Applied Life

Blogging over here now...

2011-09-07T13:29:00.002-04:00

I'm moving over to Tumblr for no particular reason... (http://frumioj.tumblr.com/)

First post is here (http://frumioj.tumblr.com/post/9922282217/anonymity-vs-accountability)

Markup Language Family Tree

2011-04-22T10:48:00.001-04:00




                         RUNOFF                      "Generic Coding"                 "Editorial Structure Tags"
                   (Jerome Saltzer, 1964)         (William Tunnicliffe, 1967)          (Stanley Rice, pre-1970)
                            |                               |                                     |
                            |                               |                                     |
        TeX          roff - nroff - troff                   |-------------------------------------|
 (Don Knuth, 1977)   (Josef Osanna, 1973)                   |
                                                           GML
                                                    (Charles Goldfarb, 1969)
                                                            |                       SCRIBE
                                                            |                   (Brian Reid, 1980)
                                                            |                          |
                                                            |--------------------------|
                                                          SGML
                                                      (Standard, 1980)
                                                     |                |
                                                     |                |
                                                   HTML              XML
                                            (Berners-Lee, 1990)    (Standard, 1998)

Updated to show the contributions of Stanley Rice and William Tunnicliffe, see:

http://en.wikipedia.org/wiki/Markup_language and
http://www.digitalhumanities.org/companion/view?docId=blackwell/9781405103213/9781405103213.xml&chunk.id=ss1-3-5

Simple HTML Form parsing in node.js

2011-03-03T15:17:00.004-05:00

I'm new to Node.js, but already having fun with it. I was trying to grab form POST data and couldn't find a simple example to learn from (using a multipart MIME parser seemed a little like overkill) so I wrote the following code.

The code registers two callbacks - one for the 'data' event which is called when a chunk of body data arrives (there may be more than one such call depending on the size of the body) and the other for the 'end' event when the request has "ended".

Of course, this example is too simple to use in most real systems (caveat lector) - no checks on the content are made, and the parsing takes place only after the whole body is read. Not ideal.

var http = require('http');
var url = require('url') ;

http.createServer(

function (request, response) {
 var full_url = url.parse( request.url, true ) ;
 var pathname = full_url.pathname ;
 var q_params = full_url.query ;
 var body = "" ;

 response.writeHead(200, {'Content-Type': 'text/plain'});

 if ( request.method === "POST" &&
      request.headers['content-type'] === "application/x-www-form-urlencoded"){

   request.on('data',

       function( chunk ) {

         // append the chunk to the growing message body
       body += chunk ;
     }) ;

   request.on('end', function(){
     var params = body.split('&') ;

     for ( param in params ){
       var pair = params[param].split('=') ;
       response.write("Name: " + pair[0] + " = " + pair[1] + "\n") ;
     }

     response.end() ;
   }) ;
  }
}
).listen(8124);

console.log('Server running at http://127.0.0.1:8124/');

HTML frames and security

2011-02-21T11:47:00.010-05:00

Introduction

Frames were introduced into HTML (via the 'frameset' and 'iframe' elements) in order to provide an element of modularity to navigable websites [1] - one or more HTML documents could include a separate menu document directly so that navigation links didn't need to be
edited in each individual document. This found particular favour in online magazines.

Using frames for such modularity became popular because many website hosting companies initially disabled, by default, other mechanisms which could be used to provide this functionality (such as CGI scripts, server-side includes, and other server-side scripting
alternatives).

Frame security

There are, broadly-speaking, two security issues with HTML frames:

1. A developer including content from another site in an iFrame is taking a risk that this content will not do anything harmful (where 'harmful' includes manipulating parent document resources (via the DOM), running malware (a malicious 3rd-party plugin, for example) or
running scripts that consume inordinate amounts of client resources such as CPU or memory.

2. A malicious developer might include content from a victim site in a frame in order to either confuse the user into performing some action at the victim site (a kind of phishing) or simply use the user's resources (browser cookies, for example) to perform an attack on the victim server (such attacks include but are not limited to, XSS).

HTML 5 'sandbox' attribute

HTML5 has added a new attribute to the iframe element, and defined a new MIME media type to indicate such sandboxed content [3]. The sandbox attribute and related work is intended to deal with security issue 1 (see above).

Multi-process Web browsing

Microsoft's Gazelle and Google's Chromium are two browser projects which attempt to limit the access by individual Web components to browser resources, by allocatng browser resources on a per-origin basis. An individual browser tab displaying content from a particular
URL renders content via a separate OS-level process from the main browser process, and from processes associated with other Web origins.

The Facebook 'Like' Button - iframes taking advantage of a security hole

Facebook's Like button functionality takes advantage of a security vulnerability to allow Facebook to display user content (some of my friends' faces, for example) in an iframe.

If you include the code Facebook generates for you, you get an iframe:

<iframe src=\"http://www.facebook.com/plugins/like.php?
href=http%3A%2F%2Fexample.com%2Fpage%2Fto%2Flike&
layout=standard&show_faces=true&
width=450&action=like&
colorscheme=light&height=80\" scrolling=\"no\" frameborder=\"0\" style=\"border:none; overflow:hidden; width:450px; height:80px;\" allowTransparency=\"true\"></iframe>

And of course, this iframe uses the Facebook cookie that you have because yes, you're logged into Facebook right now (right?) to display your friends' faces in the rendered like button, even when that like button appears on your own site.

It'll also use that logged in session to display the fact that you (the user at that website) like the content.

You *can't* include Facebook's like button content on the server-side if you want it to work as intended - because that content needs the user session cookie, which is only available on the client-side. So you can't follow my first or second recommendations below.

The other implication here is that it is possible for a malicious website to make the user 'like' some content hosted by someone other than the the website hosting the like button (just set the href attribute of the iframe src call to some other value than your own content). Arnab Nandi has written some excellent posts about this issue at [8] and [9].

Recommendations for Web Developers

Include potentially untrusted content on the server-side (rather than by using iframes), and use solutions such as Google Caja [6] to sanitize all of your content prior to delivery over the Web.

Reduce or remove the reliance on Web browser cookies in order to prevent misuse of those cookies by a malicious Website. If user confirmation of an action is important, then offer a confirmation page for the user in addition to a cookie-based session identifier when confirming something that appears to be a user action.

Properly validate or sanitize (by encoding) input delivered via HTTP headers, HTML POSTed data, and URL query parameters, in order to prevent cross-site scripting vulnerabilities. Review the OWASP website regarding untrusted user input [7].

Ensure that an HTTP GET to a resource under your control does not perform an action with side-effects (such as immediately confirming a subscription or other action), since an HTTP GET which takes place via a redirect may be sent from a malicious site without requiring additional user confirmation for the redirect to occur.

References

[1] WWW Framing (http://en.wikipedia.org/wiki/Framing_(World_Wide_Web))
[2] Server-side include security in Apache (http://httpd.apache.org/docs/current/misc/security_tips.html#ssi)
[3] The HTML5 iframe sandbox (http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox)
[4] Chromium multi-process architecture (http://www.chromium.org/developers/design-documents/multi-process-architecture)
[5] Microsoft Gazelle (http://research.microsoft.com/apps/pubs/default.aspx?id=79655)
[6] Google Caja (http://code.google.com/p/google-caja/)
[7] OWASP Injection and XSS Prevention (http://www.owasp.org/index.php/Top_10_2010-A1), (http://www.owasp.org/index.php/Top_10_2010-A2)
[8] Deceiving Users with the FB Like Button(http://arnab.org/blog/deceiving-users-facebook-button)
[9] Reputation Misrepresentation(http://arnab.org/blog/reputation-misrepresentation)

New Year's Hoppin' John

2011-01-01T14:45:00.004-05:00

(adapted from John Thorne's 'Serious Pig' version)

1 cup black-eyed peas, soaked for ~5 hours
1 onion, chopped
1 cup raw rice
1 tablespoon of chipotle pepper in adobo (more if you don't mind scaring off small children!)
1 clove garlic, minced
1 bay leaf
Olive oil
Salt, pepper to taste

Bring 5 cups of water to a boil and put the beans and bay leaf in. Turn the heat down low and simmer the beans for about 30 minutes (if using brown rice) or 45 (if using white rice). While the beans are cooking, put oil in a pan and fry the onions very gently for 20 minutes, making sure they don't burn or turn too brown (sprinkle them with salt if you can tolerate it). Add garlic and chili pepper. After 30 minutes check your beans. If using brown rice add it now, and after 15 more minutes pour the contents of your onion fry-up into the pot too. If using white rice, wait the extra 15 minutes and add it all together. After that, just cook gently until the rice and beans are done. Let the pot rest for 10 minutes after you're turned off the heat.

Serve with cornbread and onion salad (both taken directly from Thorne's 'Serious Pig') for serious enjoyment.

Same-origin policy

2010-11-20T10:00:00.001-05:00

I took part in a Nokia Web security panel last week. My talk was about the browser same-origin policy (PDF).

Never trust a client!

Marathon for my family

2010-09-25T12:55:00.003-04:00

Almost eight years ago, my twin daughters were born at Albany Medical Center, in Albany, NY. They insisted on arriving very early -- and born at 27 weeks (normal pregnancy is more like 38-42 weeks), had only a middling chance of surviving without some permanent disability. We didn't know whether they would even make it - when they were born, they needed to be kept very warm -- in an incubator, and they couldn't breathe very well without additional oxygen given to them via a ventilator. They both weighed less than 2lbs each.

They shared a room with more than 40 other children, in incubators, with ventilators, and some with other special equipment needed to keep those babies alive and help them grow.

Without Albany Medical Center's Neonatal Intensive Care Unit (NICU), my daughters would be unable to learn to read, or ride a bicycle. They might be unable to see, or maybe couldn't process food properly. They could have had any one of a number of disabilities. And yet, here they are, falling off bikes and getting scrapes on their knees. They're learning math at school, and writing... drawing, science. In short, they're doing all the things you'd expect an 8-year old child to do.

But this story is about more than my daughters. Our premature babies were not alone. Albany's NICU accepts babies from the entire range of New York State, and also from rural Vermont and Massachusetts. They simply don't have enough room to accept all the premature babies who are born each year, or enough money to maintain all of the sophisticated equipment needed to keep these children alive, or have enough doctors and nurses looking after the babies.

I'm running the Hudson/Mohawk marathon on the 10th October this year (I'll be just back from Finland two days earlier so will no doubt feel wonderful).

I celebrate that I can do such a thing at all, and I celebrate that my children are alive. But I can sit here and celebrate my family, and some parents cannot.

So please join me in helping all those whose families are affected by premature birth by donating to Albany Medical Centre's Neonatal Intensive Care Unit, and it'll feel like you're running the marathon with me (I promise you that you won't have to feel the pain!)

There are two ways to donate:

1) Web/credit-card

* go to Albany Medical Center Donation (if you don't trust this URL, go to http://www.amc.edu/foundation/make_a_gift/cash_check_credit.html and click the link to 'give today').

* When you enter the donation details please set:

Designation: Neonatal Intensive Care Unit (NICU)

In Honor of: A & I Kemp

(If you figure out how to do a company match, go ahead!

2) By check/cheque payable to "Neonatal Intensive Care Unit at Albany Medical Center" - which you can give me in person, or send to Albany Medical Center at the following address:

Albany Medical Center Foundation
Attn: Nicole Lindell
Re: A & I Kemp
43 New Scotland Ave., MC-119
Albany, NY 12208

Thank you!

Spicy mixed bean stew

2010-09-05T15:33:00.004-04:00

4 cups mixed, dried beans (of different colours to make it look more
interesting) rinsed and soaked overnight in 8 cups of water
4 carrots
2 sticks celery
6 cloves garlic, minced
1 tsp ground cumin
1 tsp or so each of crumbled dried sage, marjoram, oregano
1 large onion, sliced thinly
3-4 Jalapeno peppers in adobo (to give a smoky taste)
2 bay leaves
salt to taste
1 pint homemade tomato sauce
3-4 tblspoons olive oil
1/2 cup water
1 cup sweet corn kernels
1 tsp tamarind paste
1 tblspoon cocoa powder
1 tblspoon sugar

Bring beans to a boil in soaking water with bay leaves, and then turn onto lowest possible heat. Cook very slowly, covered, for at least one hour.

Meanwhile, cook onion over low heat for 20 minutes, add diced celery, cook for a few more minutes. Add minced garlic, cumin, sage, marjoram and oregano and cook for a few more minutes. Add chiles and cook a bit more. Add water, and heat until water is hot. Add mixture to beans.

Chop carrots into pieces roughly as small as the beans, and add to the mixture. Add sweet corn.

Cook the whole lot for roughly another hour and the water level has dropped to the level of the beans.

Add tomato sauce, cocoa powder, tamarind, and salt as necessary and cook for further 20 minutes or so.

Adapted from Soup - Spicy Mixed Bean - thanks!

Secrets and Lies

2010-02-17T11:23:00.002-05:00

It's not secret that Google uses data it knows about me and my contacts, or the subjects I email about with those contacts to customize the advertisements that appear on Google pages when I'm logged in. And I feel as if I have given them, perhaps implicitly, but concretely, the go-ahead to do that, regardless of what I've accepted (or not) consciously in reviewing their Terms of Service.

In social situations, it is often the ability to keep a secret that determines the course of a social relationship. Secrets are shared as a way of building those relationships, and the ability to maintain shared secrets builds shared trust.
When Google Buzz exposed my list of frequently emailed contacts as a social network, they violated my trust that they could keep a secret.

Abstractly, I think it's a cool idea to build a social network for me, based on data inferred about my communications with Google contacts.

And similarly, I can see how, abstractly, it's a good idea (from a Google perspective) to make your social network public so that other people can more easily, and socially, find people to connect with.

When you combine these ideas, however, you violate the basic social need for secrets to be maintained.

Whether Google is, as some people think, lying, that this was a genuine mistake, or was simply socially inept in combining these ideas doesn't matter.

I expect Google to quietly mine my data and use that to provide me better service (while also making them money of course), but I don't expect them to reveal either accidentally or on purpose anything that I consider to be secret.

People who can't keep secrets aren't usually treated very well by those whose secrets were revealed.

Black Steel

2010-02-16T08:22:00.003-05:00

I got an email from Microsoft the other day
I opened and read it and it said they were suckers
They wanted me for their army of Win7 users
But Vista don't work yet on my Thinkpad -
I said never!

(with apologies to Chuck D and Tricky)

The Buzz about Google Buzz

2010-02-13T11:42:00.006-05:00

The release of Google Buzz has caused a fuss - The New York Times talks about the invasion of privacy. Twitter is all a-buzz with anti-buzz tweets.

But what exactly is all the fuss about? After all, your Facebook friends list seems to be default public. Your Twitter following and follower lists are always public.

Surely your expectation of Google Buzz should be that your social network is public - it's the new black, isn't it?

So what's the problem here exactly?

Previously, I've used Gmail infrequently, and basically just for chat and email with the small number of people I know who also use Gmail.

So, until Buzz, I gmailed and gtalked only with a very small number of people.

On day 1 of Google Buzz, Google made that list of people public by default. They created my "social network" by exposing what amounts to my email/chat log - the people I actually do network with socially - not some random group of people who vaguely want to keep in touch with (Facebook) or some group of people whose status updates I find interesting for one reason or another (Twitter).

They publicly exposed a list of people I actually talk to.

Of course, I closed the loophole quickly by changing my Google profile to not show my list of following/followers, but still - will everyone be so careful? Probably not - difficult to believe that Google didn't think of that beforehand either.

They used their knowledge of my email contacts to reveal my social interactions. Google abused that knowledge, and my trust that they would not abuse that knowledge.

Now I know why Zuckerberg and Schmidt talk about the "end of privacy, so just get over it"; they're actively working to erode it.

Markup Languages Family Tree

2009-08-12T20:55:00.004-04:00

Building Tracemonkey

2009-06-08T14:32:00.002-04:00

I tried to build Tracemonkey today. But the instructions given in John Resig's post about TM didn't work for me.

Instead, after I'd cloned the repository and attempted to build:

hg clone http://hg.mozilla.org/tracemonkey/
cd tracemonkey/js/src
make -f Makefile.ref BUILD_OPT=1

I got some errors, starting with the cryptic:

jsinttypes.h:113:2: error: #error "couldn't find exact-width integer types"

So, I tried the following instead:

autoconf2.13
./configure
make
shell/js

Which gave me a running Tracemonkey shell.

The Future of Mobile Social Networking

2008-12-03T15:50:00.002-05:00

My position paper, co-authored with Franklin Reynolds is now available on the workshop site. If you're a W3C member, you can take a look...

Holding back the waves?

2008-10-21T20:48:00.004-04:00

Roy has spoken. Paul, Dave and others have attempted to interpret. Unfortunately, there are many who don't have time to listen, are not interested in listening, or do not possess the necessary understanding.

For those people:

REST is not SOAP
REST means GET and POST, maybe HEAD, but likely not PUT or DELETE.
REST means using URIs to identify some, but not all things
RESTful API authentication involves OAuth or something similar - what, after all, is the other "officially" RESTful way of doing API authentication?
REST usually means putting "custom HTTP header" information in GET query parameters or the POST body, to avoid defining... custom HTTP headers. Which method is best? The answer varies, depending on your situation.
REST means returning a custom XML format, but I might be able to (ab)use Atom, and JSON, because it works well with Javascript.
What is HATEOAS again?
REST is most usefully practiced on rest-discuss

Roy owned the meaning of REST when he coined the term. But is it not simply holding back the waves of democracy in attempting to wrest the meaning back from all those who now claim to be RESTful?

But maybe the real problem is that no significant application design problem can be solved simply by "using REST". The answer involves actually understanding your design constraints, and meeting real requirements with real solutions.

Lectio reductio

2008-10-19T11:38:00.005-04:00


if (sum( self_interests( I )) > sum( everything_else ) )

  if ( yearly_income( family( I )) >= 250000 )

    vote( mc_cain ) ;

  else

    vote( obama ) ;

Would it look better in a functional language?

Why there is (or might be) a Web OS

2008-06-04T07:56:00.005-04:00

I hate to say that Tim Bray is wrong about the Cloud OS. I agree that, in general, memes with catchy titles are often meaningless when you try to explore the details. That being said, I think there are some reasonable parallels between that operating system concept (as represented by, say, Microsoft Windows, Apple's OS X and various Linux flavours) and some things available today on the Web:

There is now an understanding that I can write software applications that will run on someone else's physical machines - whether it's via the Google/OpenSocial or Facebook way of thinking ("gadgets" portable between application "containers") or applications running on top of Web-based APIs to virtual machines like Google AppEngine or Amazon EC2. Isn't that really quite similar to the idea of writing an application to run on Windows, OS X and so on?

It is increasingly the case that one can control these applications via relatively standardized interfaces (HTTP/XMPP/XML) Similar to the relatively standardized interfaces for writing applications in a "traditional" OS - kernel device drivers, client APIs for window manager notifications. We seem to be rapidly converging on a single UI manager - the browser.

Specific applications may be provided by more than one vendor, and I may use various different vendors' applications integrated via "mashups". I have Google contacts, Yahoo calendar and Twitter for micro-blogging - I can use their APIs to combine their applications into a new application.

But Tim says:

The OS is the software that sits between you and the hardware. In practice, it offers a set of brutally stupid and complex services for managing storage and networking and the lowest level of user interaction. It’s difficult and unpleasant to use.

As defined by Windows et al, that might be true. But isn't it possible to improve on that concept by providing services at a higher level (my location service, my contacts service, my "lifestream" service)? Wouldn't it be nice it we could use those services from more than one vendor? Don't we need a bit more standardization than AtomPub? What if there already were a standard?

Note that I do NOT think that there is a Web OS - I think we should avoid calling "it" that, anyway.

But what if if we could define and make a "Cloud OS" that is related to the traditional kind (roughly as noted above) but demonstrably better than any machine-based one - would the meme be more useful then, Tim?

How to write a virus for the "Web OS"

2008-05-01T09:35:00.003-04:00

The BBC has an article today showing how they managed to commit "identity theft" by writing a Facebook application that retrieved personal information from Facebook users. Facebook applications seem a lot like computer viruses anyway. So is this the first (destructive) virus for the Web OS?

Data Sharing: What is the problem and where are we?

2008-04-18T12:49:00.005-04:00

This morning (USA/PT) I spoke along with some luminaries about the state of "data sharing".

I started by paraphrasing an article from today's New York Times, about how blogging has become so mainstream that people are using blogs to talk about their marriages, divorces and other personal (and often controversial) topics.

So where we are is that people are now using the Internet to, well, just be people. They don't care so much any more about technology, and they are not alpha geeks.

No longer are we dealing only with technology silos, but with real issues for (non-technical) society to deal with.

But data portability as a specific part of that can't try to address all the issues of society.

Then there are all the technologies. SAML, OpenID, Information Cards, OpenSocial, Social Graph API, ATOM, XFN, FOAF to name just a few.

And data portability as a specific user of these technologies can't try to convince anyone that any one technology can deal with the whole issue of data portability.

So, what is the problem that we can solve in data portability?

My opinion is that we should address specific, and likely quite small, things - help establish interoperability between the various technologies and vendors. Think about the big issues, but make small, specific solutions that enable society as a whole to solve those issues without making ourselves crazy.

Just my opinion though.

Python list comprehensions

2008-04-09T16:54:00.004-04:00

I've been writing some code to suck out query parameters today. While figuring out how to do it, I discovered the following code in an email thread:

params = [p.split("=", 1) for p in self._query.split("&")]

This uses a Python list comprehension quite nicely to turn my urlparsed query string into a list of lists, where each sub-list contains a key and value from the URL query string.

How does this expression get evaluated?

i) We know it returns a list because you asked for it by placing the whole shebang inside these square brackets [...] ;)
ii) The sub-expression p.split("=", 1)appears first, and this is run on each p in the 'for' sub-expression.

In English: for each &-separated key/value pair p in the string self._query, split that pair on the = sign, and create a list containing the two values. Return a list of those lists.

List comprehensions. Hmmm....

SOAP vs. REST - why should you really care?

2008-04-08T16:50:00.005-04:00

For many moons, the WS-* crowd, and the RESTafarians have argued. But what are the real differences in the two approaches? Although the argument is old, I still get asked for my opinion on this quite regularly - so here it is:

If you control the software at both the client and the server (sometimes known as the SOAP nodes ;) you can do whatever you'd like. In that case, you could choose to implement SOAP headers, or HTTP headers and no-one would know the difference. You can write your
own protocol, or use an existing one and extend it. A SOAP envelope is then "just an envelope". HTTP allows headers, and an "entity-body" - is an HTTP request or response then "just an envelope" too? Conversely, if you're writing an application that must talk with software written
by someone else, you'll need to support that interface, whatever it is.

So these days, other than out of necessity, why would someone offer a SOAP interface to their Web service?

Will your interface be "bound" to more than one network transport? If you want to send SOAP+your interface over HTTP to some clients, and SOAP+your interface over BEEP to others, SOAP offers some independence from the underlying transport, but the abstraction is still leaky (see SOAPAction for example). Some would argue not only that the abstraction is useless, but that it is actually a hindrance to programmers.

If others will develop software to talk to that interface, there are some almost-nice tools for creating SOAP/XML-based object "stubs" from XML (WSDL) files. These might make it easier to develop clients for a SOAP service. In my experience though, WSDL and XML descriptions can make only a poor substitute for talking to a human being and simply "following links". In other words, I'm not sure if there really is a short-cut to creating the code necessary to properly access any particular Web service (unless you are able to choose a good standard for your service, and find code that implements the standard, and works for you)

There are several (WS-Security, WS-Trust, ID-WSF Authentication Service) well-documented ways of doing reasonable forms (beyond cleartext passwords) of authentication and simplified sign-on over SOAP. Of course, now that we have OAuth, what's the problem with authentication in an HTTP header?

SOAP + BEEP allow you to create a single channel (ie. TCP socket connection) to send messages between two peers, rather than with the potentially more pedestrian HTTP method of requiring two peers to be running both a client and a server (and establish two channels) Beyond the cost of setting up two channels versus one (which may of course still be very important - espeically in an unreliable mobile network!), is there any other advantage to being able to create only one channel for two-way communication? How does SOAP + BEEP compare to XMPP in this regard?

When should you definitely not use SOAP?

Would you like responses to be cached at the edge of your network, rather than retrieved, each time, from your database? Don't want to write your own caching proxy code? HTTP has this already.

If your client is the common Web browser, SOAP doesn't make very much sense at all.

At Mashup Camp

2008-03-18T17:29:00.005-04:00

"If I see another cross-platform browser-based open mashup development environment, I'll scream."

At MashupU I have learned some things today. In addition to JSON, we now have Yahoo's serialized PHP. And Yahoo's FireEagle looks very cool.

But the real learning here is that (as Seth Fitzsimmons of Yahoo noted sagely) mashups are no longer the result of someone "viewing source" to extract a web API, but are really the very intentionally open APIs to web-based applications. Business mashups are the theme here, with products such as IBM's Lotus Mashups being squarely targeted at the enterprise market.

We'll see what tomorrow brings...

Pandoc on Gutsy, revisited

2008-02-04T14:11:00.000-05:00

Thanks to the following comments from John McFarlane on my earlier post:


As for the problem with 0.46 -- I was just able to compile 0.46 on
Ubuntu. So before I consider it a bug, can you try this? Download a
fresh tarball of pandoc-0.46, unpack it, and try 'make' again. If that
doesn't work, try this:

  make clean
  cp pandoc.cabal.ghc66 pandoc.cabal
  make

The problem you ran into has to do with changes in Haskell's "Cabal"
build program between GHC 6.6 and GHC 6.8.  A different 'pandoc.cabal'
file is needed depending on whether the user has GHC 6.6 or GHC 6.8.
The way we handle this is by checking the GHC version in the Makefile,
and using an appropriate 'pandoc.cabal'. Here's what I'm guessing
happened with you: when you first tried 'make', you didn't have GHC
installed properly, so the Makefile couldn't determine the GHC version
and decided by default to use the version of 'pandoc.cabal' that is
appropriate for GHC 6.8. This decision then stuck, even after you'd
gotten GHC installed. (Gutsy has GHC 6.6.)

If that's what happened, then a fresh install should work just fine.

I got my Ubuntu Gutsy version working just fine. And based on John's instructions, also made a Ubuntu Gutsy install package which you should be able to install with dpkg.

Photo-blogging at Twango

2008-02-01T15:03:00.000-05:00

I started to photo-blog quite a lot, using Nokia's Twango service (just to see what's there). The service allows me to upload photos via email, and so, I've setup my N95 to be able to email photos from my phone gallery:

i) View the settings for the Twango channel you want to email to:

You'll see there's an email address given.

ii) You can either send it as a vCard to an email address (not currently to your phone) or simply create a new contact in your contacts database.

iii) Now when you take a phone-camera image, you can press send, and choose the contact you saved in the previous step.

It's worked very well for me. Next up, I hope to write a Python script to do this in a more automated way!

Asus EEE PC vs. MacBook Air

2008-01-17T11:16:00.000-05:00

What, you say? A sub-$400 Linux machine against the new flagship product of the greatest marketing machine around today?! Surely not!

But here are the technical specs:

ASUS EEE - 900 MHz Intel Celeron,
512MB main memory (expands to 2GB), 4GB SSD internal storage, 3 USB ports, user-replaceable battery, SDHC slot, Ethernet port, 7" screen(800x480), 0.92kg weight, priced at less than $400

MacBook Air - 1.6GHz Intel Core 2 Duo (1.8GHz for extra $300), 2GB main memory (no expansion AFAIK), 80 GB PATA internal storage (64GB SSD for extra $999), 1 USB port, battery replacement only by authorized service, no SDHC slot, no Ethernet port, 13.3" screen (1280x800 LED), 1.36kg weight, priced from $1799

And although they are different shapes, they both fit into envelopes (one smaller than the other ;)

The Air is definitely beautiful, and represents an advance in industrial design techniques. But the EEE represents an advance in value for money. For someone who just wants a travel laptop, I'd have to say that the EEE is a better compromise decision than the Air. And if you want a full-featured laptop for general usage, you'd be better off with a regular MacBook Pro. Of course, that's just my opinion. In comparison, though, the most remarkable thing to me is the difference in price - the Asus is really stunningly good value for money, isn't it?

Installing Pandoc on Ubuntu Gutsy

2008-01-16T11:29:00.000-05:00

I am a very big fan of Pandoc - a tool for converting from one markup format to another. It's most useful for me in converting Markdown-formatted text into S5 or "regular" HTML.

Unfortunately (for me at least) Pandoc isn't yet a standard package in Ubuntu Gutsy (it will apparently be in Hardy) and as far as I know, it hasn't been officially backported.

So, I had to install it myself, package by package, finally compiling from source:

First, version 0.46 (and 0.45) had an error that prevented me compiling it:


jkemp@deepsea:~/pandoc-0.46$ make
./setup configure --prefix=/usr/local --with-compiler=ghc --with-hc-pkg=ghc-pkg
setup: pandoc.cabal:39: 'Executable' stanza starting with field 'library
if flag(splitbase)
build-depends'
make: *** [dist/setup-config] Error 1

I was able to successfully make version 0.44 by first installing the following packages from the usual (Gutsy) places:


jkemp@deepsea:~/$ sudo apt-get install ghc6 libghc6-xhtml-dev libghc6-mtl-dev libghc6-network-dev

Note: I determined the necessary libraries by checking the pandoc.cabal file included in the source tarball, and adding 'libghc6--dev' to the install line above. I verified this by then removing the libraries, and running make, replacing each library one by one.

After doing that, and unpacking the source tarball, I just ran 'make' and 'sudo make install' in the source directory, and voila, I was able to run Pandoc!

Amusement Park Safety

2007-12-11T12:30:00.000-05:00

October 2006. The vacation of their (albeit short) lifetime for my daughters to Disney World, down in Florida. Things didn't quite go as planned, though, when one of my daughters became trapped in the entrance to a ride at Disney's Epcot Centre. She was stepping down into one of the cars when the semi-automatic gates closed on her. She pulled her head back, but her neck was trapped between the bars of the entrance gate.

The people operating the ride tried to push the safety release for the gate, but it wouldn't open. Four of us (none of us Disney staff) wrenched at the gate until finally we were able to open it manually.

Fortunately, my daughter was unharmed. An older, bigger child might have been trapped without being able to breathe.

Disney staff were certainly quick to offer medical help.

But within hours the ride was operating again. Why was power turned off to the emergency gate release? Why were we ushered into the ride entrance without the gates first being closed? I took the ride alone the day after this accident, and no procedures appeared to have changed. Why not? Who decides whether an accident is worthy of review and who gets to review whether this ride is actually safe enough for the people sitting on it?

The answer is shocking. Large operators can do what they want, and review (or not) according to their own ideas of safety. That's because there is a loophole in the consumer product safety law, designed to let these large operators make the rules for themselves with no public oversight. Representative Ed Markey (D. MA) has sponsored an amendment that would remove the loophole, but the lobbyists are out in force.

If you are reading this blog, and you live in the USA, please call your representatives and ask them to vote in favour of HR 2320, the National Amusement Park Rides Safety Act of 2007.

Saferparks.org, and rideaccidents.com can tell you more about why this legislation is needed. An amusement park shouldn't be a place to find dead or injured children, and we can help prevent such accidents.

Kernel recompile on Asus EEE

2007-11-30T13:32:00.000-05:00

I am the very proud owner of an Asus EEE! I can't even describe how happy even the default simple interface of this machine makes me. It's about 1/4 the size of my 15" MacBook Pro, but I've already set it up to do full-featured software development in Java and C - perfect for the airplane environment in which I often find myself developing software.

I had until yesterday two problems:

i) By default the Xandros kernel installed on the device doesn't support more than 1Gb of RAM.
ii) My work environment requires encryption of the filesystem, and because the device mapper isn't supported, I couldn't use dm-crypt and cryptsetup to access encrypted partitions.

So I had to compile a new kernel - woah!

Asus has made the kernel source for the stock hardware available so I downloaded and uncompressed it, installing it to /usr/src.

I got the original kernel configuration file from /boot/config-2.6.21.4-eeepc, and copied this to /usr/src/linux/.config, and ran:

make oldconfig
make prepare
make scripts

I then adjusted the CONFIG_LOCALVERSION in the config file to be -eeepc-HIGHMEM, and set the other variables via:

make config

(as 'make menuconfig' didn't work for me).

I adjusted the following kernel settings:

i) High memory, currently set to 1GB to 4GB
ii) Device Mapping (in RAID and LVM) CONFIG_MD, and CONFIG_BLK_DEV_DM, CONFIG_DM_CRYPT as modules ('m' option).

and then compiled a new kernel in the usual way:

make bzImage
make modules
make modules_install

Now crucially, because I changed the name of the "local version", the modules got copied to a new sub-directory of /lib/modules. If you don't change the name, and you use the stock source, your existing modules will be overwritten, and because you changed the memory settings, you will have weird events when you try to boot your old kernel that will try unsuccessfully to use the new modules.

Note also that I DID NOT run 'make install' to put the kernel in /boot!

It turns out that Asus used something called unionfs - a filesystem that merges directories or disk partitions to appear as a single filesystem. Although this is terribly tricky, it turns out they did this to make it hard for someone to mess up their PC so badly they wouldn't be able to restore it to factory settings on their own. And this means that however hard you try, you can only make it look as if you installed a new kernel in /boot - it won't happen because you are looking only at the user partition of your filesystem, not the system partition, which contains the real /boot directory!

Anyway, what that means is that you need to find another way to install your new kernel. My way involved getting into single-user mode on your EEE PC - like this. Once I had done that, I edited the real /boot directory to add my new kernel and system map, and then edited /boot/grub/menu.lst to include the new kernel (in addition to adding the rescue mode entry, as detailed on the wiki link above). You could also build your kernel on another machine and put it on a USB drive to ship it to the EEE PC, but you'd still need to be in single-user mode to install it.

I booted to the new kernel, and started using cryptsetup to encrypt my USB disk!

Next I can look forward to breaking the warranty by putting "too much" memory in it...

Nokia 2.0?

2007-11-19T11:11:00.000-05:00

There has been a lot of discussion inside Nokia about our role as a services company, and what "Web 2.0" means to us (and us to it). The "unofficial" ad here at first glance makes me wince. But is it perhaps self-ridicule, and thus quite Web 2.0 and "post-modern"? If you look at it with such a squint, it's at least quite funny!

The life of an astronaut...

2007-10-22T12:17:00.000-04:00

Is apparently not for me. At 76 inches I'm apparently too tall to be a NASA astronaut candidate - Now, if only I could be disqualified from economy-class airplane flights too...

Facebook opens profiles to public

2007-09-06T12:26:00.001-04:00

Facebook has apparently opened up. Unfortunately, it's probably now a bit too open. Rather than opening up profiles to everyone, wouldn't it have made more sense to allow people with OpenIDs, holders of Google accounts, or Windows Live ID users to access Facebook profiles?

UPDATE: I accessed my Facebook account today, and noticed that I was able to edit my 'search privacy' settings to uncheck the boxes that would enable the sharing of my profile with the world. That's good.

How to make yourself feel smaller (and more educated)

2007-09-05T11:40:00.000-04:00

I'm not talking about a new diet.

But if you're working on anything to do with the Internet, or even just using your web browser, you could do a lot worse for your body (or mind!) for 90 minutes than watch this video presentation by Vint Cerf about "Tracking the Internet into the 21st century.

OpenID and Cardspace, the pleasure and the pain...

2007-08-30T10:10:00.000-04:00

Gerald Beuchelt of Sun blogs some interesting comments about the Sxip draft specification showing their view of how to combine OpenID and Cardspace. Gerald raises some excellent points, particularly about how the Cardspace decoupling of RP protocol exchange and IdP protocol exchange is essentially broken by the way that this specification has been written:

While the OpenID Infocard token replaces the HTTP redirect with the much more phishing resistant Infocard scheme, it will lead to some significant confusion in the marketplace. Educating customers and end-users might help to some extend, but explaining the differences between auditing and non-auditing mode is going to be very difficult. This is why Kim is rather careful about not advocating it: it breaks his own 7 laws.

What would surely be best, given the variety of SSO solutions today, would be to specify a way in which the RP protocol exchange were truly decoupled from the exchange happening between the "identity selector" and the IdP. In that way, the identity selector could talk OpenID with the RP, and possibly another protocol with the IdP. You'd need to "translate" a token at the identity selector (client side). What is needed to allow the RP to trust this translation process? How can this translation be specified securely? Seems like a good use-case for Project Concordia... And back to Gerald's point - a protocol containing an active intermediary should be treated differently than one where simple HTTP redirects are used (see the definition for the SAML 2.0 Enhanced Client for example)!

Advance in mobile phone design

2007-08-29T16:44:00.000-04:00

Even though I work for a mobile phone company, and I often get new phones to play with, I've not seen one quite like this Russian masterpiece:

Making "liberty cabbage"

2007-08-29T11:49:00.000-04:00

On Sunday, I decided to take the three cabbages we had sitting around,and turn them into "naturally fermented" (not pickled) sauerkraut. That might sound difficult, but involved only the following steps:

1. Remove the outer leaves of the cabbage, and slice the rest of it as thinly as you'd like.
2. Weigh the cabbage and put it in a bowl.
3. For each pound (lb) of cabbage, sprinkle 1.5 tsps. of salt into the bowl.
4. Mix the salt and cabbage well, and let it sit, while you wash some (no bigger than a quart) mason jars. Don't use anything more than hot water to wash the jars - they don't need to be boiled, and you actually want the (good) bacteria to be around to do their work.
5. Stuff the salted cabbage into jars, and cap, leaving around 3/4 inch of headroom.
6. As the lactobacilli go to work, some gas may be produced, so put your jars on a tray.
7. Leave them at a temperature of 62-72F for up to three weeks, and then refrigerate. The sauerkraut should be good to eat already!

Coincidentally, on that same day, I started reading a book set during the first world war, at a time when sauerkraut was known in the States as liberty cabbage. The phrase "freedom fries" was then not so innovative - fancy that!

REST and mindfulness

2007-08-16T19:05:00.000-04:00

When I woke up this morning, I blundered about a bit with my eyes not focussed, pulled various implements from the drawers in my kitchen, and somehow, without really thinking anything at all, made breakfast for myself and my daughters. If I'd have been thinking, I might have noticed that my right ankle is still painful in the mornings, a whole year since being fractured. Or if I'd have tried to focus my eyes, I might have noticed that my left eye can't see too much close up. Hurray for mindlessness, thought I!

Mindfulness, for those who don't know, is (according to the ever-helpful Wikipedia)

"a technique in which a person becomes intentionally aware of his or her thoughts and actions in the present moment."

I was reminded of mindfulness recently, while reading the excellent RESTFUL Web Services, recommended to all of us at XML Summer School this year by Paul Downey and Marc Hadley.

This book actually writes down the specific techniques for adhering to the previously somewhat nebulous REST architectural style. I still might not be able to describe this style concretely, but I can think I can safely say "I knew it when I read this book."

Mindfulness can have some disadvantages. Why is it that people who wish to use the PUT and DELETE verbs have to resort to workaround hacks (like putting the real method in a query parameter) because of sketchy browser support? It would be nice to fix that - these workarounds seem no better than "tunneling" a SOAP message inside an HTTP request. And this book certainly doesn't spare "Big Web Services" from a ripping. The authors do note, however, in Chapter 10 that

"The WS-ReliableMessaging standard is motivated mainly by complex scenarios that RESTful web services don't address at all. These might be situations where a message is routed through multiple protocols on the way to its destination, or where both source and destination are cell phones with intermittent access to the network."

I'm relieved to see that Nokia's use of Big Web Services looks like it might be a reasonable choice then.

This book skewers SOAP+WSDL-based web services quite mercilessly. I actually think that's not necessary. I could have personally benefited from a more even-handed look at when you might want to use the WS-* specifications, or even how one could make more RESTful SOAP-based services. After all, isn't REST is an architectural style, rather than an actual architecture? And the authors do describe quite nicely how to make more RESTful AJAX applications (which also come in for a bit of a stick due to their lack of addressability and surfeit of state.)

I'd have to say, though, that this book represents an actual advance in the art of networked software development. Even the developers of Big Web Services should read it.

Tips on using Google anonymously

2007-08-13T09:26:00.000-04:00

I've been using Tor for a few years now. When I first installed it, I found Tor quite difficult to configure, and given that it introduced an intermediary application to my web browsing, the speed of my Internet browsing experience was suddenly not so wonderful. Tor is these days easier to configure and has less of an effect on web performance. But it's not for everyone. I came across this post today, which talks about some other tips to make it more difficult for web services to discover things about you. I hadn't heard about the Customize Google plugin before. Given what it does to protect your anonymity when using Google services, I am now a happy user - not the only one, it seems...

Warrantless wiretapping - more bad consequences...

2007-08-10T12:15:00.000-04:00

Susan Landau writes a rather depressing piece in the Washington Post (via the cryptography mailing list)...

Cognitive consonance?

2007-08-09T16:28:00.000-04:00

My 4.5 year-old daughter stood on the bathroom scales this morning.

"I love standing on this ruler, Daddy"

she says...

S60 3.x development - cross-platform

2007-08-09T16:17:00.000-04:00

I followed the instructions found here and was able to compile several Symbian projects on my Ubuntu machine today. The only problem I had was with makekeys, which seemed to be complaining because of this issue. I fixed it by running the following line in the epoc32/tools directory:


wine makekeys -cert -password "yourpassword" -len 2048 -dname "CN=Joe Bloggs OU=Development 
OR=Acme Ltd CO=GB EM=noone@nowhere.com" mykey.key mycert.cer

There's probably a better way to do it...

Python web services on mobile phones

2007-08-08T14:45:00.000-04:00

A while back, I demonstrated running Python scripts on a mobile phone, that could connect to web services via simple Python classes and methods. Well, I've just published the glue code that allows you to do this on phones like the N80, N95 and so. It all uses the Nokia web services framework which you'll find on all the N and E series phones these days. If you're interested in trying it out, download the source code from here. Cool! Well, I think it's cool anyway...

A valiant effort

2007-08-08T13:28:00.001-04:00

In the three faces of user "centricity", Eve provides some useful definition around what the phrase "user centric" might mean, shorn of the technology and product marketing that has obscured any common understanding of the term so far....

SAML Enhanced Client or Proxy

2007-06-27T15:13:00.001-04:00

Kim Cameron seems to be against invisible redirection in web browser-based SSO protocols, such as WS-Federation Passive, OpenID, and SAML browser profile. He mentions Cardspace and Higgins as two alternatives to the redirection methods employed by these other protocols.

I'd like to add the SAML Enhanced Client or Proxy (ECP) profile of SAML 2 to that rather exclusive list.

In SAML ECP, the user agent is assumed to be something more than a browser (perhaps a browser with a plugin, for example, or, gasp, a browser that could call the Cardspace executable!)

Here's a diagram that shows the ECP profile (extracted from the SAML 2.0 profiles document of March 2005) steps (click on it if you actually want to read the text!):

There is no browser redirect in this scenario. The RP simply responds to the initial request from the client with a SAML authentication request (in step 2). The client can then make its own mind up about which IdP to submit the authentication request to. Note that the request might not be signed by the RP, allowing the client<->RP and client<->IdP protocol transactions to be decoupled. It's worth noting that the client might not even actually be a client (hint: that's why 'proxy' appears in the name of the profile ;)

Oh, and according to this table here, there are several companies who support SAML ECP, so there's no reason SAML couldn't be used to (as Kim suggests)

Give the user a smart client, as is the case with CardSpace or Higgins, and whole new user experiences are possible that are “post nagging”. The invisibility threat is substantially reduced.

Nordic Paragliding Championship

2007-06-15T12:59:00.000-04:00

You might wonder why I would write about Nordic Paragliding. Well:

i) I work for Nokia, which is of course a Nordic company. Which means I know a few "Nordics"
ii) My friend and former Nokia colleague, Robert Aarts, has recently started blogging. Robert also paraglides, and is participating this next week in the Nordic Paragliding Championship in Piedrahita, Spain. I hope the thermals are favourable!

AOL and SAML 2

2007-05-29T08:51:00.000-04:00

George Fletcher blogs about AOL's SAML 2 based simple federation protocol.

Embedding S60 Python in Symbian C++

2007-04-11T16:51:00.000-04:00

It's pretty common to want to extend S60 Python by adding functionality available to the underlying S60 C++ APIs. In this regard, S60 Python looks a lot like Python on any other platform. You can extend Python with C++.

But, you can also embed a Python interpreter "inside" S60!

It looks like the following, which does a lot of setup, but calls the function 'foo' in the module 'Bar'. A string value is passed to the Python function, and a string value is returned


 TInt retVal(KErrNone);

 // Create a  Python interpreter
 CSPyInterpreter* it = CSPyInterpreter::NewInterpreterL();
 CleanupStack::PushL(it);

 // Save state of any current Python interpreter, and acquire the
 // interpreter lock
 PyEval_RestoreThread(PYTHON_TLS->thread_state);

 char *module_name = "Bar" ;
 char *foo = "foo" ;
 char *response = NULL ;

 TInt32 r_len = 0 ;
 PyObject *pModule = PyImport_ImportModule(module_name) ;

 if ( pModule != NULL )
   {
     PyObject *module_dict = PyModule_GetDict(pModule);
     PyObject *expression = PyDict_GetItemString(module_dict, pre_handler);
     PyObject *arglist = Py_BuildValue("(s#)", aString.Ptr(),aString.Length()) ;

     PyObject *result = PyEval_CallObject(expression, arglist);

     response = PyString_AsString( result ) ;

     r_len = strlen( response ) ;
   }

   // Make a Symbian descriptor pointer to the char * response
   TPtrC8 symResponse((TUint8*)response, r_len ) ;

   // Clean-up, and restore thread state

   PyEval_SaveThread();
   CleanupStack::PopAndDestroy(it);

The Python function foo, in Bar.py is very simple:


 def foo( message ):
   return 'foo got message:' + message

More information about embedding a Python interpreter in your Symbian code can be found in the S60 Python documentation (chapter 9.1)

Real ID, a review (Part I)

2007-04-06T10:28:00.000-04:00

The Real ID Act, passed in 2005 as part of the "Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief, 2005" has certainly aroused passions. Draft regulations were recently published (in PDF) by the Department of Homeland Security.

As the name of the containing bill suggests, Real ID is supposed to aid in the "global war on terror" (sorry, that's Global War on Terror.) The suggestions, either in the bill, or which have been made by supporters of the bill is that there are no federal standards on the collection of data used to establish the identity of the applicant for a driving license. Some states may have rules for data collection that are quite stringent and perhaps also effective, whereas other states have more lenient requirements. This is probably true.

What do the draft regulations do to improve that?

Documents Required for Proving Identity.

The list of acceptable documents that DHS proposes to establish identity for purposes of this regulation is as follows:

• A valid unexpired U.S. passport
• A certified copy of a birth certificate.
• A consular report of birth abroad
• An unexpired permanent resident card.
• An unexpired employment authorization document (EAD).
• An unexpired foreign passport with valid U.S. visa affixed.
• A U.S. certificate of citizenship.
• A U.S. certificate of naturalization; or
• A REAL ID driver’s license or identification card issued subsequent to the standards established by this regulation.

Until May of 2013, however, you're not required to use a REAL ID driving licence. And the true nature of the REAL ID act is shown in their definition of "official purpose" - as in the following summary of the proposed rule:

DHS proposes to issue REAL ID regulations that create minimum standards for State driver’s licenses and identification cards that Federal agencies can accept for official purposes on or after May 11, 2008.

Official purpose is later defined as:

Section 201(3) of the Act provides that the term “official purpose” “includes but is not limited to accessing Federal facilities, boarding Federally-regulated commercial aircraft, entering nuclear power plants, and any other purposes that the Secretary shall determine.”

For most people, the only time that this regulation will really be relevant is when you need a federally-qualified REAL ID driving license to board an airplane (unless you use your government-issued passport).

So, it seems to me that the initial changes relevant to the average person are:

i) There will be federal standards for the presentation of qualifying information when obtaining a state-issued driving license.

ii) From 11th May 2013, you will be required to present a federally-qualified REAL ID driving license when boarding a commercial aircraft.

That all seems quite reasonable so far, actually.

Of course, the mere fact that REAL ID wasn't passed as an independent bill, but as a rider on a funding bill that most congressman probably couldn't vote against, is pretty disreputable.

And then, there's always the interesting question about whether such rules as proposed by REAL ID will actually really do anything about terrorism... Oh, and the question of whether privacy becomes further compromised under these regulations...

Well, more in part II!

In support of Kathy Sierra

2007-04-03T11:16:00.000-04:00

Today, I read about Kathy Sierra, a blogger who has received death threats, presumably related to something that she said in her blog. Back in the day, the Well came up with the notion that You Own Your Own Words (YOYOW). In the case of the Well, one cannot act anonymously, but in many blogging situations today, one can post with pseudonyms, relatively anonymously.

That doesn't mean that one should post "cowardly".

If people abuse a system that allows anonymity, we'll end up in a situation where those with agendas that dislike anonymity or "pseudonymity" will be given all the good reasons they need to ensure that anonymity becomes either technically, or legally forbidden.

Is that really what we want?

Why biometrics might be bad identifiers

2007-04-02T11:03:00.000-04:00

Several articles from Kim Cameron about the use of biometrics in schools and pubs led me to think about specifically exactly what might be wrong with using a fingerprint, an iris scan, or your "faceprint" to identify you from a group.

I came up with the following - can you think of any more?

1. Use of a biometric as a username or password

In some biometric-based systems around today, a fingerprint is used instead of a username or account number. Imagine that you're using your fingerprint where you might once have used your credit-card or social security number, or even a made-up username.

If you're using a biometric instead of a username or account number, then you're using an identifier that you cannot easily change. If your fingerprint is stolen in either gruesome or not-so-gruesome style, how can you be sure someone won't act as you?

2. Ubiquity of yet more "personally identifiable information"

Advocates of (typically those selling) biometric-based systems claim that by storing "biometric templates" rather than actual biometric data itself (ie. storing the "hash" of a fingerprint rather than the actual fingerprint itself) the biometric data itself is useless for any other purpose than that for which it was initially designed. Thus a fingerprint template created with some knowable hash algorithm for a food service system (for example) can't be used by a law enforcement organization (for example). Does it sound like this is really true? If another organization has a fingerprint and either knows the hash algorithm to create the fingerprint template, or can obtain the algorithm from the company that made the original system, the template is just like the fingerprint. This means that organizations can collude to identify an individual from some particular group, and that some piece of information you can't change allows the unique identification of you from a bigger and bigger group.

Bootstrapping SAML from OpenID

2007-02-12T11:11:00.000-05:00

I've been interested for a while in bootstrapping ID-WSF/SAML from an OpenID 2.0 Authentication Protocol exchange, and below, I present two approaches:

Both take advantage of the OpenID 2.0 Authentication Extensions [1] section and SAML bindings and profiles.

i) Create an extension attribute that holds a reference to a SAML AssertionID (in SAML, this is a saml:AssertionIDRef).

Obviously, the namespace for the OpenID attribute would be a SAML 2.0 namespace, the name would be a URN representing "saml:AssertionIDRef" and the value would be a SAML AssertionID (or perhaps a URL containing the assertion ID?)

When an RP received a successful authentication response from the OP, the response would contain this assertion ID.

The subject of the referenced SAML assertion MUST be the holder of the OpenID (ie. the user) and the assertion could then contain one or more SAML statements about that subject.

The RP would get this assertion by simply making an HTTP request (could even be an HTTP GET) with a query (or form) parameter containing this referenced AssertionID. This method is called the SAML URI Binding (section 3.7 of [2])

Of course, I think the RP should (MUST) do this over TLS as we're definitely going to use HTTP here.

So this would be a simple, and RESTful way of getting a SAML assertion linked to an OpenID authentication.

ii) Create an extension attribute that would hold a full SAML Artifact (an artifact is a short string of bytes, and is a pointer to a full SAML response (not just an assertion), which may contain one or more assertions and other SAML protocol goo. This would look more or less the same as above but with more SAML functionality possible. Instead of a saml:AssertionIDRef, the extension would hold a saml:Artifact.

Once the RP has the artifact, it can "resolve" the artifact to get a full SAML protocol message, by sending a saml:ArtifactResolve message to the OP/SAML Responder.

That would require a bit more work, as currently I think the only way that one can send that message is via SOAP - I think we'd need to have a URI binding for a SAML artifact (right now I can't see that this exists) that allows an HTTP request encoding of the ArtifactResolve request message and corresponding response.

The next step might be to write up i) as an extension spec. (if people think it's worthwhile?) and to further investigate ii).

Comments?

[1] http://openid.net/specs/openid-authentication-2_0-pre11.html#extensions

[2] http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf

Google does SAML

2007-02-08T10:17:00.000-05:00

Who knew - you can apparently do SAML SSO into Google Apps...

Windows Vista Home versions aren't allowed in Parallels?!

2007-02-03T11:05:00.000-05:00

From the Windows Vista EULA according to the Parallels website:

Here's the tecnical legalese from the EULAs:
For Vista Home Basic and Home Premium Editions:
“USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.”

I only run Windows (XP) in a virtual machine on my Mac, so this will preclude me, and presumably others who don't want to violate the EULA from upgrading to Vista. Will people really pay more for the premium versions simply to not violate the EULA?

More about this at InformationWeek
.

Life, Liberty and Mobile Identity

2007-01-10T21:47:00.000-05:00

Doc says that not much has happened in mobile identity. I don't know that I totally agree, but I'll be helping him with the cause anyway at the Mobile Identity Workshop on January 26th.

Prior to that, I'll be giving an introduction to (what I call) "Liberty for hackers" at the Liberty 2.0 Workshop on the 22nd. Eve, Paul and Conor will be among others talking about Identity, Liberty
and the... well, you think know the rest, right? But if you want to be sure, why not come along...

I'll also be speaking at the SDForum Web Services SIG on the evening of the 23rd, describing Serene (officially known as, ahem, the Nokia Web Services Framework), a mobile identity web services framework, shipping on Nokia E and N series phones.

I hope I don't lose my voice before I get to the Mobile Identity Workshop.

Eve made me do it...

2006-12-20T13:58:00.000-05:00

I don't know how she does it, but Eve somehow manages to get me to do things that aren't always good for me - like singing Bohemian Rhaps-ID! So, when she challenged a group of us to blog about five things not widely known about ourselves, I felt compelled... but somehow nervous. Anyway, without further ado:

Lots of people know I'm English. But not a lot of people know that I come from the Isle of Wight, the smallest ceremonial county in England, and home to the Isle of Wight Rock Festival, England's very own Woodstock.
I played American Football in England, and was a wide-receiver and cornerback for the (now defunct) semi-professional "Ashford Cruisers" in the UK's first American Football league. Now that I live in the USA, I play a different kind of football...
I can swear a little in Dutch. I traveled quite a lot when I left high school. One of the things that was common in people I met in other countries was their desire to teach me insults in their language - don't ask me why! One of my favourites was the Hebrew "I'm me, and you are my mule".
Prior to becoming a software developer, I picked grapes and helped tend a vineyard. I grew up on a small farm, and spent a couple of years working on several other farms before finally deciding that I'd rather be artificially intelligent than the real thing...
I have been a big fan of the Beatles all my life, and I think many of their songs are mathematically perfect. But more interestingly (perhaps), when we got our first dog (I was 8 years old) I named her "Lucy" after Lucy In the Sky with Diamonds.

I don't yet recall five other people I know who have blogs, but who haven't already been tagged, but if I think of some, I'll put them up...

SAML Glossary in HTML!

2006-11-08T16:03:00.000-05:00

It might seem like no big deal, or maybe "why didn't we do this before", but the SAML Glossary is now available as HTML (thanks to Eve Maler and Jeff Hodges). The reason I see this as (relatively) exciting is that search engines will now be able to index the terms in the glossary and you can look them up simply by doing a web search. And that's cool, at least, if you're looking for a nice authoritative resource of security-related terminology (including references to other such works that came before it) ;)

Green for go?

2006-10-28T22:57:00.000-04:00

Internet Explorer 7 will fill its URL bar in green if the site with which you are connecting is using SSL, and happens to have one of these new-fangled "high assurance" SSL certificates. They explain that whole thing on the IE blog. IE will also show you the CA and the Common Name of the company whose SSL certificate is being used in the SSL handshake.

I'm all for improved security on the Internet. Is that what this is?

Apparently (if you read the same page I linked to above) a new standard of verification of certificate requests is being developed by the somewhat murky CA/Browser Forum (can anyone find their website, or a full list of members?). This verification standard will result in a new process for getting an SSL certificate. If you're a website vendor, you'll submit your certificate request, but you might need to find some way to prove you have the ability to act on behalf of the company you wish to have represented in your certificate (are you really an employee of that company, for example?)

I can't find this process documented anywhere. Which companies are even in the "CA/Browser Forum".

I think it's cool that IE7 will display the Common Name and the Certficate Authority from the SSL certificate (Although IE could do that for all certificates - regular SSL certificates have that information too) - these could be nice visual cues to the viewer that the information displayed from the certificate is related to the domain name in the URL bar.

But what does it mean that the URL bar turns green?

We don't yet know the process by which a company is validated in order to receive their certificate. And will the IE URL bar turn green for just any CA who issues high-assurance SSL certificates? Will the other browser vendors use the same methods and user interface cues?

It might be nice if some of that information were public.

World Cup

2006-05-31T14:15:00.000-04:00

I don't care if you call it football or soccer, but the World Cup is almost here. If you have even a clue about the beautiful game, then head over to the BBC World Cup website and fill out their predictor . You might be surprised...

My top four came out as follows:

1. Brazil
2. Czech Republic
3. England
4. Sweden

Even without Rooney, England are good enough to win this championship, but even with him, I still don't think they can beat a Ronaldinho-inspired Brazil.

In other news, our local over-40 football/soccer league kicks off next Monday when we'll (I should be playing somewhere on the left wing) be taking on Pittsfield - the world's gone football mad!

PHP XML Signatures

2006-04-18T11:17:00.000-04:00

A couple of posts recently (here, and here) have talked about how hard it is to sign XML content, and even questioned the usefulness of doing so. I don't totally disagree that it's hard, but I wanted to show how it was possible to use the xmlsec C library to provide the ability to sign XML content from a scripted environment, and that from an application programming perspective anyway, it didn't have to be so rough.

I wrote an article about this - comments are welcome ;)

Why I continue to run

2006-04-16T11:54:00.000-04:00

Back in the old days (when I was 20) I exercised for the fun of it. When you're 165 lbs, can run a 4:30 mile and feel full of energy all day, every day, that's not surprising. Fast forward 20 years, past two New York Marathons (and all the necessary training), a torn hamstring, a bigger body and long days and nights of "baby-wrangling", it doesn't feel quite the same. In fact, last year, I'd decided that perhaps it was time to stop running altogether. After all, my knees would be sore quite often after a run, and in general, the pain was outweighing the gain.

Yesterday, though, I decided to go for a run. We're staying with my wife's parents here on Long Island. It's not quite like where we live in the hills. In fact, there are more people in my parents-in-law's neighbourhood than in our entire town, but there are still nice places to run here.

I shuffled out of the driveway, down the lane that leads to the main highway in this area, and jogged across the four lanes split by a grassy bank. On the other side of the highway is a preserve. People mostly ride horses through this usually swampy densely forested stretch of land, but I like it for running on my own two legs.

It was a beautiful spring day yesterday, sunny and gently warm, just a hint of summer to come. I ran through a mesh gate and past the wooden steps where the riders mount their horses. The ground is sandy here, and usually a bit swampy, but yesterday it was quite firm. No real rain yet here this spring. Up the thin ribbon of track through the low bushes and trees I jogged quite gently, trying not to exert myself too much after a typical Italian-American lunch of lasagna, pizza and calzones. At almost 40, I'm still a "growing boy" in the eyes of my parents-in-law.

After about ten minutes of running through the woods, there's a clearing, and the sun hits you full on. The track winds through some grassy banks, along the side of a field and then back into the woods for a final fling. After a few more minutes, covered by shady trees, I run onto a private road, up a slight hill, before making a left turn back onto a quiet side-road. By now, I'm a little out of breath, but mostly just trying to stay calm because there's at least another two miles to run, all on the road, and mostly in direct sunlight. I don't really like running in warm weather at all - and anything above 65F constitutes "warm weather" when I'm running.

After winding along this fairly quiet side road for a bit, I make the last turn on that road before rolling up a little hill and back on to the side of the highway. By now, I'm usually a bit tired, and the highway is not the nicest ending to an otherwise perfect run. I'm usually thinking to myself should I stop and walk a while - conserve my energy? After all, no-one needs to know I didn't run the whole way. That's right - why bother exerting myself? Doesn't prove anything to anybody. And it's not easy, you know, running on a road, when you weigh close to 200 lbs, have two aging knees and a stiff hamstring. Anyone would understand why I might stop, have a little rest, walk a few steps. There's no TV, no iPod, no other distractions. Mostly there's just my brain, and all those sensory inputs going wild as my feet slap the ground and the shocks run all the way up to my head. I can feel the sweat on my forehead, and wipe it away consciously with the back of my hand.

By now, I've run another mile. Almost there. If I just run to the top of the last hill, I can walk the rest of the way. That would be a long warmdown, but it would qualify for a warmdown. Acceptable then to stop at the top of the hill. That's a relief. But I don't stop at the top of the hill. It's downhill from there - almost sprintable. Damn well is sprintable.

User-centric Identity - here today?

2006-04-06T16:23:00.000-04:00

It seems intuitive that the concept of user-centric identity is important to people. After all, what person wants to feel that he is not in control of his data, or that some murky corporate behemoth knows more about her than she wants to be known?

As Bob Blakely has pointed out, a user can't own much, if any, of his identity information. In many cases, he must create accounts with some credential-issuing entity (banks, credit cards, various government agencies among others) before he is issued credentials, and that involves sharing some identity information. And often, a user will share whatever information a company requires, simply in order to gain access to a service she desires. Once identity information is shared, it's certainly no longer "owned" - if it ever was exactly. But it seems to me that people like to feel that they have a little control over how this information is presented, and that technology can help.

What's in your wallet?

When I look in my wallet, I see lots of cards - credit card, bank card, driving license, frequent flier membership cards. Quite a stack. Oh, and then there are those thin green bills (sadly all too few) My entire wallet is full of credentials and identity assertions!

But now look at my laptop. I have a bunch of credentials there too - some in my "keychain", and some in the web browser "password manager". There are probably others that I'm forgetting.

That's pretty user-centric isn't it - a whole mess of stuff sitting around that I barely remember exists, and would have no idea how to recreate should my laptop die or be stolen. Yes, I do backup (probably not often enough), but still - ever tried to recreate all of your account logins even after a successful data restore? Do you also photocopy all of the important cards in your wallet?

The wallet seems a pretty useful metaphor here - a container for assertions you've received from assertion issuers. You pull things out of your wallet to either show or give to companies from whom you wish to get service. But wallets have baggage.

Where is your wallet?

Today, I'm pretty sure that the contents of my wallet are sitting here on my desk. Oh, but then there are those credentials sitting in my laptop in various places. Of course, there are also those identity details I registered with various places online - did I even give them the right information? I bet that I couldn't reproduce the same answers to their identifying questions if someone asked me the same questions again! So on second thoughts, I think the contents of my "virtual" wallet (which includes the contents of my physical wallet) is actually distributed in several places, some that I don't even remember. Oh dear. And some of that information is only useful for transactions conducted with exactly one company in exactly one context (yes, sometimes I really do lie about my age).

Not just a problem for users...

What must those web-sites and corporations be thinking - users that lie when I ask them important identifying questions? People who don't know where their identity information is? And, as a service provider, I'm holding personal account data for thousands of customers. A security problem waiting to happen? A thousand customer support calls because of a lost password?! Well, be patient - a solution might be coming. Perhaps it really is possible to get the information you need about your customers, without making them create accounts and hold their identity information with you? And if your customers hold this data wherever they feel it should be held, perhaps you are less likely to be held (legally) liable when identity data goes missing?

User-centric Identity - here today?

It seems to me that we have a user-centric (with a little 'u') system already. A system that devolves responsibility for maintaining a limited set of identity information to the user, without giving him or her the technology to properly manage it; a system that sometimes causes a user to lie because he doesn't want some online store to know everything about him, and a system that causes service providers to retain large amounts of sensitive information in their control, subject to theft and improper use.

We will soon do better - systems that allow a user to properly manage all of her identity information, regardless of where the information is actually maintained. Perhaps the wallet of the future can do a little more than my beaten-up old fake leather model can manage today?

Liberty and "company-controlled identity"

2006-01-12T17:21:00.001-05:00

I see that Johannes Erst had a post about the identity landscape of 2006, in which he says that "company-controlled" identity is "rooted in the Liberty standards." He also notes that Infocard is essentially "Microsoft-controlled identity." Sorry, Johannes, but I don't agree with his characterization at all, at a fundamental level.

First of all, the Liberty standards do not preclude at all the possibility for a company to write a user-controlled identity providing application. Several companies are doing that - allowing users to control the release of their information from an identity provider. Secondly, the identity provider may in fact be run, or controlled on a user's own device or computer, all according to the Liberty standards - for example, by using the ECP (enhanced client or proxy) single sign-on profile (see Kapil Sachdeva's blog for a nice demo application of this), and/or just running an identity-providing service directly on an individual user's personal computer or mobile device.

More importantly, I think that the distinction between company-controlled identity and user-controlled identity is fundamentally flawed. After all, even if I am able to control my own identity information, any company that wants to rely on my identity claims may simply force me to create an account with them in order to do whatever it is I'm trying to do that uses my identity information. So is all identity information "company-controlled"? I think not.

It is possible with the Liberty specs. to create and maintain user-controlled identity information. But any company can always choose to reject identity information (however it has been provided) when making decisions about whether to allow me usage of a service that company provides (even if that service is one run on behalf of my identity). Ultimately, service will depend on the relationship established between the provider of the identity information (or the user on whose behalf the identity information is provided) and the service provider.

Building an authentication

2005-12-21T20:04:00.000-05:00

So, what is a Liberty Authentication Service (PDF) (AS) good for? With the word 'authentication' in the title, you'd expect that it would be used for authenticating someone, and you'd be right on the money there. Because the Liberty AS uses, and is part of the Identity Web Services Framework, it uses the Liberty SOAP Binding - that means an authentication request carries the relevant SOAP header blocks to allow message correlation, message timestamps and that sort of thing. In addition to these necessary SOAP headers comes the actual SOAP body content. The SOAP body represents the application message, and the application here is an authentication service, so the body of a SOAP request contains an authentication request, and the SOAP response will similarly contain an authentication response. The AS allows what's called a challenge-response authentication to occur - the AS can challenge the requestor to do something in real-time, which is a good thing from an authentication perspective.

The Liberty AS uses the Simple Authentication and Security Layer (SASL) and binds SASL mechanisms to a SOAP message. I'm not going to go into any detail about that as there's lots of fine material available about SASL, but SASL is used to provide authentication for applications like OpenLDAP, and there are SASL mechanisms available for IMAP/POP mail and several other connection-based protocols. This means that if you already have a piece of software that provides the actual SASL authentication, the only piece missing in also providing a Liberty AS is the binding of the SASL protocol mechanisms you support to SOAP.

Here's what a SOAP-based SASL authentication looks like:

1. A client asks to be authenticated


001 <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">

002   <S:Header>
003     <sb:Correlation xmlns:sb="urn:liberty:sb:2003-08"
004       messageID="C8797D0D-9020-07FC-AF0A-5622C01F4A61"
005       timestamp="2005-12-21T19:43:45Z"/>
006   </S:Header>

007   <S:Body>
008     <sa:SASLRequest xmlns:sa="urn:liberty:sa:2004-04"
009       mechanism="PLAIN ANONYMOUS CRAM-MD5"
010       advisoryAuthnID="012345678901234"/>
011   </S:Body>

012 </S:Envelope>

At line 003, you'll see a sb:Correlation SOAP header block. This is used to pass a message identifier and timestamp to the server. These are used to a) provide a bound on a message cache (a list of message identifiers recently received), to prevent a replay attack (someone sending the same message multiple times within some timeframe) and b) allow the sender of the message to correlate any reply it receives to the message that the sender originally sent. These provide a small measure of security in this insecure world. The format shown in this message is based on the Liberty ID-WSF 1.1 specification. A newer version of the specification uses WS-Addressing defined SOAP header blocks to perform these functions. For those that care about the size of their SOAP messages (including anyone sending SOAP messages over a mobile GPRS network!) the ID-WSF 1.1 Correlation header block is a fair bit more compact representation of the same information, due to the use of XML attributes to carry the timestamp and message identifier, rather than individually defined SOAP header blocks for each of those elements.

Now, to the body. At line 008 you see the SASLRequest - the thing that binds a SASL mechanism to SOAP. In line 009 you can see the mechanisms that the client says it supports, using the SASL mechanism names defined by the relevant IETF specifications for each mechanism, and in line 010 the "advisoryAuthnID" can be used to hold advisory (ie. a hint) information about the identity of the requester - so if a particular user account name were associated with some account number, this attribute could be used to send that information.

2. The server's first response - carry on authenticating


001 <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">

002   <S:Header>
003     <sb:Correlation s:mustUnderstand="1" xmlns:sb="urn:liberty:sb:2003-08"
004       messageID="uuid-7062c9fe-8f38-40a8-b8d6-88e45d4d4e3e"
005       refToMessageID="C8797D0D-9020-07FC-AF0A-5622C01F4A61"
006       timestamp="2005-12-21T19:44:37Z"/>
007   </S:Header>

008   <S:Body>
009     <SASLResponse serverMechanism="CRAM-MD5" xmlns="urn:liberty:sa:2004-04">
010       <Status code="continue"/>
011       <Data>PGYzNTE3OGU1LTQ0MDEtNDA1Yi1hMzE4LWYxYWU4NjNkOTc1Nj4=</Data>
012     </SASLResponse>
013   </S:Body>
014 </S:Envelope>

As you can see in lines 003-006, this message also has a Correlation SOAP header block, but in line 005 the "refToMessageID" shows that this message is in response to the message which has the given identifier. The server indicates in line 009 that it wishes to use the CRAM-MD5 SASL mechanism, and in line 010, you see a status code indicating that the server wants the client to continue the authentication protocol (rather than failing because of some error, or succeeding because the authentication was successful). Finally, in line 011 is the data that pertains to the actual authentication. This data is a Base64-encoded piece of data chosen as a challenge by the AS. The challenge is used to help assure that the server is dealing with a current authentication request, rather than something stolen and cached by a malicious client. The client is then required by the CRAM-MD5 mechanism to send back the challenge data in a form mandated by the CRAM-MD5 SASL mechanism.

In the style of serialized thrillers, I'm going to leave it there for now. The server has issued a teasing challenge to the client's request for authentication, but the client is not authenticated. What happens next? You'll have to wait and see.

Blogging about blogging; blogging about SOAP

2005-12-20T17:01:00.000-05:00

Everyone is blogging these days. So, why not, thought I? But where to start, and where to go? I consulted my muse but I didn't get much help there. I perused the blogs of my friends and acquaintances - the list was short, but nowhere could I find much help on how to start, beyond the advice to use such and such a product and get your own domain.

Anyway, so I decided just to start. I'm an architect in Nokia's web services team. For the past two years, I've helped develop a piece of software that forms part of the Nokia/Symbian Series 80 operating system, and will soon be part of Series 60. That piece of software allows a developer on S60 or S80 to write applications that use web services. I've also contributed to SAML and the Liberty Alliance in the area of identity-enabling web services. And, I'm learning to play the ukulele!

More about all of that in future posts, I'm sure. Having worked with web services for a while, it was easy to forget how confusing all the jargon is - until a novice asks you naive but good questions about why you should bother using SOAP (didn't your mother tell you to wash behind your ears?!) or what exactly is a web service. So here's a handy, pocket-sized jargon-busting lexicon:

SOAP - (nominally) Simple Object Access Protocol. Once upon a time, SOAP was the successor to CORBA and RMI - latest in a line of ways to invoke distributed systems. There's still a protocol, but what matters more than anything these days seems to be that SOAP gives you a relatively standard (ie. supported by many varying types of applications) XML envelope for passing XML application messages along with associated information about the processing of the application messages (SOAP headers). You don't need SOAP to pass XML application messages around (see ATOM, RSS and their ilk) but having this standard envelope allows you to develop application frameworks separately from the applications themselves, and better still to standardize on these frameworks.
SOAP Intermediary - One of the more novel ideas in the SOAP protocol is that messages can pass from an original requester to an eventual recipient through a number of intermediaries. Each intermediary along the way can insert, remove and process pieces of the SOAP message (typically though, just the SOAP headers). An application developer may only have to process the SOAP body because the security framework has previously processed the security SOAP header. Again, this concept nicely supports the development of application frameworks.
Web Service - This is a hotly contested phrase, but a pretty complete description is listed in Wikipedia. My simpler, but vaguer notion involves separating the two words - 'web' implies that HTTP (the application protocol of the web) is used to access the service. I'm not sure that's always true (why couldn't the service be offered over SMTP, say?) so let's be inclusive and say that 'web' includes anything accessed over a network connection. 'Service' means 'work done for others' according to the dictionary. In a technical context, that just means that a software application offers some kind of external interface or set of operations to other applications. So I think a web service is any such interface offered over a networked connection - this includes dynamically-generated web sites, RSS feeds as well as SOAP/HTTP bound services.

What does any of this really mean? I can only opine - I hope it means that SOAP can be used to transcend the multiple transport protocols used today (ie. HTTP as a transport, straight TCP or UDP, SMTP, SIP and many others). It'll also be a good thing if it means that application developers can write more secure software applications, not because they write their own security code, but because there are commonly available frameworks that simply handle application security without affecting the actual software application. Interoperability would be a nice thing too, but, well, there's only so far that you can go with hope alone...