Hey! someone explains digital signatures so dummies like me can understand. Even If you’re not a dummy, this might help!
Posted from BLInk!
Monthly Archives: August 2004
WSE2 : signing messages with derivedkeyTokens
in my old Non-WSE method of doing web services security, I had to get a token from the webserver and have it time out after 2 minutes’then get another one. This was to protect myself from someone discovering and using that token while it was valid. they could do that, but 2 minutes is not enough time to do much damage. But it was still a kludge.
Now WSE2 hasderivedkeyTokenswhich forces a different hash of your username token each time you stick it into your soap header. Cool. Benjamin Mitchell wrote more on this here.
Posted from BLInk!
WSE2, Windows Accounts, Username Tokens and clear text
Among the methods you can use in WSE2 to authenticate users is to pass the local windows account through the UsernameToken — not a common scenario of course. However, it is notable that when you use this method, WSE2 can only use this if the password is sent in plain text (one of the enumerations you can choose when creating a UsernameToken) which, in *this* case, limits you to using HTTPS (or just letting your password hang free in the wind, so to speak).
Posted from BLInk!
Devlab at homevs. devlab at Teched
I’m working on the WSE2ws-securityhands-on-lab somehow my distractions are too many." It is taking forever. I remember doing a HOL at TechEd with only one distraction… (was it Christoph? who is so much fun to chat with). But still I was able to get through the lab fairly quickly.
Posted from BLInk!
Many New Puppies!
My parents raise Newfoundlands – mostly Landseers which are the black & whites. My dad just called to say that LaaLaa (here is a picture of her when she got her championship 3 years ago) had a whole lot of puppies tonight! This is the 3rd time that my folks have had a huge litter. It’s a lot of work. And to add to it, they have another girl due any day now with about 5 puppies expected.
Here is a picture of Ishtar and her 13-puppy litter in 1996. Can’t seem to find a picture of Pippa’s 13-puppy litter. But they were cute cute cute!
tweak various application settings to run in XPSP2
.NET Compact Framework RSS Feed Reader
Thom Robbins (our D.E. here in New England) put together a cool little pocket pc RSS feed reader app with .NET CF. Check it out here.
Rebecca Dias and Jorgen Thelin discuss where Microsoft stands with Web Services
This is a great interview. Rebecca, who is a program manager for Advanced Web Services at MS and Jorgen, p.m. for Web Services Standards at MS, are interviewed on webservices.org.
They talk about Microsofts stance on web services, WSE being the “speedboat” to implementing WS-* specs today (while they will be baked into core services – aka Indigo – in the future) and more. They were asked some tough questions … such as Microsoft and others’ proprietary specs (although with ws-addressing now in the hands of w3c, it may not be proprietary for long…) and some fun questions like what are your favorite specs. Also, as Microsoft is refining it’s message about Indigo (and especially that little “remoting“ issue) it is interesting to see this bubbling up to the top:
Don speaks of four tenets to service orientation “services are autonomous”, “have explicit boundaries”, “services share schema, contract, not class”, and “share policy”.
And not about passing objects around.
They also have a great explanation about WSE enabling developers to pick & choose which specs you want to implement and what definitiosn you want.
Take a look at SoapContext properties to see this in action. It gives you easy access to stuffing info into the soap header based on the various specs available and each one of these has properties or collections where you can supply whatever rules or information suit your particular need. For example SoapContext.Security.Tokens or SoapContect.Security.Elements or SoapContext.Addressing.EndPointReference.
Montreal .NET double header
Although I mentioned before that Guy Barrette lured me to speak at GUVSM (Groupe d’usagers Visual Studio Montreal) where I will get a chance to test out my WSE2 Security for Dummies talk in October (Mon. 10/4) … I just agreed to stay overnight and speak at The Montreal Microsoft .NET Architecture Group (GUMSNET) the very next night. The GUMSNET group will be my “test audience” for another of my ASP.NET Connections talks: “What’s New in the .NET 2.0 Base Class Libraries for ASP.NET Developers“. This will be a spin-off of the more generalized BCL Whidbey talk I have done a few times already. The deck for that one, by the way, is here on my website.
Sam’s new website – a little Feng Shui goes a long way
I’ll leave all the “wow, awesome content” comments to the others, because what else would we expect from Sam but great content, anyway? Suffice it to say, he has been busy and this looks to be a great centralized resource. However, I would like to add that Sam Gentile’s new portal (DotNetNuke based) is also really pretty. It’s not often that a geek’s own website is well as pleasant to the eye as it is enticing to the brain!
I’m also happy to see that Sam (as well as some other Boston folks, such as Chris Pels and Robert Hurlbut) is speaking at Code Camp II. I’ve been flaky about committing (sorry Thom) because I have a bit of a conflict with that weekend.