asking for.

My blogging features wishlist:

There are lots of indieweb tools that work in this kind of way; but Anil is very focused on the specifics of formats. Markdown is one popular way of writing text for posts; indeed many indieweb tools support it. JSON is handy as an interchange format between programming languages, but as Anil says, having a documented common format is useful. What we realised working on indieweb is thet we already have a lingua franca for webpages and blogs, and that is HTML. Ultimately all sites publish in this format, so using that and adjusting it minimally to make interop easier is the approach we took.

Our documented format is Microformats 2, which for blog posts involves h-entry and h-feed as common structure, with additional microformats to label other reusable features. Generating HTML from Markdown is relatively straightforward, if not always deterministic, as that was its design goal. Generating JSON from HTML formatted with microformats 2 is also straightforward and more deterministic.

Storing source files in various cloud services is practical and indeed done by many indieweb tools, but requiring a specific cloud service's file system is less flexible and general than using HTML on the web itself, so that's what we do.

This is a lot of fragility - the default Blogger template switched to a JSON model like this and consequently fails to render a lot of the time. Twitter too used an all-JSON web app for a while, before reverting to HTML+json enhancements. The fragility comes from JSON being much less resilient to encoding or writing errors than HTML - HTML5 specifies how to consistently handle even invalid or poorly marked-up HTML pages, whereas with JSON you will get a parse error and lose the whole page, just like XML. By using HTML instead for your format, the page can be read on every platform by default. Now, behind the scenes JSON can be useful - indeed Known uses a JSON store for its posts database, but exposing this publicly will likely lead to incompatibility over time.

We are beginning to see indieweb reader apps that work by parsing the h-feed and h-entry markup published, and give the remixability that Anil mentions, but they are an augmentation to the basic page, not a required path along the way.

On the indieweb, this is handled by two protocols: Micropub and IndieAuth.

IndieAuth lets you prove that you are the owner of the site by logging in, so you can get editing privileges or other enhanced versions.

Micropub is a simple protocol, based on HTML forms, to let you edit and publish posts and notes. By using these two it is possible to have multiple different tools to create and edit posts, independent of the mechanics of their storage, as they also use HTML for interchange.

For comments we use the same documented HTML format, but add the idea of a webmention. This is a simple protocol that enables you to send a link to your post or comment that responds to (mentions) another post. The webmention receiver can parse this, check it does indeed link to it, and interpret it as a comment, a reply, a repost, a like or an RSVP depending on the microformats markup used.

Exactly! Webmention does this, but with verification and context, which means that it can be used for reposting, but also for threaded comments, per-paragraph annotations and other things we haven't thought of yet.

By using HTML as the source interchange format, styling can be done by CSS directly; also it is relatively easy to process and parse HTML and inject it into a site - see the webmentions on my website that are added by an indieweb service.

The webpage itself is the HTML representation of the content; you get the json version by parsing that, using existing parsers - for example:

A posting app can look for the micropub endpoint in the page and the indieauth endpoint and work with that, as tools like Quill, ownyourgram and Postly do now.

I think that's it for now. Let me know if somebody's got all these boxes checked on their platform today, but I suspect the hardest part is the client app for readers, which works in a way analogous to an RSS reader or email client, but would have to support a new format and would be optimized for clean reading and subsequent discovery, rather than the three-pane model which has dominated those apps for the last decade or two.

Anil's assumption that the reader app is harder is shrewd, though it has also been less necessary as the browser enables reading of pages in any case. Indieweb readers are being built now with varying UI based on these underlying protocols, so we should have all the pieces soon.

The closest thing to a single platform that supports this is Known, an open source indieweb-friendly blogging tool that can be installed on your own site or hosted by Known for you.

There's even a Pro version of Known if you want to help make Anil's prediction come true.

If these indieweb ideas sound interesting, come along to the next Homebrew Website Club, or join us in IRC.

Originally on my own website
also on IndieNews

January 16, 2015

Mike Jones - MicrosoftThe JWT, JOSE, and OAuth Assertions drafts have all been sent to the RFC Editor [Technorati links]

January 16, 2015 08:53 PM

IETF logoAll of these 9 drafts have now been approved and sent to the RFC Editor:

  1. draft-ietf-jose-json-web-signature
  2. draft-ietf-jose-json-web-encryption
  3. draft-ietf-jose-json-web-key
  4. draft-ietf-jose-json-web-algorithms
  5. draft-ietf-oauth-json-web-token
  6. draft-ietf-jose-cookbook
  7. draft-ietf-oauth-assertions
  8. draft-ietf-oauth-saml2-bearer
  9. draft-ietf-oauth-jwt-bearer

That means that their content is now completely stable and they’ll soon become Internet standards – RFCs. Thanks for all of your contributions in creating, reviewing, and most importantly, using these specifications. Special thanks go to the other spec editors Nat Sakimura, John Bradley, Joe Hildebrand, Brian Campbell, Chuck Mortimore, Matt Miller, and Yaron Goland.

MythicsPractical Oracle WebCenter Content UI [Technorati links]

January 16, 2015 06:33 PM

This article focuses on practical aspects of Oracle's new WebCenter Content User Interface, frequently referred as Content UI (aka ADF UI and Web…

Mike Jones - MicrosoftFinal pre-RFC JOSE drafts [Technorati links]

January 16, 2015 06:09 PM

IETF logoNew versions of the JSON Web Signature (JWS) and JSON Web Key (JWK) drafts have been submitted that address a few more IESG comments that were identified by our area director Kathleen Moriarty during her final review of the documents. Thanks to Richard Barnes for working on wording to address his comment on security considerations for binding attributes to JWKs. See the Document History sections for descriptions of the edits, none of which resulted in data structure changes.

The plan is for these documents to be forwarded to the RFC editor. The other related documents have already been approved.

The specifications are available at:

HTML formatted versions are available at:

CourionLeadership, and a Commitment to Your Success [Technorati links]

January 16, 2015 05:23 PM

Access Risk Management Blog | Courion

Gartner, a leading information technology research and advisory firm, issued the 2015 Gartner Magic Quadrant for Identity Governance and Administration (IGA) on January 12th.

Courion was recognized as a leader by Gartner for a remarkable 10th time.

Perhaps that recognition has something to do with the fact that the Access Assurance Suite™ performs superbly across a wide range of use case scenarios. Or maybe it has something to do with the fact that organizations that use Courion solutions are highly satisfied and give our support high marks, or that our customers would recommend the Access Assurance Suite to others.

Regardless of the factors that played a role in the analyst alchemy that resulted in Courion being recognized as a leader this year, and a total of 10 times since 2007, we are grateful.

It is external affirmation of our commitment to excellence in provisioning, governance and identity analytics solutions that have made our customers successful. And we can help you be successful, too.

blog.courion.com

Kuppinger ColeHow CSPs could and should help their EU customers in adopting the Cloud [Technorati links]

January 16, 2015 10:29 AM
In Martin Kuppinger

Many customers, especially in the EU (European Union) and particularly in Germany and some other countries, are reluctant regarding cloud adoption. There are other regions with comparable situations, such as the Middle East or some countries in the APAC region. Particularly public cloud solutions provided by US companies are seen skeptical.

While the legal aspect is not simple, as my colleague Karsten Kinast recently has pointed out, it can be solved. Microsoft, for instance, has contracts that take the specifics of EU data protection regulations into account and provide solutions. Microsoft provides information on this publicly on its website, such as here. This at least minimizes the grey area, even while some challenges, such as pending US court decisions, remain.

There are other challenges such as the traceability of where workloads and data are placed. Again, there are potential solutions for that, as my colleague Mike Small recently explained in his blog.

This raises a question: Why do CSPs struggle with the reluctance of many EU (and other) customers in adopting cloud services, instead of addressing the major challenges?

What the CSPs must do:

There is some technical work to do. There is more work to do on the legal side. And yes, that will cost a CSP money. Their lawyers might even say they will give up some advantages. However, if your advantage is based on a potential disruptiveness to the customer’s business or slow adoption of the cloud services by customers, then the disadvantages might by far outweigh the advantages.

Thus, the recommendation to CSPs is simple: Make this a business decision, not a lawyer decision. Unilateral, not to say unfair, agreements are a business inhibitor. That is a lesson some of the company lawyers of US CSPs still need to learn.

Kuppinger ColeAdvisory Note: Redefining Access Governance - 71185 [Technorati links]

January 16, 2015 10:21 AM
In KuppingerCole

Improve your level of compliance, gain up-to-date insight and reduce recertification workload. Add business risk scoring to your Access Governance Architecture, focus attention on high-risk access and extend your existing infrastructure to provide real-time access risk information. Re-think your existing Access Governance processes and understand upcoming IAM challenges and their impact on your infrastructure. 


more

Kuppinger Cole10.03.2015: Access Management and Federation for the Agile, Connected Enterprise [Technorati links]

January 16, 2015 09:32 AM
In KuppingerCole

Two things are for sure in IT today: The cloud is here to stay. And on-premise IT at least in medium-sized and large organizations will not disappear quickly. IT environments are increasingly becoming hybrid. This requires well thought-out solutions for connecting the on-premise and the Cloud environments. Furthermore, allowing access of mobile users, supporting cloud-based directories for consumers and business partners, or integrating with apps and things imposes new challenges.
more

OpenID.net2015 Election for the OpenID Foundation Individual Board Representatives [Technorati links]

January 16, 2015 01:00 AM

The OpenID Foundation plays an important role in the evolution of Internet identity technologies. The OpenID Foundation Individual community board member election 2015 is now underway. Those elected will help determine the role OIDF will play in facilitating faster and broader adoption of open identity standards and profiles such as OpenID Connect, Account Chooser, the Mobile Profile for OpenID Connect, Native Applications, and Health Relationship Trust (HEART). Per the bylaws approved by the OpenID Foundation (OIDF) board on May 8, 2013, Individual community Members will elect three (3) board member to represent them.

Currently, we have four Individual community board members whose terms are expiring (2014 was a ‘transition’ year): Nat Sakimura, Mike Jones, John Bradley, and George Fletcher. I want to thank them for their service to the OIDF. They are eligible to seek re-election, if they so choose.

The Individual community board member election is being conducted on the following schedule:

• Nominations opened: Monday, January 5, 2015
• Nominations close: Monday, January 19, 2015
• Election begins: Wednesday, January 21, 2015
• Election ends: Wednesday, February 4, 2015
• Results announced by: Wednesday, February 11, 2015
• New board terms start: Wednesday, February 25, 2015

Times for all dates are Noon, U.S. Pacific Time.

All members of the OpenID Foundation are eligible to nominate themselves, second the nominations of others who self-nominated, and vote for candidates. If you’re not already a member of the OpenID Foundation, we encourage you to join now at https://openid.net/foundation/members/registration.

Voting and nominations are conducted using the OpenID you registered when you joined the Foundation. If you are already a member, you have received an email from director@oidf.org advising you that the election is open and how to participate. Please log in with your OpenID membership credentials at https://openid.net/foundation/members/ to participate in the nomination and voting. If you experience problems participating in the election or joining the foundation, please send an email to help@oidf.org right away.

Board participation requires a substantial ongoing investment of time and energy. It is a volunteer effort that should not be undertaken lightly. Should you be elected, expect to be called upon to serve both on the board and on its committees where the work of the foundation is conducted. If you’re committed to OpenID and advancing open digital identity and are a person who works well with others, we encourage your candidacy. The OIDF’s Executive Committee has suggested a few questions candidates may want to publically address in their candidate statements:
1.What are the key opportunities you see for the OpenID Foundation in 2015?
2. How will you demonstrate your commitment to the work of the foundation in terms of resources, focus and leadership?
3. What would you like to see accomplished over the next year, and how do you personally plan to make these things happen?
4. What resources can you bring to the foundation to help the foundation attain its goals?
5. What current or past experiences, skills, or interests will inform your contributions and views?

Candidates can address these questions in their election statements on various community mailing lists, especially openid-general@lists.openid.net. Please forward questions, comments and suggestions to me at don@oidf.org.

Regards,

Don Thibeau

January 15, 2015

Vittorio Bertocci - MicrosoftADAL 2.X Servicing Release Introduces Support for Windows Phone 8.1 Silverlight Apps [Technorati links]

January 15, 2015 08:14 PM

If you head to the NuGet gallery you’ll find that we just released an update to our ADAL .NET package.

This servicing update (we go from v2.13.112191810 to v2.14.201151115) fixes various bugs. The one you’re most likely to have stumbled upon is one issue with Windows Store apps publication – which is solved in the release.

This release also introduces a new feature: the ability to use ADAL in Windows Phone 8.1 Silverlight applications. Until now, ADAL only worked with Windows Phone 8.1 Store applications.

SL apps support was a feature you have been very vocal about: for example, see the twitter exchange I had with Ginny back in June.

image

In the last few months we heard more and more of that feedback – from internal and external customers. Although there are ways of getting tokens from those kind of apps (the code delta is non zero but pretty small, it’s more of a matter of creating an assembly for it rather than a winmd), we found ourselves spending cycles to help people understand their options – and we realized that it would have been more efficient for everybody if we would simply bite the bullet and include Windows Phone  8.1 Silverlight apps as a new target platform in our official NuGet. So, that’s exactly what we did Smile and given that the programming surface did not change, we were able to do this in a servicing release.

Using ADAL in a Windows Phone 8.1 Silverlight app

Using ADAL in a winphone 8.1 SL app is not very different from doing so in a winphone Windows Store one, which is why we are not releasing a new sample for it at this time. If you think you need one please let us know, though!

The main difference lies in the way in which SL apps deal with the continuation model (behind the scenes we use the WebAuthenticationBroker, which is why this only works with 8.1 and we still need to handle continuation).
The application events cycle is slightly different, which influences where you need to inject the continuation handling code.

Here there’s a quick walkthrough to show how to see ADAL in action in your Windows Phone 8.1 SL app.

Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory -Version 2.14.201151115

using System;
using System.Windows;
using System.Windows.Navigation;
using Microsoft.Phone.Controls;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Windows.ApplicationModel.Activation;

namespace WPSL_App1
{
    public partial class MainPage : PhoneApplicationPage, IWebAuthenticationContinuable
    {
        AuthenticationContext ac = null;
        // Constructor
        public MainPage()
        {
            InitializeComponent();            
        }

        protected override async void OnNavigatedTo(NavigationEventArgs e)
        {
            base.OnNavigatedTo(e);
            ac = await AuthenticationContext.CreateAsync("https://login.windows.net/common");        
        }

        private async void btnCallGraph_Click(object sender, RoutedEventArgs e)
        {
            AuthenticationResult result =
                 await ac.AcquireTokenSilentAsync("https://graph.windows.net",
                                                  "e11a0451-ac9d-4c89-afd8-d2fa3322ef68");
            if (result != null && result.Status == AuthenticationStatus.Success)
            {
                ShowGreeting(result);
            }
            else
            {
                ac.AcquireTokenAndContinue("https://graph.windows.net",
                                           "e11a0451-ac9d-4c89-afd8-d2fa3322ef68",
                                           new Uri("http://li"), ShowGreeting);
            } 
        }
        public async void ShowGreeting(AuthenticationResult ar)
        {            
            MessageBox.Show("hello, Mr/Ms " + ar.UserInfo.FamilyName);            
        }
        public async void ContinueWebAuthentication(WebAuthenticationBrokerContinuationEventArgs args)
        {
            await ac.ContinueAcquireTokenAsync(args);
        } 
    }
}

 

Same old, same old. Quick comments:

The slightly different part is in App.xaml.cs. Here there are the relevant parts:

namespace WPSL_App1
{
    interface IWebAuthenticationContinuable
    {
        /// <summary>
        /// This method is invoked when the web authentication broker returns
        /// with the authentication result
        /// </summary>
        /// <param name="args">Activated event args object that contains returned authentication token</param>
        void ContinueWebAuthentication(WebAuthenticationBrokerContinuationEventArgs args);
    }
    public partial class App : Application
    {
        /// ... stuff ...
        private void Application_ContractActivated(object sender, Windows.ApplicationModel.Activation.IActivatedEventArgs e)
        {
            var webAuthenticationBrokerContinuationEventArgs = e as WebAuthenticationBrokerContinuationEventArgs;
            if (webAuthenticationBrokerContinuationEventArgs != null)
            {
                var wabPage = RootFrame.Content as IWebAuthenticationContinuable;
                if (wabPage != null)
                {
                    wabPage.ContinueWebAuthentication(webAuthenticationBrokerContinuationEventArgs);
                }
            }
        }
    /// ... more stuff

 

That’s really all you need! Let’s give it a spin: hit F5.

image

Click on the big button. You’ll see the familiar sign in experience from AAD.

image

Sign in.

image

You’ll get the usual consent page. Accept, and…

image

…voila’! I securely accessed my previous corporate data from my Windows Phone 8.1 Silverlight app, with just few lines of code.

Giving Feedback Works!!!

As this new feature demonstrates, we do try to listen and act on your feedback to the best of our abilities. Silverlight support was not in the cards, but your relentless requests helped us to better understand the impact of not supporting it.

I hope this will inspire to be vocal about our libraries and services, because well… it works! Smile
In fact, if you want to be even more directly involved, I’ll take this opportunity to remind you that ADAL is open source and with it all of our libraries. Feel free to file issues, give us feedback and contribute… we *love* it when you do.

Happy coding!

Kuppinger ColeWhere is my Workload? [Technorati links]

January 15, 2015 02:46 PM
In Mike Small

One of the major challenges that faces organizations using a cloud or hosting service is to know where their data is held and processed. This may be to ensure that they remain in compliance with laws and regulations or simply because they have a mistrust of certain geo-political regions. The location of this data may be defined in the contract with the CSP (Cloud Service Provider) but how can the organization using the service be sure that the contract is being met? This question has led to many organizations being reluctant to use cloud.

Using the cloud is not the only reason for this concern – my colleague Martin Kuppinger has previously blogged on this subject. Once information is outside of the system it is out of control and potentially lost somewhere in an information heaven or hell.

One approach to this problem is to encrypt the data so that if it moves outside of your control it is protected against unauthorized access. This can be straightforward encryption for structured application data or structured encryption using private and public keys as in some RMS systems for unstructured data like documents. However, as soon as the data is decrypted the risk re-merges. One approach to this could be to make use of ”sticky access policies”.

However while these approaches may protect against leakage they don’t let you ensure that your data is being processed in a trusted environment. What is needed is a way to enable you to control where your workload is being run in a secure and trusted way. This control needs to be achieved in a way that doesn’t add extra security concerns – for example allowing you to control where your data is must not allow an attacker to find your data more easily,

Two years ago NIST published a draft report IR 7904 Trusted Geolocation in the Cloud: Proof of Concept Implementation. The report describes the challenges that this poses and sets out a proposed approach that meets these challenges and which could be implemented as a proof of concept.   The US based cloud service provider Virtustream recently announced that its service now supports this capability. They state “This capability allows our customers to specify what data centre locations that their data can be hosted at and what data centres cannot host their data. This is programmatically managed with our xStream cloud orchestration application.”

The NIST document describes three stages that are needed in the implementation of this approach:

  1. Platform Attestation and Safer Hypervisor Launch. This ensures that the cloud workloads are run on trusted server platforms. To achieve this you need to:
    1. Configure a cloud server platform as being trusted.
    2. Before each hypervisor launch, verify (measure) the trustworthiness of the cloud server platform.
    3. During hypervisor execution, periodically audit the trustworthiness of the cloud server platform.
  2. Trust-Based Homogeneous Secure Migration. This stage allows cloud workloads to be migrated among homogeneous trusted server platforms within a cloud.
    1. Deploy workloads only to cloud servers with trusted platforms.
    2. Migrate workloads on trusted platforms to homogeneous cloud servers on trusted platforms; prohibit migration of workloads between trusted and untrusted servers
  3. Trust-Based and Geolocation-Based Homogeneous Secure Migration. This stage allows cloud workloads to be migrated among homogeneous trusted server platforms within a cloud, taking into consideration geolocation restrictions.
    1. Have trusted geolocation information for each trusted platform instance
    2. Provide configuration management and policy enforcement mechanisms for trusted platforms that include enforcement of geolocation restrictions.
    3. During hypervisor execution, periodically audit the geolocation of the cloud server platform against geolocation policy restrictions.

This is an interesting initiative by Virtustream and, since it is implemented through their xStream software which is used by other CSPs, it is to be hoped that this kind of functionality will be more widely offered. When using a cloud service a cloud customer has to trust the CSP. KuppingerCole’s advice is trust but verify.  This approach has the potential to allow verification by the customer.

January 14, 2015

Radovan Semančík - nLight2015 [Technorati links]

January 14, 2015 11:47 AM

In 2010 we were happy when the project compiled.

In 2011 we were happy when most tests passed.

In 2012 we were happy when all tests passed.

In 2013 we were happy when we had a stable deployment.

In 2014 we were happy when our software surpassed most competing products.

... really I wonder what 2015 brings ...

(I'm talking about midPoint, of course)

Julian BondRe-visiting a theme that is much on my mind, this January. [Technorati links]

January 14, 2015 11:45 AM
Re-visiting a theme that is much on my mind, this January.
Here's William Gibson paraphrased:- In the 20th century, everyone spoke with reverence of the 21st, while here, deep into the 21st, the 22nd century never gets a look-in.

Where's the SciFi being produced now that describes short to medium term futures? Like say, 50-100 years hence. Because 2100 is only 85 years away or one (reasonably lucky) lifetime for somebody born today. It seems like there's a gap in the middle. Between 5 minutes in the future SciFi which is really about now and ages quickly getting overtaken by events. And far future space opera, which requires an alternate physics to make it work. The middle ground is about both imagining realistic futures but also creating narratives that help to explain where we're going. I'm convinced we need this to counter the endless dystopianism. How are we going to fix pervasive economic injustice, catastrophic climate change, rampant sexism (manifest by white guys holding forth etc.), media conglomeration, network interference, terrorism, etc.? Just describing all that is not enough. We need people to imagine some solutions. 

Bruce Sterling's call to arms. Write more about the 22nd Century #22C
http://www.well.com/conf/inkwell.vue/topics/478/Bruce-Sterling-Cory-Doctorow-Jon-page01.html#post8

Neal Stephenson's Call to arms. We need more optimistic SciFi to counter the dystopianism.
http://hieroglyph.asu.edu/book/hieroglyph/

Kevin Kelly's Call to arms. A request for 100-word descriptions of a plausible technological future in 100 years that he would like to live in.
https://medium.com/message/a-desirable-future-haiku-ff01d63c93c6

Stewart Brand's call to arms. Try and imagine a 10,000 year future for mankind.
http://longnow.org/

Jem Finer's call to arms. A 1000 year long song to listen to while it plays out. Longplayer has now been playing for 15 years 013 days 20 hours 16 minutes and 27 seconds (as I write).?
http://longplayer.org/

Meanwhile this is just so last century. King Crimson - 21st Century Schizoid Man (BBC Sessions - 1969)
https://www.youtube.com/watch?v=y4eRpwRJgzk
http://www.lyricsfreak.com/k/king+crimson/21st+century+schizoid+man_20078587.html
Fripp & Sinfield (& the others) were talking about You, Now.

And here's a shallow look at how 2015 was perceived by historical SciFi
http://motherboard.vice.com/read/how-the-year-2015-is-depicted-in-science-fiction
 The WELL: Bruce Sterling, Cory Doctorow & Jon Lebkowsky: State Of The World 2015 »
The WELL: Bruce Sterling, Cory Doctorow & Jon Lebkowsky: State Of The World 2015

[from: Google+ Posts]

Mike Jones - MicrosoftJOSE -40 drafts intended for the RFC Editor [Technorati links]

January 14, 2015 01:58 AM

IETF logoThe document shepherd Karen O’Donoghue and I completed a review of all the IESG comments in the IETF data tracker today in preparation for the drafts going to the RFC Editor. This set of drafts addresses all the remaining comments that we thought should be dealt with in the final documents. The only changes were:

Unless additional issues are identified soon, these should be the drafts that go to the RFC Editor.

The specifications are available at:

HTML formatted versions are available at:

January 13, 2015

Kuppinger ColeKuppingerCole Analysts' View on Compliance Risks for Multinationals [Technorati links]

January 13, 2015 10:59 PM
In KuppingerCole

Whether public, private or hybrid clouds, whether SaaS, IaaS or PaaS: All these cloud computing approaches are differing in particular with respect to the question, whether the processing sites/parties can be determined or not, and whether the user has influence on the geographical, qualitative and infrastructural conditions of the services provided.

Therefore, it is difficult to meet all compliance requirements, particularly within the fields of data protection and data security....
more

Julian BondAssorted music irritations [Technorati links]

January 13, 2015 01:12 PM
Assorted music irritations

Yet another music limit that's getting in the way. Google's Play Music has a 20k song restriction on uploaded music. This has a side effect on Chromebooks, tablets and phones. Since they don't really understand local storage and especially local network storage, you're expected to store everything in the cloud. Except the cloud isn't big enough! Even within the 20k limit, actually managing and dealing with a 20k track library is hard with the UI provided. For instance you can delete/remove tracks and albums but not artists. Meanwhile the upload "Music Manager" program is still fairly brain dead and still doesn't understand .pls or .m3u playlist files.

The next problem is that DNLA compatible media servers and clients are universally horrible. It's the kind of thing that gets built into "Smart" TVs and home NAS. So why does Buffalo's NAS fail to index all the files? VLC locks up when trying to display them. The "smart" TV just gives you a huge long list of tracks instead of any kind of Artist or Album display. MS Windows Media Player fails to actually provide any kind of list when acting as a server and is just as useless at working as a client as all the rest. Just about the only bit of "Smart" in the TV I actually liked was the Youtube app.

Another year has gone by and Winamp still survives but there's been no developments, bugfixes or updates while the new owners try and work out the various licensing issues. It still works pretty well but runs out of steam somewhere around 50k tracks. Several people I know have given up and just use VLC with a sensible directory structure. The remaining problem is searching on track metadata rather than just filenames and directories. For actual desktop programs with library management I've yet to find anything as good as or better than winamp. 4 synced window panes for Artist, Album, Track, Playlist, just kind of works. And just kind of works better than tree or any of the other approaches like drilling down into a folder structure. VLC may be good for playing media, but it sucks for managing a library. As for Itunes, it's still horrible on Windows. Maybe it's better on OSX but I wonder. 

One tip for using Youtube. Open one tab to play your "Watch Later" playlist. Then use other tabs to find and cue up more music. Click the "Watch Later" icon on each and they'll get added to the end of the main playlist. It kind of works. And see above about the Youtube TV App.
[from: Google+ Posts]

Kuppinger Cole05.03.2015: Industrial Control System Security: Getting a Grip on OT Cyber Security [Technorati links]

January 13, 2015 07:53 AM
In KuppingerCole

Are your operational technology (OT) networks hosting Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, well secured? For many organizations, the answer is still “no”. Information security generally focuses on Information Technology (IT) networks and systems, not on the OT systems used in manufacturing, utilities and critical industrial infrastructures.
more
January 12, 2015

Kantara InitiativeUMA Public Review [Technorati links]

January 12, 2015 05:39 PM

Another milestone has been reached by the User Managed Access (UMA) WG to develop specs that let an individual control the authorization of data sharing and service access made between online services on the individual’s behalf, and to facilitate interoperable implementations of the specs. To learn more about UMA in general please see the WG homepage for helpful information.

We announce with pleasure that public review is open for two UMA documents. The UMA Participant IPR review and public comment period will close upon 45 days of initiation – February 20. We invite the public to review the documents and share comments for consideration of the UMA WG.

Options for Comment:

  1. Use the comment form available
  2. Use the pro forma and return to support (at) kantarainitiative.org with the subject COMMENT SUBMISSION
  3. IPR Claims may be sent to support (at) kantarainitiative.org with the subject IPR CLAIM

IPR Note:

UMA-WG Participants are required to review to make IPR claims regarding the documents by using the comment pro forma. Non-UMA-WG Participants have no IPR licensing obligation to these documents.

Kuppinger ColeExecutive View: Centrify Identity Service - 71186 [Technorati links]

January 12, 2015 07:35 AM
In KuppingerCole

Centrify is a US based Identity Management software vendor that was founded in 2004. Centrify has achieved recognition for its identity and access management solutions for web and cloud-based applications, as well as management for Mac and mobile devices and their apps. The company is VC funded and has raised significant funding from a number of leading investment companies. The company as of today has more than 5,000 customers. Centrify has...
more

January 11, 2015

Nat Sakimura佐賀県知事選で樋渡候補が落選した夜に、お構いなしに上野星矢はうまいなぁという話を書くわけです。だけど、本当に重要なのは… [Technorati links]

January 11, 2015 08:38 PM

ネット上の落選運動他で話題になった樋渡候補が、佐賀県知事選で落選されました。自民党・公明党の共同推薦でのまさかの敗戦です。確定票で

▽山口祥義(無所属・新)当選、18万2795票。
▽樋渡啓祐(無所属・新)、14万3720票。
▽島谷幸宏(無所属・新)、3万2844票。
▽飯盛良隆(無所属・新)、6951票。

と思いの外の大差の敗戦です。

2012年2月以来武雄市&樋渡(当時の)市長に、色んな意味で注目していた私[1]としてはなかなか感慨深いわけですが、そんなことはお構いなしに上野星矢はうまいなぁという話を書くわけです。

で、上野星矢さんですが、全然一昨日まで知りませんでした。最近わたくしはビデオメッセージに味をしめております。たとえば、クリスマスはこんなのを急いでのっけたり[2]してるわけですが、

春のメッセージはどうしようかということで、手元に楽譜があった、松任谷由実「春よこい」[3]でもやるかと思ってYoutubeでお手本探して付き合ったたのがこれ。上野星矢さん。弱冠19歳でジャン・ピエール・ランパル国際コンクールで優勝し、パリ高等音楽院に行かれた俊才。

うんめー。一音一音すべて異なるニュアンスを込めて吹いておる。音楽っチューのはこうでなくっちゃ。完璧に戦意喪失しますた。ちなみに、CDはこちら

上野星矢:万華鏡

上野星矢:万華鏡

なんですが、Youtube版のほうがうまいね。

閑話休題

今日の最大のニュースは、佐賀県知事選ではなく、こっちだと思うぞよ。

Paris march: Global leaders join ‘unprecedented’ rally in largest demonstration in history of France

パリの追悼デモ

パリのジャーナリスト追悼デモ。(出所)http://www.independent.co.uk/news/world/europe/world-leaders-gather-for-freedom-march-in-paris-as-million-expected-at-rally-9970512.html

 

言論の暴力による封殺は絶対に許されない。ムスレムの方々も声を上げておられます。暴力は絶対に許されない、と。

自由は常に暴力による謀殺にさらされています。自由は天から与えられたものではありません。我々が戦って勝ち取り、守らなければならないものなのです。

[1] まぁ、遠回し(?)に一貫してdisっているわけですが…。

[2] まずは練習を録音していろいろ反省してバグフィックスして本番録音しようと思っていたら、本番録音する時間がなくなってしまった…。なので、バグだらけ…。

[3] 敬愛する、一回だけ偶然お好み焼き屋さんのカウンターで隣で食事をしたことのある高木綾子さんの楽譜を持っているわけで。

January 10, 2015

Anil JohnWill 2015 be the Year of Public Sector Digital Service Delivery? [Technorati links]

January 10, 2015 07:00 PM

With the acceleration of the implementation of public service delivery platforms in both the U.S and elsewhere, my mission "... to help technical leaders make digital services secure and trustworthy" continues to remain relevant and is not going to change.

However, based on lessons learned over the last two years I want to try some new ways of delivering that information, so expect some tweaks and changes going forward.

Click here to continue reading. Or, better yet, subscribe via email and get my full posts and other exclusive content delivered to your inbox. It’s fast, free, and more convenient.


The opinions expressed here are my own and do not represent my employer’s view in any way.

January 09, 2015

Julian BondPaul di Filippo short story. [Technorati links]

January 09, 2015 04:59 PM
This post got deleted by the mods in the SciFi community. Hard to tell exactly why. Anyway, it's quite a tasty little short story from one of my favourite authors.

---
One side effect of the nowt protocols is suppression of Saccadic Masking in the visual processing functions of the brain. This makes them more aware than the rest of us of the 50/60 HZ flicker of LED and energy saving fluorescent light bulbs. In extreme cases the simple act of walking through a new housing development at night can produce petit mal epilepsis unless the nowt is careful to avoid sliding their gaze across the typical fake tudorbethan door lights.

Julian Bond originally shared this post:
Paul di Filippo short story.
http://motherboard.vice.com/read/faster-now


 Faster Now »
Some decades ago, neuroscientists discovered that the moment of nowness is actually a composite of everything we've experienced in the past fifteen seconds. Naturally, somebody decided to hack this. T…

[from: Google+ Posts]
January 08, 2015

OpenID.netOpen Invitation to Join the First Meeting of the Health Relationship Trust ( HEART) Working Group [Technorati links]

January 08, 2015 11:15 PM

A few months ago the OpenID Foundation Board of Directors welcomed Deb Bucci as a colleague and representative of the US Office of the National Coordinator for Health Information Technology (ONC). The Board noted the important coincidence of the growing adoption of the OpenID Connect standard and the commitment of public and private sector organizations to OpenID Connect profiles that can accelerate progress on identity-related heath care challenges.That public and private collaboration is reflected the leadership of a new working group. Eve Mailer of Forgerock, OpenID Foundation member and industry opinion leader, has joined Deb as co chair of a new working group.

We are inviting interested parties in the public, private and academic sectors to join the first meeting of the Health Relationship Trust ( HEART) Working Group (WG) on January 12. The HEART WG is a collaboration of the MIT – KIT Consortium and the Open ID Foundation. The HEART WG will be looking at ways to harmonize and develop a set of privacy and security specifications that will help an individual control the authorization of access to RESTful health-related data sharing APIs and facilitate the development of interoperable implementations of these specifications.

The US ONC’s Office of Standards and Technology is supporting this effort joins the Foundation in encouraging the active participation of technical and policy subject matter experts from across the Health IT community. The initial work will focus on identifying/scoping/framing relevant use cases rather than delving into the technical details.

You can review the HEART Project Charter for more detailed information about the HEART WG. Additional Information about joining and registering for our mail list can be found here. Anyone can join the mailing list as a read-only recipient and attend the meetings.

Don Thibeau
The OpenID Foundation

Gluu2015 SXSW Interactive Session Recommendations [Technorati links]

January 08, 2015 04:18 PM

gluu-sxsw-2015

Another holiday season has come and passed. And you know what that means… it’s time to start preparing for SXSW 2015!

For those of you with cabin fever, or alternately for the super-organized who are already planning your agenda… roughly every work day until SXSW we will post a new SXSW Interactive session recommendation, with a bias towards privacy, security, IOT and automation.

Check the SXSW website for a constantly updated full list of sessions.

This year’s recommended SXSW Interactive Sessions (dates to come):

  1. NEW TODAY! A New Generation: Creativity + Open Source Automattic founder and CEO, Matt Mullenweg and special guest will look to answer the question, how much has open collaboration changed the way artists and developers are creating?
    By: Matt Mullenweg, Automattic
  2. Fingerprints are Usernames, not Passwords What are the implications of biometric sensors in consumer devices, and how we might want to change our thinking and approach to protect privacy and increase security.
    By: Dustin Kirkalnd, Canoncial
  3. Biometrics & Identity: Beyond Wearable
    What are the implications of using personal biometric data as the virtual keys that unlock our very real lives? How should we feel about using such sensitive, personal data as a means of self-identification?
    By: Heather Schlegel, The Purple Tornado; John C. Havens, The H(app)athon Project; Leslie Saxon, USC Center for Body Computing
  4. Identities of Things Group: Paving the Way for IoT There’s a ton of promise in “smart everything. But there’s also much confusion. Join this panel of experts to find out how to get involved in defining an IoT future where PEOPLE matter most!
    By: Chrstine Perey, Perey Consulting, Eve Maler, ForgeRock, Ingo Friese, Duetsche Telecom, Monique Morrow, Cisco Systems.
  5. Prototyping Tools and Techniques for UX Designers UX design prototyping has come a long way in recent years. Learn about cutting edge tools, techniques, and various ways to incorporate interactive design prototyping along with user testing into your overall process.
    By: John Goff, Ebay
  6. Calling for a Nation of Makers Learn how the country is supporting the maker movement; how maker tools are becoming more accessible to consumers; and the effects of this widespread entrepreneurial spirit on the future.
    By: Mark Hatch, TechShop, and Thomas Kalil, The White House Office of Science and Technology Policy
  7. A Walk Through the Identity Ecosystem in 3D Take a 3D tour of the modern digital identity eco-system and learn how persons, organizations, and devices provide the new foundation for defining and mitigating identity threats. Glasses included.
    By: Suzanne Barber, UT Center for Identity
  8. Screw Privacy, Just give me value for my data
    A discussion on the issue of data literacy and the data value exchange between shoppers and brands.
    By: Lisa Pearson, Bazaarvoice CMO, and Lee Maicon, Senior Vice President of Strategy at 360i
  9. Security of Things: Who will save us?
    IOT Security: how we got here, where we’re heading, why the hacking community plays a pivotal role, and how to protect yourself when the lines between public and private blur.
    By: Nicholas Percoco, Rapid7
  10. OAuth2 – The Swiss-Army Framework This session will focus on the myriad of ways OAuth2 can be used to protect APIs, and how OpenID Connect is replacing SAML as the developer friendly way to handle SSO and federated logins.
    By: Brent Shaffer, Adobe
  11. Rapid On-Boarding; Building Password-less Apps This session addresses the modern obstacles created by requiring passwords during on-boarding and during later service or app engagement.
    By: Derek Labian & Tom Langridge, MediaFire
  12. Secrets to Powerful APIs What’s new in API development from some of today’s most popular APIs including GitHub, SoundCloud, Stripe, and Dropbox. Topics will include designing RESTful APIs, user authentication, APIs for media, developing SDKs, and APIs for mobile.
    By:
    Leah Culver, Developer Advocate at Dropbox, Greg Brockman,CTO Stripe, Erik Michaels-Ober, Developer Soundcloud, Wynn Netherland Developer at Github
  13. Death to passwords – mobile security done right What techniques exist to offer a more mobile friendly person-identification flow. Highlighting authorization and authentication techniques like OAuth, OpenID Connect and even hardware features like Bluetooth Low Energy this talk will be interesting for anyone who’s facing a situation where creating and storing user accounts matters.
    By: Tim Messerschmidt, Paypal

About Gluu:
Gluu publishes free open source Internet security software that universities, government agencies and companies use to enable Web and mobile applications to securely identify a person and manage what information they are allowed to access. Using a Gluu Server, organizations can centralize their authentication and authorization service and leverage standards such as OpenID Connect, UMA, and SAML 2.0 to enable federated single sign-on (SSO) and trust elevation.

Julian BondThis is why I read Bruce Sterling. He points me at stuff like this. [Technorati links]

January 08, 2015 03:38 PM
This is why I read Bruce Sterling. He points me at stuff like this.
http://stratechery.com/2015/xiaomis-ambition/

via http://www.well.com/conf/inkwell.vue/topics/478/Bruce-Sterling-Cory-Doctorow-Jon-page03.html

What is certain, though, is that Xiaomi isn’t going to the West anytime soon. Not only would the licensing fees be prohibitive,6 but the West already has fully furnished houses and powerhouse brands. The opportunity is simply so much greater elsewhere. It’s absolutely the truth that a company can be worth $45 billion - and, in the long run, probably a lot more - without ever targeting the United States or Western Europe.
 Xiaomi's Ambition - stratechery by Ben Thompson »
Xiaomi is a hard company to understand if you only think of them as a smartphone maker. In fact, they want to own the entire house of their true fans.

[from: Google+ Posts]

Kuppinger Cole12.02.2015: Managing the Password Chaos [Technorati links]

January 08, 2015 03:29 PM
In KuppingerCole

More than 10 years ago, Bill Gates predicted the death of the password. A decade later, reality shows that passwords are still the most common authentication method. Security and costs of passwords are critical factors for enterprises and organizations.
more

GluuNo Magic — Introducing the IAM Noble Quadrant [Technorati links]

January 08, 2015 03:15 PM

startfleet_federation

Have you ever looked at an expensive analyst report that positions vendors in a specific industry as leaders, challengers, etc., and wondered how exactly each company was evaluated?

For instance, how was it determined that one company’s “completeness of vision” is marginally or significantly “better” than another’s?

Maybe a better question though is how relevant are these criteria to a buyer? Completeness of vision sounds good. But isn’t completeness of solution more important? Or openness of solution?

More organizations than ever are using and publishing open source software, and consequently there’s less tolerance for vendor lock-in and expensive fees just for the right to use software. Free open source licensed software enables an effective crowd-sourced development methodology. In many cases–but especially where it comes to implementing Internet standards–free open source components have proven to be the best.

Crowd-sourcing development means:

  1. More eyes on the code
  2. More people contributing code, and
  3. Lower total cost of ownership (TCO)–larger community means more supply of engineers

Expensive enterprise software–even open source enterprise software–typically has very low supply of engineers, slow innovation, and higher cost devops.

Unfortunately the pay-to-play analyst model was built by large software vendors who specialized in locking customers in. They raked in the cash and then broke off a chunk for the analysts to say nice things about them publicly. It was a beautiful business while it lasted. But enough time has passed for open source software to catch up with proprietary predecessors, and its clear that many businesses and developers now prefer to use open source when possible.

So in light of these ideas, here at Gluu we think the two most important factors are features and openness. As an organization that publishes and uses open source software in all of our mission critical environments, we felt that it was time to shed light on how Gluu stacks up against some of the other companies in the enterprise identity and access management market.

Security is a top concern for many organizations. A comprehensive assessment of the market is simply incomplete without evaluating open source solutions too. For these reasons we introduce to you Gluu’s 2015 Identity and Access Management Noble Quadrant:

Screen shot 2015-01-06 at 12.57.23 PM

For more information, schedule a meeting to find out how the Gluu Server can help your organization launch a modern authentication and API access management platform based on free open source components.