|
|
-
A few of the more noticeable changes in this week's site design might prompt some questions as to how the Web audience is evolving over time. I thought it would be interesting to take a look at the actual numbers that back up reader's requests and complaints by comparing a snapshot from this week with a snapshot from one year ago. In each time period I pulled out a sample of 10000 visitors. The 75% of you that read this through RSS can go back to wondering why anyone still uses a web browser. Why have site features that don't work or don't look as good in Internet Explorer? Browsers 1 year ago (1% or higher share) IE7: 45.6% Firefox 2: 25.9% IE6: 23.3% Opera: 2.5% Mozilla: 1.1% Browsers this week (1% or higher share) IE7: 47.1% Firefox 3: 25.4% IE6: 12.7% Firefox 2: 11.2% Opera: 1.4% Safari: 1.2% There's one number that is increasing very quickly and the rest are either flat or declining for the most part. I'll credit Silverlight for bringing in enough readers on Safari to make the cutoff. Why all of the emphasis on font sizes, content spacing, and other issues for large displays? Resolution of largest dimension 1 year ago Bigger: 28.8% 1280: 46.6% 1024: 23.5% Smaller: 1.1% Resolution of largest dimension this week Bigger: 40.9% 1280: 45.3% 1024: 13.1% Smaller: 0.7% I'm evidently atypical in not having moved to increasingly larger displays over the last few years. It turns out that automatic scaling and device independence is still weak enough that you have to do some fine tuning to work over even the most common variations of scale. Next time: Web Address Filters Read More...
|
-
How do I find the address of a client connection to make a trust decision? Don't base security decisions on the perceived client address. Any address that we have comes from the underlying socket implementation and could be spoofed. The data that the socket has is sourced by the client. You should be using a source of information that has a verification process that the server trusts, such as a certificate, to distinguish clients. Next time: Reader Trends Read More...
|
-
Security programming today tends to contain large amount of plumbing code to handle the modeling, management, and evaluation of identities. An identity is the basis of many common security operations, such as authentication, personalization, authorization, and access control. There are a variety of different kinds of identities and ways of implementing security operations on top of those identities. Here are two libraries that help make dealing with identities easier. Zermatt is a claims-based identity system that focuses on simplifying the use of claims in web services. You can download Zermatt from its Connect site. LeastPrivilege.IdentityModel is a library by Dominick Baier that simplifies the existing identity model rather than introduces a new one. You can download LeastPrivilege.IdentityModel from leastprivilege.com. Next time: Trusting IP Addresses Read More...
|
-
Looking for a guide to all of the web services protocols implemented by WCF? There's no single document that captures all of the information, but there is a group of documents that talk about the implemented protocols and some of the choices in those implementations. The level of detail varies from document to document as a few are high-level summaries across areas of the product while others are low-level details of a particular protocol. Web Services Protocols Interoperability Guide Web Services Protocols Supported by System-Provided Interoperability Bindings Messaging Protocols Data Contract Schema Reference WSDL and Policy Security Protocols version 1.0 Security Protocols Reliable Messaging Protocol version 1.0 Reliable Messaging Protocol version 1.1 Transaction Protocols version 1.0 Transaction Protocols Context Exchange Protocol Mixing Trust Protocols in Federated Scenarios Next time: Help with Security Programming Read More...
|
-
I don't actually promise to update the design every year but it makes it sound more exciting- as if there's some kind of recurring event that people might look forward to. This year's design focused on improving content readability. I removed some of the design elements and dead space to get enough room to expand the text size and content area. In the process I lost the indigo-themed color scheme although I hope to bring it back some day. Having both light and dark backgrounds in the main part of the page caused some grief due to the way element styles are used in this template. The new design rolled out over the weekend to test for any major issues. I've fixed all the ones I know about so let me know if you see something broken. The site is less polished in Internet Explorer than Firefox due to the level of CSS support, but I was able to work around the one major rendering bug I hit. Read More...
|
-
http://www.thearchitect.co.uk/weblog/archives/2008/07/000500.html Read More...
|
-
Where can I get the IContextChannel that OperationContextScope requires? OperationContextScope allows you to create a temporary scope in which context for a service operation can build up before and after the operation is actually called. The constructor for OperationContextScope takes an instance of IContextChannel, which is a type that you've probably never seen before. Why are you expected to have this unknown type? It's because you have instances of it floating around all the time even though there's no particular hint of this. There are different ways to get an IContextChannel depending on whether you're using a proxy generated by svcutil or a proxy generated at runtime. In either case, pretend that I've got service contract called IService with a single method called Foo. When I generate a service client using svcutil, the client object has a member called InnerChannel that works as an IContextChannel. ServiceClient client = new ServiceClient(binding, new EndpointAddress(address)); using ( new OperationContextScope(client.InnerChannel)) { WebOperationContext.Current.OutgoingRequest.Headers[ "X" ] = "from compiled proxy" ; client.Foo(); } client.Close(); Otherwise, if I'm using a ChannelFactory to create the proxy at runtime, the channel that I get back happens to be an IContextChannel as well. ChannelFactory<IService> factory = new ChannelFactory<IService>(binding); factory.Open(); IService proxy = factory.CreateChannel( new EndpointAddress(address)); using ( new OperationContextScope((IContextChannel)proxy)) { WebOperationContext.Current.OutgoingRequest.Headers[ "X" ] = "from runtime proxy" ; proxy.Foo(); } factory.Close(); Next time: Standards Guide Read More...
|
-
A working draft for a 1.1 revision to XQuery went up earlier this week. The changes from XQuery 1.0 (which was finished just last year) to XQuery 1.1 appear to be small. There are two additional operators for grouping and windowing over a data stream. The group operator is fairly standard while the window operator is a bit more unusual. Applying a window controls what it means to draw a sequence of consecutive items from the stream. You can get the complete specification from the W3C site. XQuery 1.1 W3C Working Draft 11 July 2008 Read More...
|
-
Channel 9 posted a video a few days ago with the C# 4.0 design team talking about some of their motivations and ideas for language design. I tend to enjoy the videos like this one that are focused on the people a lot more than the ones that are focused on the outputs of technology. It's hard to stay awake while watching someone write code on a board even when played at double speed. There's no problem keeping attention here even though they barely talk about what's changing with the language itself. Read More...
|
-
We’re thrilled to announce that the BizTalk Services “R12” Community Technology Preview (CTP) is now available for general use. “BizTalk Services” is the code-name for a platform-in-the-cloud offering from Microsoft. Currently in active development, BizTalk Services provides Messaging, Workflow, and Identity functionality to enable disparate applications to connect quickly and easily. Combined together in an integrated offering, these capabilities deliver a Service Bus architectural pattern that is immediately usable by applications that need to connect across the Internet. Many enterprises employ the ‘Enterprise Service Bus’ pattern to interconnect disparate systems within an organizational domain. Built on Microsoft platform technology, an ESB might include building blocks such as Windows Server, Active Directory, BizTalk Server, as well as the Windows Communication Foundation and Windows Workflow Foundation technologies included in the .NET Framework. “BizTalk Services” extends the concept of an ESB to truly exploit the Internet, for instance by exposing individual service endpoints in a secure fashion or by selectively federating elements of distinct identity systems to facilitate cross-company collaboration. For ISVs and Solution Providers creating specialized business solutions that enable collaboration and information exchange across increasingly mobile and distributed work-forces, “BizTalk Services” provides the cloud-based platform building blocks to create sophisticated (Internet-) Service Bus solutions with broad reach that could otherwise only be realized by operating dedicated Data Centers of significant complexity – which is often out of reach for both, ISVs and their customers. Major Changes With the release of BizTalk Services “R12”, developers must update all clients and SDK installations to the new release. New in R12 - Workflow The most exciting new capability we’ve added in the “R12” CTP is Workflow. These new cloud-based Workflow capabilities enable ‘service orchestration’ from the cloud. This specialized cloud-based, or hosted, Windows Workflow Foundation runtime can orchestrate services that connect to systems in your enterprise, or to systems running anywhere on the Internet via Web services messages. This new power and capability will enable an entirely new set of application scenarios, and we’re very excited to see what people will do with it. In the SDK you will find samples showing how to create and control Workflow instances hosted on the BizTalk Services cloud, including a sample Workflow implementation that monitors the availability of a website and fires multicast events into the service bus indicating the state. New in R12 - Identity For R12, the BizTalk Services Identity Service has been expanded and enhanced to enable more flexibility for scenarios demanded by our customers. R12 introduces a new approach for creating, viewing, and managing access control rules. This approach relies on a few key principles outlined Read More...
|
-
Over the past few days Tom Hollander has been posting his experiences hosting a queue-based WCF service in IIS. These posts go into a lot of detail about setting up the machines, configuring the service, and troubleshooting problems. If you're looking for a step-by-step guide, this is a great resource. MSMQ, WCF and IIS: Getting them to play nice (Part 1) MSMQ, WCF and IIS: Getting them to play nice (Part 2) MSMQ, WCF and IIS: Getting them to play nice (Part 3) Read More...
|
-
The BizTalk Services CTP will be switched from the "R11" to the "R12" release starting in about 30 minutes and we expect to have a 2 hour time window (1400h-1600h PT/2300h-0100h UTC) where existing service accounts are being rolled over to the new release. We're expecting to be done with the migration by 1600h. Once the migration is done we'll give you an update on what's new in R12. Read More...
|
-
Slide decks are available from the Architect Insight Conference 2008 held in the UK at the end of April. These talks are fluffier than ones that I normally point to and since you only have the slides and not the audio, I recommend picking a few based on their titles and trying them out quickly to see if you find something interesting. Here are two that I thought looked interesting. Building an Enterprise Service Bus with BizTalk Server 2006 & WCF Standardising SOA You can access all of the content from the post event resources . Read More...
|
-
Heads up: If things go as planned, the BizTalk Services cloud will be unavailable for a few hours during the day on Tuesday 7/15 (U.S. Pacific Time) since we're doing an update to the services and to the SDK. I will post an update with the exact time window some time on Monday. Once we're back up and have verified that everything is working as intended we'll let you know about it and tell you what's new. Applications built on the R11 release (the release currently running in the data center) will have to be recompiled (and in some instances slightly changed) against the new R12 release's assemblies to run with R12. We've done some protocol adjustments in R12 that make this necessary - mind that we're still in "experimentation-only preview" mode here. Theory suggests that some compiled R11 applications will work against the R12 cloud, but it's not a combination we're explicitly testing as of yet. We obviously have that sort of backwards compatibility on the radar (it's SOA, should be easy, right?) but it'll likely take us a couple more revisions before we're happy enough with the baseline protocols. Read More...
|
-
Congrats to all my friends working in the Identity space on the relase of first beta of the Zermatt SDK . Other folks have written some great posts that provide the background and motivation for Zermatt better than I ever will, and there are some links you should check out at the bottom of this post. Suffice it to say that Zermatt is about making the power of the claims-based identity protocols we shipped in WCF V1 programmable and usable by normal humans. Zermatt has a few things that I think are really exciting: Integration with IIdentity/IPrincipal, so code that you've written using [PrincipalPermissionAttribute] can be easily adapted to use claims-based authorization. A new HttpModule for ASP.NET Web Application, making it much easier to turn web applications into claims-based identity consumers. New framework API's that make creating security token issuers (STS's) much easier to implement. I highly recommend reading Keith Brown's whitepaper for Zermatt developers , as it gives a great overview of what Zermatt is about and the value proposition it holds for connected application developers. I'm really looking forward to playing with this. Here are some more links: Zermatt announcement from Vittorio Bertocci Zermatt announcement from Keith Brown Download the Zermatt Beta SDK Happy hacking! Read More...
|
|
|
|