http://www.dynamic-cast.com/ Authorization in a Federated World en-us herveyw@dynamic-cast.com 2009-04-21T19:38:17-08:00 daily 2 2000-01-01T12:00+00:00 http://www.dynamic-cast.com/mt-archives/000085.html 85@http://www.dynamic-cast.com/ Identity and Access 2009-04-21T19:38:17-08:00 http://www.dynamic-cast.com/mt-archives/000083.html http://sts.labs.live.com/ does not presently support the June CTP of WinFX, we are working on an update to the site that should be released in the near future. There are also a couple of known issues with CardSpace (was InfoCard) in the June CTP: There is a known bug that affects X.509 certificate CRL checking and results in CardSpace thinking that the certificate is not trusted. It has been fixed in later builds of the product. In the meantime, the workaround is to install the site / service certificate into your CurrentUser / Trusted People store. If you experience problems launching... 83@http://www.dynamic-cast.com/ Identity and Access 2006-06-29T23:27:08-08:00 http://www.dynamic-cast.com/mt-archives/000082.html InfoWorld has discovered the Microsoft Live Labs STS. This wasn't by design, we're keeping a low-profile at the moment while we work through early teething problems. Speaking of which, we posted a Known Issues page today that covers some of the problems that you might experience when working with the site and the STS itself. We also tweaked the site a little to handle Windows Live ID authentication problems in a more graceful fashion.... 82@http://www.dynamic-cast.com/ Identity and Access 2006-06-06T16:19:22-08:00 http://www.dynamic-cast.com/mt-archives/000081.html We've opened the doors on our experimental Security Token Service today, you can find all the details here. For the moment, the focus of the STS is on using the InfoCard technology in WinFX Beta 2 to enable authentication with the STS and to obtain a security token from it (SAML 1.1). Of course, an STS isn't much use without sites or services that use it for authentication, so we've also enabled the Microsoft Live Labs Relay Service to use the STS. Better still, we allow you to register your own site or service and federate with the STS yourself.... 81@http://www.dynamic-cast.com/ Identity and Access 2006-05-31T12:45:17-08:00 http://www.dynamic-cast.com/mt-archives/000080.html WSE 3.0 will be available on MSDN for download this Monday, 7th November to coincide with the Visual Studio 2005 launch. This also includes two completely re-written Hands on Labs, a swath of samples in C# and VB along with updated whitepapers. Congratulations to the team!... 80@http://www.dynamic-cast.com/ WSE 2005-11-04T16:17:28-08:00 http://www.dynamic-cast.com/mt-archives/000076.html A couple of documents worth reading to get some context on what we're doing in the Identity space: The Identity MetaSystem The Laws of Identity... 76@http://www.dynamic-cast.com/ Identity and Access 2005-05-13T22:46:12-08:00 http://www.dynamic-cast.com/mt-archives/000075.html I've been silent the last few months on WSE topics, the reason is actually simple: at the turn of the year I changed roles (was he pushed or did he jump?) to work on Active Directory Federation Server (ADFS) and InfoCard. ADFS will ship as part of the Windows Server 2003 R2 release and implements the WS-Federation Passive Profile, over time ADFS will evolve to become a full-blown WS-Federation / WS-Trust Security Token Service. InfoCard, a system for managing your identities, will be part of Indigo. Whilst I'm a little sad to have left WSE behind, I'm sure that Mark... 75@http://www.dynamic-cast.com/ General 2005-05-13T09:25:27-08:00 http://www.dynamic-cast.com/mt-archives/000074.html Bruce Schneier is reporting that SHA-1 has been broken. Interesting.... 74@http://www.dynamic-cast.com/ WS-Security 2005-02-16T08:05:18-08:00 http://www.dynamic-cast.com/mt-archives/000073.html Matt Powell links to an article by Keith Brown on UsernameToken security. Worth reading.... 73@http://www.dynamic-cast.com/ WSE 2005-02-07T21:17:57-08:00 http://www.dynamic-cast.com/mt-archives/000072.html The Hands On Lab materials for WSE have been updated for the WSE 2.0 SP2 release and now include VB.NET code as well as C#. If you're looking to get started with WSE 2.0, these provide some great grounding material.... 72@http://www.dynamic-cast.com/ WSE 2004-12-03T14:31:24-08:00 http://www.dynamic-cast.com/mt-archives/000071.html Service Pack 2 is final and available on MSDN. There was one additional fix between the Pre-Release and the final build involving policy processing for clients that do not send the WS-Addressing headers. In this case, request policy was being applied correctly but response policy would not be applied. Please report any issues you find on the product to wsefeed.... 71@http://www.dynamic-cast.com/ WSE 2004-12-03T10:58:22-08:00 http://www.dynamic-cast.com/mt-archives/000070.html .NET Framework 2.0 is still a moving target for the WSE team but things have stabilized a lot recently. We made a few tweaks inside the WSE 2.0 SP2 PreRelease plus got a few bugs fixed in the framework itself. The net result is that we believe that WSE 2.0 SP2 will run correctly on .NET Framework 2.0. Note that this only applies to 32bit mode - there's no support in WSE2 for 64bit execution.... 70@http://www.dynamic-cast.com/ WSE 2004-11-27T10:35:39-08:00 http://www.dynamic-cast.com/mt-archives/000069.html SoftwareMaker (William T) has a long entry on multiple security headers. Here's how we thought about the problem for WSE2: In general, you cannot have 2 security headers that target the same node, even if they have different s:Actor values; i.e., one has s:Actor missing and one has s:Actor of next. This is because headers can be re-ordered in messages leading to problems verifying signatures or decrypting elements. This is a simple extension of the highlighted text that is quoted from the WS-Security specification: "Message security information targeted for different recipients MUST appear in different header blocks. This is due... 69@http://www.dynamic-cast.com/ WS-Security 2004-11-27T10:05:41-08:00 http://www.dynamic-cast.com/mt-archives/000068.html A pre-release builds of WSE 2.0 Service Pack 2 is now available. The download links are: WSE 2.0 SP2 PreRelease Full Product WSE 2.0 SP2 PreRelease Runtime Product Here's the content from the readme file: Core product changes: A new compatibility section is used to select the wire format on the sending side. The mode attribute tells WSE runtime to generate a message which will be compatibable to a particular release of WSE. By default, the mode is WSE2RTM. It can be WSE2RTM, WSE2SP1 WSE2SP2 and so on. On the receiving end, a particular version of WSE runtime will be... 68@http://www.dynamic-cast.com/ WSE 2004-11-22T17:38:18-08:00 http://www.dynamic-cast.com/mt-archives/000066.html Words from the man himself (actually, he's half the man he used to be as you can see here): After many years of work on Web services and WSE, I’ve decided to move on. Starting next week, I’ll be working on the Windows Media Player team. I’ve appreciated working with many of you and can’t describe how great it feels to have so many cool people using this product. I wish you all the best in your future endeavors. I have mixed feelings on this one, Keith and I were the first people on the WSE team back in the... 66@http://www.dynamic-cast.com/ General 2004-09-29T00:10:47-08:00