Vittorio Bertocci

Scatter thoughts

Browse by Tags

Tagged Content List
  • Blog Post: Authenticating Users from Passive IPs in Rich Client Apps – via ACS

    It’s been a couple of years that we released the first samples showing how to take advantage of ACS from Windows Phone 7 applications; the iOS samples, released in the Summer,  and the Windows8 Metro sample app last Fall demonstrated that the pattern applies to just any type of rich clients. Although...
  • Blog Post: Identity @ MIX10

    Have you booked your trip to Vegas yet? Amidst all the excitement for Windows Phone 7 Series, Silverlight & the cloud, if you know how to search the MIX content you’ll find two identity pearls: Using Windows Identity Foundation For Creating Identity-Driven Experiences in Silverlight Caleb Baker Come...
  • Blog Post: Enhance your ASP.NET Membership-based website by adding Identity Provider capabilities

    I can’t tell you how happy I am to finally have something like the Geneva Framework available. With something that takes care of all the nitty-gritty details of the underlying protocol legwork, I am finally free to describe the advantages of the claims based approach in very concrete terms: and above...
  • Blog Post: Azure Services Training Kit – February Update Just Released

    Between travels and internal conferences I ended up neglecting my poor blog for 3+ weeks; a lot of interesting things happened in the meanwhile, and I hope I’ll manage to catch up in the next days. For the time being, here there’s a quick newsflash for you: the Azure Services Evangelism Team , of which...
  • Blog Post: The New York Times on passwords, OpenID, Information Cards Foundation & Kim

    I was dividing my attention between the Scrubs special on TV & Digg on my PC, when an article titled " Experts: Passwords May Not Be a Good Online Defense " caught my eye: well, couldn't agree more!:-) It turns out that the article is from the NY Times, and it's short & sweet hence...
  • Blog Post: Hide svc extension from your REST services with the URLrewrite module for IIS7

    I am now focusing exclusively on identity & services, true, but certain news about former interests of mine are just too good not to share. While evangelizing the web capabilities of WCF introduced in the framework 3.5, one of the most recurring questions was about hiding the svc extension for WCF...
  • Blog Post: WCF & REST at MIX08: The Tale of MySpace APIs

    [Update: we received notice that not all of you were able to download the video . We fixed the issue already friday night, it should work for everybody. Enjoy! Thanks to Terje for the first headsup] Yesterday we finally had the session about the making of MySpace APIs . As you'll be able to see from...
  • Blog Post: WCF and MySpace: a RESTful MIX session!

    We just recently published a list of sessions for MIX08 . Among those, there is one that I hold especially dear: I had the luck to work with Paul, his team and the WCF team in the last months, specifically on how to leverage the web capabilities that WCF acquired in the version 3.5 of the framework...
  • Blog Post: CardSpace and Financial Services: HaWaNeDo with Figlo!

    Few months ago I made a little tour of Europe , and (among various places I visited) I went to spent some quality time in Amsterdam. Here I had the pleasure of spending some time with Albert van den Broek , CGO of Figlo : Albert is an excellent host, and during a nice dinner at a typical Dutch restaurant...
  • Blog Post: Year's end blabbering: Omnidirectional Identities

    On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing...
  • Blog Post: First draft of the book "Understanding Windows CardSpace" available on Rough Cuts

    Ah finally. I waited for this moment a looong time :-) the first draft of "Understanding Windows CardSpace" is available in prerelease online, on Safari Rough Cuts . More details below. It's already few weeks that our book, " Understanding Windows CardSpace ", showed up on Amazon and in the...
  • Blog Post: Windows CardSpace will work without HTTPS, too

    In short: I discuss a new feature, introduced by the .NET framework 3.5 and by a (future) update of IE, which enables the use of CardSpace also on websites on normal http (as opposed to https). Back in January I was asking Caleb (SDET on the CardSpace team and most excellent buddy author) when...
  • Blog Post: The Resource STS: R-STS, RP-STS, A-STS... the other face of token issuing

    In short: I talk a bit about the idea of resource STS, and I give the ropes of the messages exchanged for engaging it. When you get introduced to the Identity Metasystem, one of the first things you hear about is the role subdivision it proposes: subjects, relying parties and identity providers...
  • Blog Post: While I was sleeping...

    [There's not much tech content in this post. You read it all at your risk :-) the next posts will get the technical discussion back on track from where we left it a couple months ago] From the all time record of 17 posts in June, this feed dropped to next to 0 activity in the last 2 months. in fact,...
  • Blog Post: Windows Live ID now supports logging in with personal cards

    I am breaking the long silence for a quick note about a milestone in our road for adding pervasive information cards support: the liveid guys added personal cards as al alternative methods of accessing your account: all the details here . Now THAT's a good reason for using your card daily :-) enjoy...
  • Blog Post: SignOn.com: CardSpace & OpenID

    I knew that this edition of Catalyst was going to be exciting! If you are not among the lucky crowd that is attending the event, you can catch some news from the official news in Catalyst Live . Among those news, my eye got caught by the announcement of SignOn.com . It is an OpenID provider with...
  • Blog Post: A (fiscal) year in review

    It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments...
  • Blog Post: Credentials vs. Identity; Authentication vs.... what?

    [ EDIT: added some sketch ] In short: I briefly discuss some differences between the password based authentication model and the token based one; then I propose that we lack a proper term for describing some of the transactions enabled by cardspace and the token based model. Sometime we get so used to...
  • Blog Post: Drug-Resistant Tuberculosis, Federation and Fresh Tokens

    This morning I was reading Newsweek (before you get any ideas: I subscribed to BOTH Newsweek and Time) and the interesting account they made about the history of a person. Much is being written on the subject, just browse your favourite news website for the details: however the summary is that this person...
  • Blog Post: A RESTful CardSpace: sending tokens using the new WCF AJAX Services in Orcas

    In short: this is the description of a sample that sends a CardSpace-obtained token to an AJAX service implemented with the new Orcas features. Few posts ago I published a tutorial about using CardSpace with Silver. While talking about it with Kushal Shah from the Workflow team, he suggested that...
  • Blog Post: 35,000 new phishing websites in just a month

    The monthly report from http://www.antiphishing.org/ is always an instructive read. This April report contains some surprising numbers, as shown by the graphic below: The happy spike you notice in April07 is in fact not happy at all: it shows the efforts of phishers to strain the antiphishing countermeasures...
  • Blog Post: Passwords are bad: the story of the Linkin Park singer on Wired

    Passwords are bad. It is really necessary to restate it? Wired has a very interesting story about the singer of Linkin Park (one of the most interesting bands in the last years IMHO, but that's not important here). Long story short, a hacker guessed one password ("Charlie", not a very strong one) in...
  • Blog Post: Biztalk Services

    Dennis announces the CTP of the Biztalk Services, one of the webbyest CTP we have: those are actually services, the only thing you need (if you want a quick start) is the SDK . There is much to be said about this new release, and I hope I'll be able to play with it soon (dear Editor, don't worry:...
  • Blog Post: Silverlight [WPF/E] and Windows CardSpace or plugging RIA in the Identity Metasystem

    [Edit: Added Silverlight SxS con WPF/E] In short: this is a tutorial on invoking Cardspace from a Sliverlight [WPF/E] control and how to use Silverlight [WPF/E] for showing data from a token . So easy that a long haired architect can do it :-) Silverlight [WPF/E] is Microsoft's technology for developing...
  • Blog Post: Securing a Sidebar Gadget with Windows CardSpace and WCF

    In short: I discuss Sidebar Gadgets, and I show you how to invoke a CardSpace-protected WCF service from a simple Gadget. Full source code is provided, along with detailed commentary on the road I've followed for getting there. Added bonus: the code shows how to apply an arbitrary configuration file...
Page 1 of 2 (30 items) 12