J.D. Meier's Blog : patterns and practices

Now Available: patterns & practices Application Architecture Book

J.D. Meier — Thu, 05 Nov 2009 18:58:00 GMT

The Microsoft Application Architecture Guide, 2nd edition, is now available on Amazon and should be available on the shelf at your local bookstores soon. The PDF was downloaded ~180,000 times. This is the Microsoft platform playbook for application architecture. You can think of it as a set of blueprints, and as your personal mentor for building common types of applications on the Microsoft platform: mobile, RIA, services, and Web applications.

The backbone of the guide is an information model for the application architecture space. It’s a durable and evolvable map to give you a firm foundation of principles, patterns, and practices that you can overlay the latest technologies. It’s your “tome of know-how.” While it’s not a step-by-step for building specific applications, it is a pragmatic guide for designing your architecture, with quality attributes, key software principles, common patterns, and architectural styles in mind. It’s holistic and focused on the key engineering decisions where you face your highest risks and most important choices.

Key Features of the Book
The book has several compelling features for slicing and dicing the application architecture body of knowledge:

Canonical Frame. This describes at a meta-level, the tiers and layers that an architect should consider. Each tier/layer will be described in terms of its focus, function, capabilities, common design patterns and technologies.
Application Types. These are canonical application archetypes to illustrate common application types: Mobile, Rich Client, RIA, Services, and Web applications. Each archetype is described in terms of the target scenarios, technologies, patterns and infrastructure it contains. Each archetype is mapped to the canonical app frame. They are illustrative of common application types and not comprehensive or definitive.
Quality attributes. This is a set of qualities and capabilities that shape your application architecture: performance, security, scalability, manageability, deployment, communication, etc.
Cross-cutting concerns. This is a common set of categories for hot spots for key engineering decisions: Authentication, Authorization, Caching, Communication, Configuration Management, Exception Management, Logging and Instrumentation, State Management, and Validation.
Step-by-Step Design Approach.
Principles, patterns, and practices. Using the application types, canonical frame, and cross-cutting concerns as backdrops, the guide provides an overlay of relevant principles, patterns, and practices.
Technologies and capabilities. The guide provides an overview and description of the Microsoft custom application development platform and the main technologies and capabilities within it.

Contents at a Glance
The full Microsoft Application Architecture Guide is available for free on MSDN in HTML. This is the contents of the guide at a glance:

Chapters

Appendices

The Team
Here is the team that brought you the guide:

Core Dev Team: J.D. Meier, Alex Homer, David Hill, Jason Taylor, Prashant Bansode, Lonnie Wall, Rob Boucher Jr, Akshay Bogawat
Test Team - Rohit Sharma, Praveen Rangarajan, Kashinath TR, Vijaya Jankiraman
Edit Team - Dennis Rea
External Contributors/Reviewers - Adwait Ullal; Andy Eunson; Brian Sletten; Christian Weyer; David Guimbellot; David Ing; David Weller; Derek Greer; Eduardo Jezierski; Evan Hoff; Gajapathi Kannan; Jeremy D. Miller; John Kordyback; Keith Pleas; Kent Corley; Mark Baker; Paul Ballard; Peter Oehlert; Norman Headlam; Ryan Plant; Sam Gentile; Sidney G Pinney; Ted Neward; Udi Dahan
Microsoft Contributors / Reviewers - Ade Miller; Amit Chopra; Anna Liu; Anoop Gupta; Bob Brumfield; Brad Abrams; Brian Cawelti; Bhushan Nene; Burley Kawasaki; Carl Perry; Chris Keyser; Chris Tavares; Clint Edmonson; Dan Reagan; David Hill; Denny Dayton; Diego Dagum; Dmitri Martynov; Dmitri Ossipov; Don Smith; Dragos Manolescu; Elisa Flasko; Eric Fleck; Erwin van der Valk; Faisal Mohamood; Francis Cheung; Gary Lewis; Glenn Block; Gregory Leake; Ian Ellison-Taylor; Ilia Fortunov; J.R. Arredondo; John deVadoss; Joseph Hofstader; Koby Avital; Loke Uei Tan; Luke Nyswonger; Manish Prabhu; Meghan Perez; Mehran Nikoo; Michael Puleio; Mike Francis; Mike Walker; Mubarak Elamin; Nick Malik; Nobuyuki Akama; Ofer Ashkenazi; Pablo Castro; Pat Helland; Phil Haack; Rabi Satter; Reed Robison; Rob Tiffany; Ryno Rijnsburger; Scott Hanselman; Seema Ramchandani; Serena Yeoh; Simon Calvert; Srinath Vasireddy; Tom Hollander; Wojtek Kozaczynski

Application Architecture Knowledge Base
The guide was developed in conjunction with our Application Architecture Guide v2.0 Knowledge Base Project. The knowledge base project was used to inform and steer the guide during its development. The Application Architecture Knowledge Base includes a large amount of material that expands on specific topics in the main guide. It also includes draft material from the main guide that is targeted and packaged for more specific audiences, such as the Pocket Guide series.

Key Links at a Glance
Here are the key links at a glance:

10 Years at patterns & practices

J.D. Meier — Fri, 02 Oct 2009 21:56:23 GMT

I never imagined I would invest 10 years on the patterns & practices team at Microsoft. Life is short and I always imagined I would spend it across so many more adventures. What surprised me is how much you can grow yourself, and grow the job in the process. While I sometimes wonder about the path not taken, there’s no doubt I’ve built a deep set of capabilities, achievements, and experiences as a direct result of investing my time in patterns & practices. I’ve shared some of my best lessons learned at patterns & practices, as well as my proven practices for individual contributors.

I think my biggest take away lesson is follow your heart, follow the growth, and invest in yourself (mind, heart, body, emotions, career, financial, relationships, and fun.)

Why patterns & practices?
There are lots of reasons why I chose patterns & practices. At the end of the day, it was the people, the values, and the mission.

Our Mission
While we’ve had various flavors of the mission, I like to think of it as …. “Customer success on the Microsoft platform” … or … “Proven practices for the platform.” I had the toughest time explaining to my Aunt what I do, until finally I said, “I help customers put the legos together.” She then said, “ahhh, I get it.”

Goals
In patterns & practices, the goals are simple:

Simplify the customer experience of building quality solutions on the Microsoft platform.
Improve the customer value of Microsoft products and technologies through customer connection and solution engineering.
Grow the professional knowledge and capability of the Microsoft development community.
Help customers and partners build their LOB (line-of-business) applications and services faster and more predictably than any platform in the world.

Values
In patterns & practices, we value:

Continuous learning, innovation and improvement - We have a bias toward action (over more planning) and customer engagement and feedback (over more analysis.)
Open, collaborative, relationships with customers, Microsoft field, partners, and Microsoft teams.
Execution - we take strategic bets, but we hold ourselves accountable for creating value, shipping early and often, and delivering results that have impact with customers and in Microsoft.
Explicit, transparent, and direct communication with customers and with our team and others in our company.
Quality over scope - no guidance is better than bad guidance.

Principles
We use the following principles to guide our work:

Start with the end in mind; think about end to end scenarios and how the products we produce fit in the solution architecture and into the patterns & practices catalog.
Help the customer succeed with their intent - the results they want to achieve, not just what they are trying to do.
Find the minimal solution required for a good result and ship it.
Our tools platforms are assets that expand the types of guidance we can express - use all of what they provide where it naturally fits the scenario.
Constructive tension between customer needs and Microsoft product and business strategy is expected - when we do our job well, this tension is healthy.

Capabilities, Achievements, and Experience
How do you measure the impact of the time you spend down a given career path? I’ve been looking for an effective lens, and I think it boils down to capabilities, achievements, and experience. It’s the simplest way that I can organize and reflect on where I am, based on where I’ve been. Capabilities are simply my skills. They are the things I’ve learned how to do, from soft skills to technical abilities. Achievements are my results. This includes my impact on Microsoft, the software industry, and customers. I lump my books, patents I filed, and the methodologies I’ve baked into the platform and tools here. In terms of experience, I think of the job roles and activities I’ve had along the way.

Key Themes
I think I can boil my impact and results down into 3 key themes:

Project management. I drive projects from pitch to ship. I’ve built dream teams that go on amazing adventures to change the world. I’ve consistently shipped projects on time and on budget year over year. I’ve mentored many project managers and PMs at Microsoft to share the best of the best of what I’ve learned about shipping, execution, impact and results in patterns & practices. I’ve had unique experiences here, especially since we adopted Agile practices early on, and I’ve lead distributed teams around the world since 2001. I’ve learned a lot in terms of managing innovation, delivering incremental value, fixing time, while flexing scope, and experience-driven development (my latest thinking on software development.) I think my biggest achievement here was helping shape the patterns & practices catalog, the programs, and the execution. See Writing Books on Time and On Budget.
Software engineering. I’ve invested the bulk of my time in application life cycle management, process improvement, quality attributes (security, performance, … etc), and application architecture. Most of my talks and writings have been focused on security, performance, and software architecture, but I’ve done a lot more behind the scenes. One of the big things I’ve focused on at Microsoft, is “solution engineering”, which is really about problem solving, while satisficing the user, business, and technology perspectives. I think my biggest achievements here were baking security and performance into the life cycle, and into Visual Studio Team Foundation Server.
Effectiveness. I’m a fan of continuous improvement. I’m not a productivity junkie though. I’m all about impact and results. I’ve learned from the best of the best around Microsoft. I’ve hunted and gathered patterns and practices for effectiveness over the span of several years. More importantly, I’ve bounced the ideas and techniques against reality to see what sticks. In the last few years, I’ve regularly carried 8 mentees. I’ve given talks to our X-Box team on productivity and results systems. Effectiveness is an art and science, and I’m trying to bridge the gap between state of the art and state of the practice. See 7 Habits of Highly Effective PMs and Effectiveness Post Roundup.

Years at a Glance
I think browsing by years is a healthy reality check against impact over time. Looking back is the simplest way for me to respond to the question, “if I had it to do over again, what would I do differently?” Where there answer is “nothing” – those are the sweet spots. Where the answer is “everything” – those are the lessons :)

Year	Results
2009	Books Application Architecture Guide 2.0 Projects Azure Security Guidance Project Core Systems Information Model Cloud Architecture Scenarios Customer-Connected Engineering Productivity coach for the Xbox team.
2008	Books Improving Web Services Security Projects Line-of-Business (LOB) Frame Catalog Sweep Visual Studio Add-In for Guidance Explorer
2007	Books Performance Testing Guidance for Web Applications Team Development with Visual Studio Team Foundation Server
2006	8 patents filed (Security, performance, and info models for software life cycles and application life cycle management.) Projects ASP.NET Security RI (Reference Implementation) Competitive Assessment for Security Engineering Defending Your Code Guidance Explorer PDL (Performance Development Life Cycle) Practices Checker Scenario Evaluation Framework Security Case Studies Security Code Examples Security Toolbar
2005	Books Security Engineering Explained Projects Security Engineering in VSTS Threat Modeling Web Applications Whidbey Security Guidance
2004	Books Improving .NET Application Performance and Scalability
2003	Books Improving Web Application Security
2002	Books Building Secure ASP.NET Applications

Books
My books at a glance:

Application Architecture Guide 2.0 (2009) (The Microsoft Playbook for the Application Platform)
Building Secure ASP.NET Applications (2002)
Improving .NET Application Performance and Scalability (2004)
Improving Web Application Security: Threats and Countermeasures (2003)
Improving Web Services Security Guide (2008)
Performance Testing Guidance for Web Applications (2007)
Security Engineering Explained (2005)
Team Development with Visual Studio Team Foundation Server (2007)

Pocket Guides
My pocket guides at a glance:

Agile Architecture Method Pocket Guide
Mobile Architecture Pocket Guide
Performance Pocket Guide
RIA Architecture Pocket Guide
Rich Client Architecture Pocket Guide
Security Pocket Guide
Service Architecture Pocket Guide
Web Architecture Pocket Guide

Projects
My projects at a glance:

Application Architecture Guide 2.0 – A guide, knowledge base, information model and methodologies for the Microsoft platform.
ASP.NET Security Reference Implementation - Sample application for ASP.NET 2.0.
Building Secure ASP.NET Applications – A guide for designing authentication and authorization and end-to-end applications scenarios.
Catalog Sweep – Information model for organizing the complete patterns & practices catalog of code and content assets.
Customer Connected Engineering – Methodology for engaging customers throughout the life cycle (“patterns & practices secret sauce.”)
Defending Your Code – An online knowledge base for software security.
Guidance Explorer – An online knowledge base for prescriptive guidance ("ITunes for knowledge.")
Improving .NET Application Performance and Scalability – A guide and methodology for baking performance into the life cycle.
Improving Web Application Security – A guide for threats, attacks, vulnerabilities and countermeasures for LOB applications.
Improving Web Services Security – A guide for threats, attacks, vulnerabilities and countermeasures for Web services.
Performance Testing Guidance for Web Applications – A guide and testing methodology for testing Web application performance.
PDL (Performance Development Life Cycle) – Methodology, activities and artifacts for baking performance into the life cycle.
Practices Checker – An application that checks software against patterns & practices recommendations.
Scenario Evaluation Framework – Assessment technique for design, implementation and deployment “building codes.”
Security Case Studies – A model and examples for sharing business impact from patterns & practices security guidance.
Security Code Examples – 60 security code examples in VB.NET / C#.
Security Engineering Explained – A guide and methodology for baking security into the life cycle.
Security Engineering in VSTS – Baked security engineering into VSTS / MSF.
Security Information Model – A unified model for Microsoft’s security guidance.
Security Toolbar – A toolbar for browsing patterns & practices guidance from Visual Studio.
Threat Modeling Web Applications – A technique to identify relevant threats and vulnerabilities for your scenario to help you shape your application's security design.
Visual Studio Add-In for Guidance Explorer – Find, create, and share prescriptive guidance inside Visual Studio.
Whidbey Security Guidance – A collection of guidelines, checklists, and step-by-step how tos for improving software security based on the .NET Framework 2.0.

Where do we go from here? You write your future a page at a time. If there’s one thing I’ve learned, it’s continue to reinvent yourself, reinvent your job, and make the most of what you’ve got.

My Related Posts

patterns & practices Assets Survey

J.D. Meier — Fri, 07 Aug 2009 21:11:15 GMT

If you take our patterns & practices satisfaction survey, you can let us know which patterns & practices assets you use and how satisfied you are with the assets, as well as how satisfied you are with overall patterns & practices results.

To browse patterns & practices, here are some key links:

patterns & practices Dev Center (MSDN)
patterns & practices MSDN Library Node (Browse the tree on the left)

patterns & practices Catalog
For easy reference, I’ve shared a simplified view of how I look at our patterns & practices catalog:

Category	Items
Enterprise Library	Enterprise Library
Blocks	Aggregation Application Block Caching Application Block Cryptography Application Block Data Access Application Block Exception Handling Application Block Logging Application Block Policy Injection Block Security Application Block Unity Application Block Validation Application Block
Factories	Mobile Client Software Factory Smart Client Factory Web Client Factory Web Services Software Factory - Modeling Edition
Guides	Architecture Application Architecture Guide 2.0 Caching Architecture Guide for .NET Framework COM Interop and Migration for .NET Data Access Architecture Guide Describing the Enterprise Architectural Space Designing Application-Managed Authorization Designing Data Tier Components and Passing Data Through Tiers Integration Guidelines for Applications Interop with .NET and J2EE Deployment / Production Deploying .NET Framework-based Applications Monitoring in .NET Distributed Application Design Production Debugging for .NET Framework Applications Development Team Development with Visual Studio Team Foundation Server Performance Improving .NET Application Performance and Scalability Performance Testing Guidance for Web Applications Security Authentication in ASP.NET: .NET Security Guidance Building Secure ASP.NET Applications Improving Web Application Security: Threats and Countermeasures Improving Web Services Security Security Engineering Explained Testing Acceptance Test Engineering Guidance Testing .NET Application Blocks Testing Software Patterns
Patterns	Data Patterns Enterprise Solutions Patterns Using Microsoft .NET Integration Patterns Web Services security Patterns
Reference Implementations	Composite Application Guidance for WPF and Silverlight Composite Application Guidance for WPF ESB Guidance for BizTalk Server 2006 R2 Guidance Explorer SharePoint Guidance

My Related Posts

Acceptance Test Engineering Guide Beta 2 Now Available

J.D. Meier — Tue, 30 Jun 2009 23:37:38 GMT

Our patterns & practices Acceptance Test Engineering Guide, Volume 1 (Beta 2) is now available on CodePlex. The working definition that the team is using for acceptance testing is the planned evaluation of a system by customers and customer proxies to assess to what degree it satisfies their expectations.

Common Scenarios
Here are the key scenarios the guide addresses:

How to Plan for Acceptance Testing
What Kinds of Acceptance Tests to Run
How to Create and Run Acceptance Tests
Defining What “Done” Means
How to Justify Your Approach
How to Streamline Your Acceptance Process

Parts

Part I - Thinking About Acceptance
Part II - Perspectives on Acceptance
Part III - Acceptance Software

Chapters

Chapter 1 The Acceptance Process
Chapter 2 Decision-Making Model
Chapter 3 Project Context Model
Chapter 4 System Requirements Model
Chapter 5 Risk Model
Chapter 6 Doneness Model
Chapter 7 Business Lead’s Perspective
Chapter 8 Product Manager’s Perspective
Chapter 9 Test Manager’s Perspective
Chapter 10 Development Manager’s Perspective
Chapter 11 User Experience Specialist’s Perspective
Chapter 12 Operations Manager’s Perspective
Chapter 13 Solution Architect’s Perspective
Chapter 14 Enterprise Architect’s Perspective
Chapter 15 Legal Perspective
Chapter 16 Planning for Acceptance
Chapter 17 Assessing Software
Chapter 18 Managing the Acceptance Process
Chapter 19 Streamlining the Acceptance Process

Team
Here is the authoring team:

Grigori Melnik
Gerard Meszaros
Jon Bach

Contributors / Reviewers
Here are the key contributors and reviewers:

Michael Puleio
Rohit Sharma
RoAnn Corbisier
Hakan Erdogmus
Dennis DeWitt

Key Links

Codeplex Site - http://codeplex.com/TestingGuidance

Lessons Learned in patterns and practices

J.D. Meier — Mon, 01 Jun 2009 02:47:30 GMT

I'm a fan of continuous learning. My post Lessons Learned in patterns & practices on Shaping Software summarizes some of my best lessons. It's from the school of hard knocks. I've been lucky enough to have some great mentors that have really helped me unleash my best. I've also been lucky enough to work on a variety of challenging projects that have grown my experience and capabilities beyond what I ever expected. The post is my attempt to both remind myself of the key lessons and to share those lessons with you. Absorb what is useful.

Top Ten Lessons
Here's a list of the top 10 lessons:

Win the heart, the mind follows.
Know the tests for success.
Fix time, flex scope.
Use the system to educate.
Work with the right people, on the right problems, making the right impact.
Have the right people in the room asking the right questions.
Sell the vision.
Make it a project.
Know what you're optimizing.
Turn chickens into pigs.

One of the ways I've learned to carry lessons forward is to turn them into terse little guidelines. It makes them sticky and easier to recall. I also find that some of my best mentors tend to have a way with words and they share their advice as pithy sayings.

For more lessons and elaboration check out my post, Lessons Learned in patterns and practices.

Customer Connected Engineering

J.D. Meier — Tue, 19 May 2009 20:00:41 GMT

I posted slides on how we do Customer Connected Engineering at patterns & practices to Shaping Software. Customers Connected Engineering (CCE) is how we engage customers throughout our product development. We formally engage customers during the planning, development, and release of our deliverables to help make sure our deliverables are customer-driven. Customers supply the scenarios, help prioritize, and provide feedback helping reduce the gap between what we build and what customers actually need. It's effectively a prosumer model where the producer pairs with the consumers to improve the results.

Find out more about Customer Connected Engineering including key activities and guiding principles.

The Elegant Code Cast on PRISM 2.0

J.D. Meier — Thu, 23 Apr 2009 17:52:51 GMT

Bob Brumfield and Blaine Wastell from our patterns & practices team talk about Prism 2.0 with the Elegant Code Cast in Code Cast 26 - Prism 2.0. Prism 2.0 is our patterns & practices Composite Client Application Guidance. It's prescriptive guidance to help you build modular Windows Presentation Foundation (WPF) and Silverlight client line of business (LOB) applications.

Download the MVP

My Related Posts

New Release: Hands-on Labs for Unity 1.2

J.D. Meier — Fri, 03 Apr 2009 05:20:02 GMT

Hands-on Labs for Unity 1.2 are now available.

What is Unity
Unity is a lightweight, extensible dependency injection container with optional support for instance and type interception. It facilitates building loosely-coupled applications and provides developers with the following advantages:

Simplified object creation, especially for hierarchical object structures and dependencies.
Abstraction of requirements; this allows developers to specify dependencies at run time or in configuration and simplify management of crosscutting concerns.
Increased flexibility by deferring component configuration to the container.
Service location capability; this allows clients to store or cache the container.
Instance and type interception (via an extension introduced in Unity Application Block 1.2—October 2008).

What's in this Release
Use this set of Hands-on Labs as a guide to learn about how to use Unity dependency injection container and how to leverage its capabilities in various application contexts (including ASP.NET). It covers the following topics:

setting up the container
configuring injection through API and files
resolving generics and decorator chains
using array injection
integrating with ASP.NET
using child containers.

New Release: Hands-on Labs for Microsoft Enterprise Library 4.1

J.D. Meier — Fri, 03 Apr 2009 05:13:21 GMT

Hands-on Labs for Microsoft patterns & practices Enterprise Library 4.1 are now available.

What is Enterprise Library
Microsoft Enterprise Library is a collection of reusable software components ("application blocks") designed to address common cross-cutting concerns for enterprise application development (such as logging, validation, data access, exception handling, and more). Entlib is provided as source code, test cases, and documentation that can be used "as is" or extended, and encapsulates the Microsoft recommended and proven practices for .NET application development.

What's in this Release
Use this set of Hands-on Labs as a guide to learn about the application blocks included with Enterprise Library 4.1 and practice how to leverage their capabilities in various application contexts.

There are also updates of the hands-on labs for the following blocks:

Caching Application Block
Cryptography Application Block
Data Access Application Block
Exception Handling Application Block
Logging Application Block
Security Application Block

Enterprise Library 5.0 Product Backlog Prioritization Survey

J.D. Meier — Sat, 28 Mar 2009 19:11:43 GMT

Now's your chance to influence patterns & practices Enterprise Library 5.0. You can do so by taking the Enterprise Library 5.0 Product Backlog Prioritization Survey. The current backlog includes more than 100 stories. You can suggest priorities for these items as well as suggest up to 3 new stories. Each story has a "T-Shirt size", which is a rough estimate of the cost. You get 100 points to spend on your priorities. For example, you might spend all 100 points on your most important priority or you might spread your points over several stories.

T-Shirt Cost Sizes / Cost
Here's a summary of the T-Shirt sizes and relative costs:

S = 1
M = 2
L =4
XL = 8
XXL(epic) = 20 points

Story Categories
The Enterprise Library 5.0 product backlog is organized by the following categories:

User Experience
Learnability
Architecture
Configuration
Configuration Tool
Extensibility
Exception Handling
Caching
Logging
Resource Management and Localization
Validation
Unity
Policy Injection

Enterprise Library 5.0 Stories List
Here's the list of stories in the tentative Enterprise Library 5.0 Product Backlog:

User Experience

UX01: Better error reporting/messaging throughout (M)
UX02: Debugging Visualizer for Unity (L)
UX03: Config IntelliSense for Unity and EntLib in XmlEditor (M)
UX04: Config IntelliSense for Unity in XmlEditor (M)
UX05: Config tool facelift - towards a more intuitive and easier to use UI (XL)

Learnability

LEARN01: Discoverability and context/dependencies EntLib poster (L)
LEARN02: Notebook-style 150 page book for Architects (XXL)
LEARN03: Notebook-style 150 page book for Enterprise Developers (XXL)
LEARN04: Notebook-style 100 page book for Operations/IT management (XXL)
LEARN05: Migration guide v.2.0 ->5.0 (XL)
LEARN06: Migration guide v.3.1 ->5.0 (XL)
LEARN07: Migration guide v.4.1 ->5.0 (L)
LEARN08: Updated Quickstarts (XL)
LEARN09: Updated Hands-on Labs (XXL)
LEARN10: EntLib Overview Video (L)
LEARN11: EntLib5.0 New Features Video (L)
LEARN12: Unity Overview Video (L)
LEARN13: Unity Extensibility Video (L)
LEARN14: Unity Extensibility Guide (XL)
LEARN15: Guidance on environmental overrides in Unity (S)
LEARN15: Unity& MEF decision tree/matrix (M)

Architecture

ARC01 : Architectural update: use DI container instead of one-off Object Builder factories; DI container independence (XL)
ARC02 : Simplification of the codebase (identify redundancies, obsoletes etc.) (XL)
ARC03 : Reduction of the number of assemblies (XL)

Config

CFG01 : Config decentralization (support for config stored in multiple sources) (S)
CFG02: Improved Config API (XL)
CFG03: Support for different sections of config in different media (not just files) (XL)
CFG04: Support for multiple pieces of config for a single block in multiple places (XXL)
CFG05: Making Unity configuration less verbose (M)
CFG06: Support other config schemas for Unity config (e.g. XAML-based config)
CFG07: Unity config auto-registration: expanded conventions and helper classes to reduce need for explicit configuration (M)

Config Tool

TOOL01: Type picker improvements (sped up search, better generics UI) (M)
TOOL02: Support of Unity configuration (M)
TOOL03: Block invocation from the configuration designer (e.g. Configure a block, Right-click, Copy "Code to Invoke", and then paste it elsewhere) (S)
TOOL04: Web-based config tool (L)
TOOL05: Easier manipulation of validation trees (potentially, drag&drop) (M)

Extensibility

EXT01: Simplifying writing extensions and plugging their custom configs into the config tool (XXL)
Data Access
DAAB01: DAAB & LINQ basic integration (i.e. execute a query on a database, get back an object that you can do LINQ on) (M)
DAAB02: Async ADO.NET support (M)
DAAB03: Fix: validation of sprocs parameters – do not validate (S)
DAAB04: No swallowing of SQL exceptions (S)

Exception Handling

EHAB01: Default post-handling action to ThrowNewException instead of NotifyRethrow (S)
EHAB02: Parameterized templates for exceptions (M)

Caching

CACHE01: Adding a reason to the class that informs a user why their object was removed from the cache (S)
CACHE02: Cache backing store targeting ESENT (L)

Logging

LAB01: ETW sink (?, potentially XXL)
LAB02: Async logging (text formatting done asynchronously) to cut down on load on primary thread (M)
LAB03: Automatically purging old files by the rolling trace listener (S)
LAB04: Authenticated Email Trace Listener (S)

Resource Management & Localization

LOC01: Localizability of EntLib assemblies (L)
LOC02: Localizability of exception messages and templates (S)
RAB03: Resource Application Block (a provider to get assorted resources from various media/sources) (XXL)

Validation

VAB01: Integration with WPF (XL)
VAB02: Integration with/assistance in implementing IDataErrorInfo (S)
VAB03: ArgumentValidationException.ToString() show the validation results (S)
VAB04: Decorating LINQ objects with Validation attributes (M)
VAB05: Simplifying checking for positive / negative values (S)
VAB06: Simple validating field only if the value is not null (S)
VAB07: Validation Block refactoring to allow using Unity to resolve Validators (M)
VAB08: Enabling Validation Block to be used with 3rd party object relational mappers (M)
VAB09: Honouring validation attributes defined in System.ComponentModel.DataAnnotations (S)
VAB10: Honouring MetadataType attribute (M)
VAB11: Better localization support (i.e. the first time the validator is used, the locale for the messages is defined) (M)
VAB12: Inheritance-aware object validator (M or ?)
VAB13: Support for recursive data structures (M)
VAB14: Provide NullValidator to properly "ignore nulls" instead of the "Or composite" (S-M)
VAB15: Additional validator: Number of decimal places validator (S)
VAB16: Additional validator: Validator that checks that an enum contains a value that maps onto its defined values (S)
VAB17: Validator that compares against a single specific value (S)
VAB18: RelativeDateTimeValidator update to compare against UtcNow instead of Now (S)

Unity

U01: ResolveAll to return unnamed registration too (S)
U02: Allow a mapping from a named registration to the "default" one (S)
U03: Support for passing arguments to the Resolve method (M)
U04: Container introspection (S)
U05: Unity-MEF Integration (e.g. unityContainer.Resolve<MefPart>()) (M)
U06: Clearer error reporting (M)
Unity Interception
UIN01: Generalized interceptor (XXL)
UIN02: Caching of matching policies (M)

Policy Injection

PIAB01: Implement PIAB interface that takes an interceptor type (to leverage new Unity interceptors) (S)
PIAB02: Add non-generic overloads (S)
PIAB03: New handlers (incl. RequiresTransaction and Call Forwarding) (S)
Installation/Repair/Uninstallation
INS01: Installer allows you to pick which specific blocks to install instead of the whole package (M)
INS02: Installer ships both debug and release versions of the DLLs (S)
INS03: EntLib installers to be included as part of installers of other custom products (merge modules) (M)

Additional Resources

Enterprise Library 5.0 – tentative product backlog published, story/feature prioritization is open – your participation is invited!

New Release: Composite Application Guidance for WPF and Silverlight v2.0 (PRISM)

J.D. Meier — Wed, 18 Feb 2009 18:58:16 GMT

Composite Application Guidance for WPF and Silverlight v2.0 (PRISM) is now available.

What is PRISM
The Composite Client Application Guidance is designed to help you more easily build modular Windows Presentation Foundation (WPF) and Silverlight client line of business applications.

Goals of the Release
Providing guidance on building modular and composite Silverlight applications.
Simplifying the composition of the user interface.
Providing guidance and light tooling on reusing code between Silverlight and WPF.

Key Scenarios

You're building a application that presents information from multiple sources through an integrated user interface.
You're developing, testing, and deploying modules independently of the other modules.
Your application will add more views and more functionality over the coming years.
You must be able to change the application quickly and safely to meet emergent business requirements.
Your application is being developed by multiple collaborating teams.
Your application targets both WPF and Silverlight, and you want to share as much code as possible between the two platforms.

What's in This Release

Composite Application Library
Reference Implementation (Stock Traders application in WPF and Silverlight)
Quick starts (9)
How-Tos (26) and
Documentation of UI patterns and client architectures.

Key Links

My Related Posts

New Release: patterns & practices WCF Security Guide

J.D. Meier — Wed, 11 Feb 2009 07:47:07 GMT

Today we released our patterns & practices Improving Web Service security: Scenarios and Implementation Guidance for WCF on MSDN. Using end-to-end application scenarios, this guide shows you how to design and implement authentication and authorization in WCF. You'll learn how to improve the security of your WCF services through prescriptive guidance including guidelines, a Q&A, practices at a glance, and step-by-step how to articles. The guide is the result of a collaborative effort between patterns & practices, WCF team members, and industry experts.

Download the patterns & practices WCF Security guide (CodePlex)
Read the patterns & practices WCF Security Guide online (MSDN)

Key Scenarios
Here's the key scenarios:

A development team that wants to adopt WCF.
A software architect or developer looking to get the most out of WCF, with regard to designing their application security.
Interested parties investigating the use of WCF but don’t know how well it would work for their deployment scenarios and constraints.
Individuals tasked with learning WCF security.
Authentication, authorization, and communication design for your services
Solution patterns for common distributed application scenarios using WCF
Principles, patterns, and practices for improving key security aspects in services

Contents at a Glance

Part I: Security Fundamentals for Web Services
Part II: Fundamentals of WCF Security
Part III: Intranet Application Scenarios
Part IV: Internet Application Scenarios

Chapters

Foreword by Nicholas Allen
Foreword by Rockford Lhotka
Chapter 1: Security Fundamentals for Web Services
Chapter 2: Threats and Countermeasures for Web Services
Chapter 3: Security Design Guidelines for Web Services
Chapter 4: WCF Security Fundamentals
Chapter 5: Authentication, Authorization, and Identities in WCF
Chapter 6: Impersonation and Delegation in WCF
Chapter 7: Message and Transport Security
Chapter 8: Bindings
Chapter 9: Intranet - Web to Remote WCF Using Transport Security (Original Caller, TCP)
Chapter 10: Intranet - Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
Chapter 11: Intranet - Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
Chapter 12: Intranet - Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)
Chapter 13: Internet - WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
Chapter 14: Internet - Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
Chapter 15: Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)

Our Team

J.D. Meier
Carlos Farre
Jason Taylor
Prashant Bansode
Steve Gregersen
Madhu Sundararajan
Rob Boucher

Contributors / Reviewers

External Contributors / Reviewers: Andy Eunson; Anil John; Anu Rajendra; Brandon Bohling; Chaitanya Bijwe; Daniel Root; David P. Romig, Sr.; Dennis Rea; Kevin Lam; Michele Leroux Bustamante; Parameswaran Vaideeswaran; Rockford Lhotka; Rudolph Araujo; Santosh Bejugam
Microsoft Contributors / Reviewers: Alik Levin; Brandon Blazer; Brent Schmaltz; Curt Smith; David Bradley; Dmitri Ossipov; Jan Alexander; Jason Hogg; Jason Pang; John Steer; Marc Goodner; Mark Fussell; Martin Gudgin; Martin Petersen-Frey; Mike de Libero; Mohammad Al-Sabt; Nobuyuki Akama; Ralph Squillace; Richard Lewis; Rick Saling; Rohit Sharma; Scott Mason; Sidd Shenoy; Sidney Higa; Stuart Kwan; Suwat Chitphakdibodin; T.R. Vishwanath; Todd Kutzke; Todd West; Vijay Gajjala; Vittorio Bertocci; Wenlong Dong; Yann Christensen; Yavor Georgiev

My Projects on MSDN

J.D. Meier — Tue, 10 Feb 2009 22:51:14 GMT

This post is a simple way to browse the bulk of my patterns & practices work on MSDN and CodePlex. After I walk customers through things, the next question is usually, "OK, so where do we find this?" This is the link I'll be sharing.

Guides

Performance

Books / Guides

Methods

Guidelines

Checklists

Practices at a Glance

Performance Practices at a Glance

How Tos

Security

Guides

Methods

Threats and Countermeasures

Cheat Sheets

Guidelines

Checklists

Practices at a Glance

Questions and Answers

Explained

Application Scenarios

ASP.NET Security How Tos

WCF Security How Tos

Visual Studio Team System

Guides

Team Development with Visual Studio Team Foundation Server

Guidelines

Practices at a Glance

Questions and Answers

Source Control Practices at a Glance

How Tos

My Related Posts

patterns & practices Complete Catalog

People I've Worked with On Past Projects

J.D. Meier — Mon, 09 Feb 2009 10:00:06 GMT

One lesson I've learned time and again is that it's about the people. You can be on a lousy project with great people and still have a great time. The reverse is not always true. Of course, the ideal world is a great project with great people. I've been lucky enough to have enjoyed several adventures with great people while trying to change the world.

As part of mid-year review, I'm taking a stroll down memory lane. To do so, I created a snapshot of people I've worked with while writing books in patterns & practices over the years. Looking into the past always gives me insight into the future. I use it to find personal success patterns. It also helps me get a new vantage point for project analysis.

The first thing I learned by looking at the list of people I've worked with is how the right project can really grow your network. The other thing is how you can also predict a project's success largely by who's involved. The thing that really stands out for me is that the most successful projects were ones that created an intersection of the right problems, with the right people, with the right passions and strengths. That's what dream teams and compelling missions are made of. A simple test of whether you have the right team is whether you want to run towards or away from the problem.

Here's the snapshot I used for my analysis ...

Application Architecture Guide 2.0

Home Page: http://www.codeplex.com/AppArchGuide
Forewords: S. Somasegar, Scott Guthrie
Authors: J.D. Meier , Alex Homer, David Hill, Jason Taylor , Prashant Bansode , Lonnie Wall, Rob Boucher Jr, Akshay Bogawat
Test Team - Rohit Sharma, Praveen Rangarajan, Kashinath TR, Vijaya Jankiraman
Edit Team - Dennis Rea
External Contributors/Reviewers - Adwait Ullal; Andy Eunson; Brian Sletten; Christian Weyer; David Guimbellot; David Ing; David Weller; Derek Greer; Eduardo Jezierski; Evan Hoff; Gajapathi Kannan; Jeremy D. Miller; John Kordyback; Keith Pleas; Kent Corley; Mark Baker; Paul Ballard; Peter Oehlert; Norman Headlam; Ryan Plant; Sam Gentile; Sidney G Pinney; Ted Neward; Udi Dahan
Microsoft Contributors / Reviewers - Ade Miller; Amit Chopra; Anna Liu; Anoop Gupta; Bob Brumfield; Brad Abrams; Brian Cawelti; Bhushan Nene; Burley Kawasaki; Carl Perry; Chris Keyser; Chris Tavares; Clint Edmonson; Dan Reagan; Denny Dayton; Diego Dagum; Dmitri Martynov; Dmitri Ossipov; Don Smith; Dragos Manolescu; Elisa Flasko; Eric Fleck; Erwin van der Valk; Faisal Mohamood; Francis Cheung; Gary Lewis; Glenn Block; Gregory Leake; Ian Ellison-Taylor; Ilia Fortunov; J.R. Arredondo; Javed Sikander; John deVadoss; Joseph Hofstader; Koby Avital; Loke Uei Tan; Luke Nyswonger; Manish Prabhu; Meghan Perez; Mehran Nikoo; Michael Puleio; Mike Francis; Mike Walker; Mubarak Elamin; Nick Malik; Nobuyuki Akama; Ofer Ashkenazi; Pablo Castro; Pat Helland; Phil Haack; Rabi Satter; Reed Robison; Rob Tiffany; Ryno Rijnsburger; Scott Hanselman; Seema Ramchandani; Serena Yeoh; Simon Calvert; Srinath Vasireddy; Tom Hollander; Wojtek Kozaczynski

Improving Web Services Security

Home Page: http://www.codeplex.com/WCFSecurityGuide
Forewords: Nicholas Allen, Rockford Lhotka
Authors: J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
External Contributors/Reviewers: Andy Eunson; Anil John; Anu Rajendra; Brandon Bohling; Chaitanya Bijwe; Daniel Root; David P. Romig, Sr.; Dennis Rea; Kevin Lam; Michele Bustamante; Parameswaran Vaideeswaran; Rockford Lotka; Rudolph Araujo; Santosh Bejugam
Microsoft Contributors / Reviewers: Alik Levin; Brandon Blazer; Brent Schmaltz; Curt Smith ; Dmitri Ossipov; Don Smith; Jan Alexander; Jason Hogg; Jason Pang; John Steer; Marc Goodner; Mark Fussell; Martin Gudgin; Martin Petersen-Frey; Mike de Libero; Mohammad Al-Sabt; Nobuyuki Akama; Ralph Squillace; Richard Lewis; Rick Saling; Rohit Sharma; Scott Mason; Sidd Shenoy; Sidney Higa; Stuart Kwan; Suwat Chitphakdibodin; T.R. Vishwanath; Todd Kutzke; Todd West; Vijay Gajjala; Vittorio Bertocci; Wenlong Dong; Yann Christensen; Yavor Georgiev

Team Development with Visual Studio Team Foundation Server

Home Page: http://msdn.microsoft.com/en-us/library/bb668991.aspx
Forewords: Jeff Beehler, Rob Caron, Brian Harry
Authors: J.D. Meier, Jason Taylor, Prashant Bansode, Alex Mackman, Kevin Jones
External Contributors/Reviewers. David P. Romig, Sr; Dennis Rea; Eugene Zakhareyev; Leon Langleyben; Martin Woodward; Michael Rummier; Miguel Mendoza ; Mike Fourie; Quang Tran; Sarit Tamir; Tushar More; Vaughn Hughes
Microsoft Contributors / Reviewers. Aaron Hallberg; Ahmed Salijee; Ajay Sudan; Ajoy Krishnamoorthy; Alan Ridlehoover; Alik Levin; Ameya Bhatawdekar; Bijan Javidi; Bill Essary; Brett Keown; Brian Harry; Brian Moore; Brian Keller; Buck Hodges; Burt Harris; Conor Morrison; David Caufield; David Lemphers; Doug Neumann; Edward Jezierski; Eric Blanchet; Eric Charran; Graham Barry; Gregg Boer; Grigori Melnik; Janet Williams Hepler; Jeff Beehler; Jose Parra; Julie MacAller; Ken Perilman; Lenny Fenster; Marc Kuperstein; Mario Rodriguez; Matthew Mitrik; Michael Puleio; Nobuyuki Akama; Paul Goring; Pete Coupland; Peter Provost; Granville (Randy) Miller; Richard Berg; Rob Caron; Robert Horvick; Rohit Sharma; Ryley Taketa; Sajee Mathew; Siddharth Bhatia; Tom Hollander; Tom Marsh; Venky Veeraraghavan

Performance Testing Guidance

Home Page: http://msdn.microsoft.com/en-us/library/bb924375.aspx
Forewords: Alberto Savoia, Rico Mariani
Authors: J.D. Meier, Microsoft, Senior Program Manager, patterns & practices
Carlos Farre, Microsoft, Software Design Engineer Test, patterns & practices
Prashant Bansode, Infosys Technologies Ltd
Scott Barber, PerfTestPlus Inc, Chief Technologist
Dennis Rea, Wadeware LLC
Microsoft Contributors and Reviewers: Alan Ridlehoover; Clint Huffman; Edmund Wong; Ken Perilman; Larry Brader; Mark Tomlinson; Paul Williams; Pete Coupland; Rico Mariani
External Contributors and Reviewers: Alberto Savoia; Ben Simo; Cem Kaner; Chris Loosley; Corey Goldberg; Dawn Haynes; Derek Mead; Karen N. Johnson; Mike Bonar; Pradeep Soundararajan; Richard Leeke; Roland Stens; Ross Collard; Steven Woody

Security Engineering

Home Page: http://msdn.microsoft.com/en-us/library/ms998382.aspx
Authors: J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, and Rudolph Araujo.
Test Team: Larry Brader, Microsoft Corporation; Nadupalli Venkata Surya Sateesh, Sivanthapatham Shanmugasundaram, Infosys Technologies Ltd.
Edit Team: Nelly Delgado, Microsoft Corporation
Release Management: Sanjeev Garg, Microsoft Corporation
External Contributors and Reviewers: Anil John, Johns Hopkins University – Applied Physics Laboratory; Frank Heidt; Keith Brown Pluralsight LLC; Mark Curphey, Foundstone Professional Services
Microsoft Services and PSS Contributors and Reviewers: Adam Semel, Denny Dayton, Gregor Noriskin, Kate Baroni, Tom Christian, Wade Mascia
Microsoft Product Group: Charlie Kaufman, Don Willits, Mike Downen, Rick Samona
Microsoft IT Contributors and Reviewers: Akshay Aggarwal, Irfan Chaudhry, Shawn Veney, Talhah Mir
MSDN Contributors and Reviewers: Kent Sharkey
Microsoft EEG: Corey Ladas, James Waletzky

Improving .NET Application Performance and Scalability

Home Page: http://msdn.microsoft.com/en-us/library/ms998530.aspx
Forewords: S. Somasegar, Rico Mariani, Brandon Bohling, Connie U. Smith, Scott Barber
Authors: J.D. Meier, Srinath Vasireddy, Ashish Babbar, Alex Mackman
Special thanks to key contributors: Anandha Murukan; Andy Eunson; Balan Jayaraman, Infosys Technologies Ltd; Christopher Brumme (CLR and COM interop); Connie U. Smith, Ph.D.; Curtis Krumel (SQL Server); David G. Brown (SQL Server); Denny Dayton; Don Willits ("Uber man"); Edward Jezierski; Ilia Fortunov; Jim O'Brien, Content Master Ltd; John Allen (ASP.NET); Matt Odhner (ACT); Prabhaker Potharaju (SQL Server); Rico Mariani (Performance Modeling, CLR, Code Review, Measuring); Ray Escamilla (Tuning); Scott Barber (Performance Modeling and Testing); Sharon Bjeletich (SQL Server)
Special thanks to key reviewers: Adam Nathan (Interop); Brad Abrams; Brandon Bohling, Intel Corporation; Carlos Farre, Solutions IQ; Chuck Delouis, Veritas Software (SQL Server); Cosmin Radu (Interop); Eddie Lau (ACE); Eric Morris (ACE); Erik Olsen (ASP.NET); Gerardo Bermudez (CLR, Performance Modeling); Gregor Noriskin; Ken Perilman; Jan Gray; John Hopkins (ACE); Joshua Lee; K.M. Lee (ACE TEAM); Mark Fussell (XML); Matt Tavis (Remoting); Nico Jansen (ACE Team); Pablo Castro (ADO.NET and SQL); Patrick Dussud (CLR); Riyaz Pishori (Enterprise Services); Richard Turner (Enterprise Services); Sonja Keserovic (Interop); Thomas Marquardt (ASP.NET); Tim Walton; Tom McDonald; Wade Mascia (ASP.NET threading, Web services, and Enterprise Services); Yasser Shohoud (Web services)
External Reviewers: Ajay Mungara, Intel Corporation; Bill Draven, Intel Corporation; Emil Lerch, Intel Corporation; Carlos Santos (Managed Code); Chris Mullins, Kiefer Consulting; Christopher Bowen, Monster.com; Chuck Cooper; Dan Sullivan; Dave Levine, Rockwell Software; Daniel Cazzulino, Lagash Systems SA; Diego Gonzalez, Lagash Systems SA (XML); Franco Ceruti; Fredrik Normen "N2", Barium AB (extensive review); Grant Fritchey; Greg Buskirk; Greg Kiefer, Kiefer Consulting; Ingo Rammer, IngoRammer.com; James Duff, Vertigo Software; Jason Masterman, Barracuda .NET (Remoting); Jeff Fiegel, Acres Gaming; Jeff Sukow, Rockwell Software; John Lam; John Vliet, Intel Corporation; Juval Lowy (COM interop); Kelly Summerlin, TetraData; Mats Lanner, Open Text Corporation; Matt Davey; Matthew Brealey; Mitch Denny, Monash.NET; Morten Abrahamsen (Performance and Transactions); Nick Wienholt, dotnetperformance.com; Norm Smith (Data Access and Performance Modeling); Pascal Tellier, prairieFyre Software Inc.; Paul Ballard, Rochester Consulting Partnership, Inc.; Per Larsen (Managed Code Performance); Scott Allen (Design Guidelines); Philippe Harry Leopold Frederix (Belgium); Scott Stanfield, Vertigo Software; Ted Pattison, Barracuda .NET (COM Interop); Thiru Thangarathinam; Tim Weaver, Monster.com; Vivek Chauhan (NIIT); Thiru Thangarathinam; Wat Hughes, Creative Data (SQL Server)
Microsoft Consulting Services and Product Support Services (PSS): Dan Grady; David Madrian; Eddie Clodfelter; Hugh Wade; Jackie Richards; Jacquelyn Schmidt; Jaime Rodriguez; James Dosch; Jeff Pflum; Jim Scurlock; Julian Gonzalez (Web services); Kenny Jones; Linnea Bennett; Matt Neerincx; Michael Parkes; Michael Royster; Michael Stuart; Nam Su Kang; Neil Leslie; Nobuyuki Akama; Pat Altimore; Paul Fallon; Scott Slater; Tom Sears; Tony Bray
Microsoft Product Group: Alexei Vopilov (Web services); Amrish Kumar; Arvindra Sehmi; Bill Evans; Brian Spanton; Keith Ballinger (WSE); Scot Gellock (Web services); Brian Grunkemeyer (CLR); Chris Eck; David Fields (NT); David Guimbellot; David Mortenson (CLR); Dax Hawkins; Dhananjay Mahajan (Enterprise Services); Dino Chiesa; Dmitry Robsman; Doug Rothaus (ADO.NET); Eddie Liu; Elena Kharitidi (Web services); Fabio Yeon; Harris Syed (Enterprise Services); Jason Zander; Jeffrey Cooperstein; Jim Radigan; Joe Long (Web services vs. ES vs. Remoting); Joshua Allen; Larry Buerk; Lubor Kollar (SQL Server); Maoni Stephens; Michael Coulson; Michael Fanning; Michael Murray (FxCop); Omri Gazitt; Patrick Ng (FX DEV); Peter Carlin (SQL Server); Rebecca Dias (WSE); Rick Vicik; Robin Maffeo (CLR Thread pool); Vance Morrison; Walter Stiers; Yann Christensen
patterns & practices members: Jason Hogg (ADO.NET and XML); Naveen Yajaman; Sandy Khaund; Scott Densmore; Tom Hollander; Wojtek Kozaczynski
Thanks to our test team: (Infosys Technologies Ltd): Austin Ajit Samuel Angel; Dhanyah T.S.K; Lakshmi; Prashant Bansode; Ramesh Revenipati; Ramprasad Gopalakrishnan; Ramprasad Ramamurthy; Terrence J. Cyril
Thanks to our editors for helping to ensure a quality experience for the reader: Sharon Smith; Tina Burden McGrayne, Entirenet; Susan Filkins, Entirenet; Tyson Nevil, Entirenet
product manager: Ron Jacobs
Finally, thanks to: Alex Lowe; Chris Sells; Jay Nanduri; Nitin Agrawal; Pat Filoteo; Patrick Conlan (SQL Server); Rajasi Saha; Sanjeev Garg (Satyam Computer Services); Todd Kutzke

Improving Web Application Security: Threats and Countermeasures

Home Page: http://msdn.microsoft.com/en-us/library/ms994921.aspx
Forewords: Mark Curphey, Erik Olson, Joel Scambrary, Michael Howard
Authors: J.D. Meier, Alex Mackman, Srinath Vasireddy, Michael Dunner, Ray Escamilla, Anandha Murukan
External Reviewers–Mark Curphey, Open Web Application Security Project and Watchfire; Andy Eunson (extensive review); Anil John (code access security and hosting scenarios); Paul Hudson and Stuart Bonell, Attenda Ltd. (extensive review of the Securing series); Scott Stanfield and James Walters, Vertigo Software; Lloyd Andrew Hubbard; Matthew Levine; Lakshmi Narasimhan Vyasarajan, Satyam Computer Services; Nick Smith, Senior Security Architect, American Airlines (extensive review of the Securing series); Ron Nelson; Senthil Rajan Alaguvel, Infosys Technologies Limited; Roger Abell, Engineering Technical Services, Arizona State University; and Doug Thews.
Microsoft Product Group–Michael Howard (Threat Modeling, Code Review, and Deployment Review); Matt Lyons (demystifying code access security); Caesar Samsi; Erik Olson (extensive validation and recommendations on ASP.NET); Andres De Vivanco (securing SQL Server); Riyaz Pishori (Enterprise Services); Alan Shi; Carlos Garcia Jurado Suarez; Raja Krishnaswamy, CLR Development Lead; Christopher Brown; Dennis Angeline; Ivan Medvedev (code access security); Jeffrey Cooperstein (Threat Modeling); Frank Swiderski; Manish Prabhu (.NET Remoting); Michael Edwards, MSDE; Pranish Kumar, (VC++ PM); Richard Waymire (SQL Security); Sebastian Lange; Greg Singleton; Thomas Deml (IIS Lead PM); Wade Hilmo (IIS); Steven Pratschner; Willis Johnson (SQL Server); and Girish Chander (SQL Server).
Microsoft Consulting Services and Product Support Services (PSS): Ilia Fortunov (Senior Architect) for providing continuous and diligent feedback; Aaron Margosis (extensive review, script injection, and SQL Injection); Jacquelyn Schmidt; Kenny Jones; Wade Mascia (Web Services and Enterprise services); Aaron Barth; Jackie Richards; Aaron Turner; Andy Erlandson (Director of PSS Security); Jayaprakasam Siddian Thirunavukkarasu (SQL Server security); Jeremy Bostron; Jerry Bryant; Mike Leuzinger; Robert Hensing (reviewing the Securing series); Gene Ferioli; David Lawler; Jon Wall (threat modeling); Martin Born; Michael Thomassy; Michael Royster; Phil McMillan; and Steven Ramirez.
Special Thanks To: Joel Scambray; Rich Benack; Alisson Sol; Tavi Siochi (IT Audit); Don Willits (raising the quality bar); Jay Nanduri (Microsoft.com) for reviewing and sharing real world experience; Devendra Tiwari and Peter Dampier, for extensive review and sharing best IT practices; Denny Dayton; Carlos Lyons; Eric Rachner; Justin Clarke; Shawn Welch (IT Audit); Rick DeJarnette; Kent Sharkey (Hosting scenarios); Andy Oakley; Lucas Lavarello; Vijay Rajagopalan (Dev Lead MS Operations); Gordon Ritchie, Content Master Ltd; Chase Carpenter (Threat Modeling); Matt Powell (for Web Services security); Joel Yoker; Juhan Lee [MSN Operations]; Lori Woehler; Mike Sherrill; Mike Kass; Nilesh Bhide; Rebecca Hulse; Rob Oikawa (Architect); Scott Greene; Shawn Nandi; Steve Riley; Mark Mortimore; Matt Priestley; and David Ross.
Editors: Sharon Smith; Kathleen Hartman (S&T OnSite); Tina Burden (Entirenet); Cindy Riskin (S&T OnSite); and Pat Collins (Entirenet) for helping to ensure a quality experience for the reader.
patterns & practices team members: Naveen Yajaman; Philip Teale; Scott Densmore; Ron Jacobs; Jason Hogg; Per Vonge Nielsen; Andrew Mason; Edward Jezierski; Michael Kropp; Sandy Khaund; Shaun Hayes; Mohammad Al–Sabt; Edward Lafferty; Ken Perilman; and Sanjeev Garg (Satyam Computer Services).

Building Secure ASP.NET Applications

Home Page: http://msdn.microsoft.com/en-us/library/aa302415.aspx
Authors: J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Contributors and reviewers: Manish Prabhu, Jesus Ruiz-Scougall, Jonathan Hawkins and Doug Purdy, Keith Ballinger, Yann Christensen and Alexei Vopilov, Laura Barsan, Greg Fee, Greg Singleton, Sebastian Lange, Tarik Soulami, Erik Olson, Caesar Samsi, Riyaz Pishori, Shannon Pahl, Ron Jacobs, Dave McPherson, Christopher Brown, John Banes, Joel Scambray, Girish Chander, William Zentmayer, Shantanu Sarkar, Carl Nolan, Samuel Melendez, Jacquelyn Schmidt, Steve Busby, Len Cardinal, Monica DeZulueta, Paula Paul, Ed Draper, Sean Finnegan, David Alberto, Kenny Jones, Doug Orange, Alexey Yeltsov, Martin Kohlleppel, Joel Yoker, Jay Nanduri, Ilia Fortunov, Aaron Margosis (MCS), Venkat Chilakala, John Allen, Jeremy Bostron, Martin Petersen-Frey, Karl Westerholm, Jayaprakasam Siddian Thirunavukkarasu, Wade Mascia, Ryan Kivett, Sarath Mallavarapu, Jerry Bryant, Peter Kyte, Philip Teale, Ram Sunkara, Shaun Hayes, Eric Schmidt, Michael Howard, Rich Benack, Carlos Lyons, Ted Kehl, Peter Dampier, Mike Sherrill, Devendra Tiwari, Tavi Siochi, Per Vonge Nielsen, Andrew Mason, Edward Jezierski, Sandy Khaund, Edward Lafferty, Peter M. Clift, John Munyon, Chris Sfanos, Mohammad Al-Sabt, Anandha Murukan (Satyam), Keith Brown (DevelopMentor), Andy Eunson, John Langley (KANA Software), Kurt Dillard, Christof Sprenger, J.K.Meadows, David Alberto, Bernard Chen (Sapient)

Microsoft patterns & practices Agile Workspace Tour

J.D. Meier — Mon, 19 Jan 2009 19:14:26 GMT

I posted a visual walkthrough of our Microsoft patterns & practices Agile workspace on Shaping Software. I basically did a lap around the halls and pointed out key things along the way. Our patterns & practices team workspace is optimized for agile development practices. The workspace features writeable walls, configurable workspace, speaker phones, projectors, focus rooms, and a customer room. The walkthrough is extensive. It's basically more than 40 pictures. Enjoy!