Windows Azure ACS v2 Mix Announcement

Part of the Mix11 announcement was that ACS v2 was released to production.  It was actually released last Thursday but we were told to keep as quiet as possible so they could announce it at Mix.  Here is the marketing speak:

The new ACS includes a plethora of new features that customers and partners have been asking with enthusiasm: single sign on from business and web identity providers, easy integration with our development tools, support for both enterprise-grade and web friendly protocols, out of the box integration with Facebook, Windows Live ID, Google and Yahoo, and many others.

Those features respond to such fundamental needs in modern cloud based systems that ACS has already become a key asset in many of our own offerings.

There is a substantial difference between v1 and v2.  In v2, we now see:

Federation provider and Security Token Service (FINALLY!)

  • Out of box federation with Active Directory Federation Services 2.0, Windows Live ID, Google, Yahoo, Facebook

New authorization scenarios

  • Delegation using OAuth 2.0

Improved developer experience

  • New web-based management portal
  • Fully programmatic management using OData
  • Works with Windows Identity Foundation

Additional protocol support

  • WS-Federation, WS-Trust, OpenID 2.0, OAuth 2.0 (Draft 13)

That's a lot of stuff to keep up with, but luckily Microsoft has made it easier for us by giving us a whole whack of content to learn from.

First off, all of the training kits have now been updated to support v2:

Second, there are a bunch of new Channel9 videos just released:

Third, and finally, the Claims Based Identity and Access Control Guide was updated!

Talk about a bunch of awesome stuff.

Vote for my Mix 2011 Session on Identity!

Mix 2011 has opened voting for public session submissions, and I submitted one!  Here is the abstract:

Identity Bests – Managing User Identity in the new Decade

Presenter: Steve Syfuhs

Identity is a tricky thing to manage. These days every website requires some knowledge of the user, which inevitably requires users to log in to identify themselves. Over the next few years we will start seeing a shift toward a centralized identity model removing the need to manage users and their credentials for each website. This session will cover the fundamentals of Claims Based Authentication using the Windows Identity Foundation and how you can easily manage user identities across multiple websites as well across organizational boundaries.

If you think this session should be presented please vote:

(Please vote even if you don’t! Winking smile)

Consuming WCF in Silverlight 3 Session at MIX ‘09

This session covers three separate scenarios for Silverlight and WCF interactions. The basic functionality of adding a service reference, creating proxy class and calling method hasn’t changed. However, they are trying to address some of the common pain points related to WCF

It’s now possible to remove the network traffic associated with ‘fat’ SOAP/XML messages by using a binary XML format to send the message. The demo reduced message size by 30%. But size was not the main design goal for binary XML. While compression is possible at the HTTP level, apparently binary XML reduces effort on the client and server as messages are compressed and decompressed. Binary XML is intended to improve speed. And while not every message is affected significantly (small messages and strings don’t really benefit), there is no case that MS is aware of where it gets worse. So binary XML becomes an appropriate default formatting standard.

Also included in this section was a description of why server-side error information is not accessible from within Silverlight. Specifically, if you have a server-side HTTP 500 code, the information related to the error does not get pushed to Silverlight. This is a fairly hard limitation related to how browsers pass HTTP information to plug-ins. And Silverlight is really a plug-in. The solution is an HTTP hack, there internal server errors get returned as HTTP 200 codes. And Silverlight 3 is built to pull the error information off of the response and surface it through the normal SOAP faulting mechanism.

When it comes to security WCF calls in Silverlight 3, there are two choices: browser-based and manual. The browser-based approach depends on cookies and Forms authentication at the browser level. This is easy to implement, but is open to cross-domain threats IF you have enable cross-domain access for every Web site. The manual approach has identity managed by Silverlight. When the credentials are added by Silverlight (instead of the browser), the cross-domain thread is eliminated. SL3 provides an out-of-the-box mechanism for creating the SOAP headers associated with the manual mechanism. It’s the ‘out-of-the-box’ that is new in SL3, not the technique itself.

The big gotcha in the manual mode is found in the method that WCF uses to prevent replay attacks. There is the concept of a MaxClockSkew. In indicates how far apart the client and server clocks can be. The default value if 5 minutes. which is to say that if the server system has a time of 11:05 and the client system has a time of 11:11, all messages will be rejected. This is the kind of situation that I’m sure will bedevil developers. MS is still trying to decide what the default value of MaxClockSkew will be when SL3 is released.

The second scenario covered in this session involved pushing messages to Silverlight. It was possible in SL2 to push message to the Silverlight application, but the knowledge required by the developer to implement it has been reduced. Because I’m very familiar with WCF, the technique does not seem advanced. Basically, the idea is to have the SL3 client make a one-way WCF call with a callback contract. The OneWay mode means that there is no calling context hanging around on the client. The callback allows the service to call back to the Silverlight application. In the Silverlight application, there is an event raised when the callback method is invoked from the service.

The third and final scenario talked about REST in Silverlight 3. As it turns out, SL3 doesn’t have much added in this area. Mostly because “the REST story in SL2 was pretty complete” This is actually pretty true about WCF in Silverlight in general. It’s not that there aren’t things that people would like to do with WCF in Silverlight (different bindings, for example). But the reality is that the limiting factor for most new feature requests is the HTTP stack from within the browser. It was mentioned that it’s possible to roll your own HTTP stack by going out to JavaScript through the HTTP DOM, but that technique will probably not work if the Silverlight application is running on off-browser mode.

Off-line and Off-Browser Silverlight

The big announcement at yesterday’s keynote was the availability of an off-line and off-browser mode for Silverlight 3.0. Just to clarify the terms, off-line mode indicates that Silverlight will not require a live connection to the Internet in order to continue functioning. Practically, this means that a Silverlight application will able to be installed on the client’s computer. Off-browser means that Silverlight apps will no longer appear to need to be running within any browser.

As a point of clarification, this last feature doesn’t mean that Silverlight will have free reign over your computer. Off-browser Silverlight apps will still run in the same security sandbox that they have in the browser. It’s just that you won’t need to explicitly launch the browser to start the application. In fact, the installation process for the Silverlight application includes the ability to place links on the desktop on the system tray

So what are the ramifications of these changes?

First, it opens up a world for Silverlight applications. While I’m a huge fan of WPF, there are a number of roadblocks to wide acceptance. It needs to have the .NET Framework installed (3.5 or 3.0). Which, in itself, implies a Windows platform (according to the Mono project, they are not planning to support WPF). Full WPF applications need to be installed. Yes, you can use XBAP to deploy the application, but that model has implications on security (it runs in the browser-driven security sandbox).

Silverlight, on the other hand, runs on both Windows and Mac. And while it requires an installation step, to call it an install is really overkill. It’s basically an XCOPY from one place to another on the client’s system. The conclusion, though, is that WPF and off-browser Silverlight do hit different target markets.

The second question is how does it change your Silverlight development process.

The goal of off-browser Silverlight was to have the same application run in both modes. And it certainly appears that is the case. However, being able to run the same application off-line and on-line does have an impact on your approach to development. For example, UI pieces might be different. The ability to retrieve data for a combo box, for example, might depend on being able to call out to a WCF service. That isn’t happening in off-line mode (although it would if you were just off-browser). So to create a solid off-line scenario, you may need to provide additional functionality or enable/disable functionality that is currently in place. This is not an insurmountable problem, but it does require some care and design effort.

All in all, off-browser/off-line Silverlight is an interesting idea and I’m looking forward to not only working on apps in this space, but also to see how others take advantage of it. Exciting times indeed.

Go Beyond Best Practices Session at MIX ‘09

Because I already had some exposure to Silverlight 3 at the MVP Summit, I thought I’d start off with a session directed at creating user experiences. Not to mention that I was interested in the idea of going beyond the superlative of ‘best’ :)

The basic premise of the talk revolves around the idea that companies that succeed find ways to get customers to engage with them. The experience of using the customer transcends the details of the product or service being offered. He mentioned a book called “Firms of Endearment” which describes companies that arouse passion from the people involved. The authors of the book determined that companies that fit this model, exhibit a number of characteristics. One is described by the SPICE model.

Consider the following categories.

  • Society
  • Partners
  • Investors
  • Customers
  • Employees

The value created by the companies in Firms of Endearment was equally important across all of these constituencies. Experience is about the effects that we create for these constituencies.

But experience is becoming a buzzword. That is to say, it’s a phrase that businesses use to think that

For most businesses, process is more important that effect. People follow the ‘process’ without a thought to what the effect on others might be. Experiences are a combination of behaviors, attitudes and emotions. For most companies, the emotional side is what’s lacking.

For example, Fed Ex doesn’t believe that it’s in the delivery business. It thinks it’s in the ‘peace of mind’ business. This is really about engineering the experience that people have when they use your product/service. It’s about creating clues as to how important you consider your constituents to be. These clues are frequently small and subtle. And the effort to perform them is also small. But a focus on ROI has obscured the the need to actually follow through. The suggestion is that instead, there should be some concentration on ROY. As in Y not provide the clues necessary to make customers/employees/etc realize that you are as passionate about the business they they are.

I found the presentation interesting. At a minimum, it gave me pause to think about how ObjectSharp delivers to this constituencies. While I think we do a decent job, there are certainly areas where we can improve. And we probably need to pay closer attention to the details of the experience that our customers have. And, in many cases, it’s the details that are more important than anything else.

MIX ‘09 Keynote – Part 3

Some additional Silverlight 3 improvements that are being announced.

  • Data Binding improvements, specifically element-to-element bindings
  • Validation error templates, although there is no support for the IDataErrorInfo interface
  • improvements on the ability to push data from the server to the client. Conceptually, this is similar to callback functionality in WCF.
  • Introduction of a DomainServices class that is used to generate a proxy class on the client. The proxy class has the ability to track and marshal changes between the client and server.
  • Validation logic can be declaratively defined on the DomainServices derived class. The generated proxy class will contain the same validation, triggering the error template within Silverlight.

And now, the big news.

Silverlight 3 will be able to run outside of the browser on both Windows and the Mac. Security is the same sandbox model used from within the browser. There is built-in support for automatic updates. And the application can be aware of its off-line/on-line situation. There will be more about this later in the week, I’m sure.

MIX ‘09 Keynote – Part 2

More stuff on the Web server side of the equation. There is a new version of the Web Platform Installer. This doesn’t have any impact on me, at least not in the past. But there is now a gallery of community-based applications, such as DotNetNuke, DasBlog and WordPress that can be automatically installed onto a web server through the Platform Installer. Not useful to me, but nice to people who are trying to streamline the build-out of a Web server. You can see a list of these applications here.

Silverlight 3.0 has some new functionality to improve functionality. There will be hardware-based acceleration for compositing, where available. And there are a number of features aimed at improving the media experience. A gentleman from NBC came out and showed some stats on the Beijing Olympics and Silverlight. As well, NBC will do the same for the Vancouver Olympics. Forgive me for not caring, as none of this is available in Canada.

You will probably hear that Silverlight has 3D functionality. A warning that it is not true 3D, but the ability to move a 2D image in three dimensions. The actual term is ‘perspective transform’. If you have to ask about the difference, then you probably don’t care. But for those that do, visualize a flat-screen image that can be rotated about the X-, Y-, or Z-axis so that it appears to be spinning. Hit testing works appropriately (you can only click on the image, regardless of how it is oriented.

Silverlight 3.0 will provide a better experience for SEO. This includes the capability of supporting deep linking and navigation.

Going back to the idea that support for a sketch-based workflow, Expression Blend 3 will have a features called SketchFlow. This feature allows for easy navigation through a collection of pages. The interface allows for quick and simple creation of the workflow through an application. Each state in the workflow corresponds to a page.

One of the things that is interesting about the creation of the pages in a workflow is the inclusion of Wiggly controls. These are controls that, through their appearance, will not be mistaken for a completed application. The borders on the controls take on the appearance of a hand-drawn image. Yet the controls are still real WPF controls, meaning that they work in the Blend and, indeed, when the applications is ‘run’ through the SketchFlow prototyping tool..

MIX ‘09 Keynote – Part 1

The first part of the keynote was Bill Buxton talking about the benefits of considering user experience and design when creating an application. Certainly a good speaker with passion about hit topics. But I’m afraid that he’s preaching to the converted. He touted the idea of coming up with 5 solutions to any problem, allow the best one to float to the surface. While this is a fine idea, I’m afraid that it will run up against the shoal of fiscal prudence as soon as it gets pitched to management. The trick will be to convince management that five solutions is worth while. He mentioned sketching as a technique, but I’m still waiting for tools to support this approach. The ability to transition from a ‘sketch’ to a WPF form would be quite useful to fill this gap.

One more thing about Bill’s talk. He gave a quote, almost as a throwaway, that I’m sure I’ll use in the future “It’s too important to take it seriously”. While that sounds like a contradiction, I think that in the design space, the implication is that user experience should have some focus on fun and excitement over pure serious. When you think about the shining lights of user experience applications, you’ll find that ‘fun’ and ‘cool’ are big parts of the success.

The first portion of Scott Guthrie’s presentation talked about Web functionality. Expression Web 3 contains a feature called SuperPreview, which allows pages in Expression Web to be viewed (either side-by-side or onion skinned) as they will be rendered in other browsers. This includes browsers that you don’t have installed on your system. The functionality of SuperPreview also makes it easier to identify and isolate problems with rendering in the different versions. The Web 3 version support (at a minimum) IE versions, as well as Firefox and Safari. But there is also a standalone version of SuperPreview which allows comparison between IE 6, 7 and 8. You can download it here.

On the Road to MIX ‘09

I’m writing this particular blog post while in the air on the way to Las Vegas. For the next three days, I’m going to be at the MIX ‘09 conference. For regular readers of my blogs, that means you can expect a flurry of posts. I tend to live-blog the sessions that I’m in (particularly the keynotes) as a way of note taking, if nothing more. In this way, if nothing more, it is completely different than the MVP Summit I was at a couple of weeks ago.

Actually, there are some other differences. Where the MVP Summit is as much about giving information to Microsoft as it is about receiving, MIX is all about the receiving. While I have some inkling about some of the announcements that you’ll be hearing about, I also know that they have kept some under wraps. Which means that they were even held back from the NDA sessions at the MVP Summit. So, even though I already have some blog posts ready to go, I will still need to pay attention to what’s being discussed. And I’ll pass the good stuff on to you as soon as I can.

Bring Your Data to Life with WPF Session

The premise behind this session is the idea of separation of UI designers and developers. The UI people don't know how to code business rules. But the UI people need to be able to 'try out' the user interface and easily make changes. This is the designer/developer separation that is in the Web space, only in this case, it's for Windows Forms applications.

For those of you who aren't aware, one of the drawbacks of WPF is the lack of data binding support. This is a significant step back in functionality, if you're used to creating ASP.NET or Windows Forms apps. And it stopped me from using WPF to any great extent.

The session starts out slow, talking about the rationale behind data binding. This is something that I would expect most developers to be aware of, although if he's including designers in his target audience, then I can understand the digression.

Databinding in a WPF form can be done through the latest version of Expression Blend. A new Data pane allows for the selection of a data source (a class, for example). Once the data source has been specified, the property sheet for a control allow the mapping between the control's property and the data source's property to be made. This is a familiar process, although very new to WPF and Expression Blend.

WPF includes the concept of a value converter. This is a function that operates on a bound value with the result from the conversion being displayed. As well, the data binding appears to be hooked up to the property change notification mechanism, in that if a property is programmatically changed, the updated value appears in the form.

There is also a mechanism (INotifyCollectionChanged) which raises an event when the collection is changed. The idea of 'change' in a collection is the addition or removal of an item from the collection. WPF data binding is able to detect and respond to these events.

WPF has replaced the ObjectDataSource class with an ObjectDataProvider. Without seeing the details, I'm guessing there is a lot of similarity in terms of functionality, if not the details.

In the WPF itself, the binding notation looks like the following

<TextBox Test="{Binding Path=Sun.Name, Source={StaticResource solarSystem}}" />

This notation takes the Name property of the Sun object found in the ObjectDataProvider named solarSystem. A little cumbersome, but since it's definable through Expression Blend, that's only an issue for those of you who code in Notepad 2008.

As part of the data binding mechanism, there is the concept of a data template. This greatly resembles a template within ASP.NET, where different fields and controls are displayed based on the mode of the control. One twist is that WPF data templating can be defined based on the type of object being displayed. Within the same list box, a collection of Products will appear with different fields then a collection of Customers, even though the underlying WPF is the same.

The final reveal for the demo is a list box that displayed the information about a solar system not as a list of planet names, but as a graphical representation of the solar system orbit with the images of the planets and the positioning away from the sun based on properties from the object. The cool part is that there is no change to the underlying object necessary to change from a drop down list of properties to the graphical view. Only the XAML needs to be modified. But again, that is the power of WPF.

One word of warning. Not all of the advances in WPF are necessarily available in Silverlight. A concept called a CollectionView was explicitly called out as not being part of Silverlight 2. So if you are developing for the Silverlight market, make sure that the data binding techniques you use are supported before you spend time on it.

WPF provides support for a hierarchical data template. This template because useful when you are trying to create a tree view visualization for your data. It's similar to the list box data template in concept, but the level within the hierarchy becomes part of the mechanism for distinguishing between the different data fields and styles that are used.

It looks to me like data binding for WPF has finally moved towards the standards that we have been used to. The presentation didn't cover error providers and error notification, but a slide at the end suggests that it is, using the IDataErrorInfo interface.