Pushing String

Dr. John Gøtze, a Danish e-government consultant and OASIS IT contractor, provides more background on the Danish government’s decision around requiring SAML V2.0 support. His colleague in the Danish Ministry of Technology, Science and Innovation sent an open letter to Microsoft a couple of months ago. A snippet:

• You are cited saying: SAML 2.0 protocols are fine for strictly Web single sign-on. In your view is exchange of attributes, and assertions about access rights a part of Web single sign-on? Or do you assert that SAML 2.0 isn’t well suited for these tasks?
• You are cited saying: SAML 2.0 does not have reliable messaging or transaction support. As far as we can tell neither have WS-Federation, and obviously such functionality should be covered in standards that focus on reliable messaging and transaction, so is your position that SAML 2.0 will not work well with the standards for reliable messaging and transactions that OASIS is working to finalize?
• What other motivations does Microsoft have for not supporting SAML 2.0 in the currently released product?

Pretty direct questions… Dr. Gøtze plans to follow up to find out if there was a response that can be shared. The letter was directed to Don Schmidt, a Microsoft guy I like and respect (and blogged a picture of…). It will be interesting to find out more about how this played out.

I know, I know, this is getting to be the “all SAML all the time” channel… And it looks like I’m going to be the “SAML story lady” at the introductory day of next week’s Internet Identity Workshop in the Bay area, too. But there were two news snippets in the April 24 [update: oops, it’s April 25] edition of the XML.com Daily Newslink mailing that related to SAML that seemed worth sharing. (The archives seem to be a week behind the actual mailings, so I can’t link directly to this one.)

First, the Danish government is standing pat on its requirement for SAML V2.0 support in federated identity management for the Danish public sector. The article mentions this being an issue for Microsoft’s recently shipped federated identity product, as it has no SAML support. (This sounds strangely familiar.) The Danes have been pretty smart about XML standardization; they were early adopters of UBL and have reported that they were able to cut B2B costs with it.

Second, the folks at the OpenSAML.org open-source project, part of the Shibboleth initiative, have announced Technology Preview 1 of the Java edition of their SAML V2.0 support (downloads available here). Congratulations on that achievement! There’s still more basic support to be added, but this code base covers all SAML versions, and — according to the Newlink item — “[a]ll core SAML constructs are now supported to some degree.”

UPDATE: I’ve been reminded that there’s information on e-government adoption of Liberty technologies now available here. The latest version of “Liberty Federation” is SAML V2.0.

There’s a simple test service called HelloSAML that’s been mentioned a couple of times on the saml-dev list, but if you’re not on that list or other SAML-related lists you might not have heard of it. From the introductory message by José Manuel Macías:

Basically, it’s a web front-end to AARR using different requester and responder profiles. The tool is able to perform HTTP SAML requests to a certain service configured by the user (requester mode), or receive and answer queries in an special URL created for the user (rsponder mode). The logs provided by AARR are also available.

It’s still very basic, and probably lacks a lot of desirable features, but if you find it interesting we can improve it in the future. Any suggestions will be really appreciated.

Recently I asked José Manuel for a bit more information, and here’s what he told me:

This is a first beta (even having been there for several months!) and users should keep in mind that the service is provided “as is”. It has limitations, and goes not much beyong saying “hello”; we plan to improve HelloSAML and add more features, such as SAML 2.0, improvement of logs, …

HelloSAML uses AARR, and current efforts are focused in this tool. AARR was initially developed by two colleagues (Cándido Rodriguez and Diego López) as part of the work made within the Terena TF-AACE task force.

AARR source code is available for everyone at RedIRIS CVS server, and we are open to hear the user comments, just write to us.

(These gentlemen’s email addresses are all available on the AARR site.) Give it a spin and see what you think!

Yesterday I got a note from my friend Tonua with some unfortunate news: She has been diagnosed with inflammatory breast cancer, a rare and virulent form that must be treated aggressively. In her creative fashion, however, Tonua is making the experience wholly her own, using it to understand herself better and help others going through the same thing. In fact, maybe this is weird to say, but her enthusiasm is darn near infectious.

She has begun a blog, Taming the Savage Breast, specifically to record and sort out everything she’s going through, and she’s even working on a film documentary. She appears to be channeling the Manolo in adopting a “super-fantastic attitude” and the energy to match it.

On Friday she blogged about a day’s worth of having tests done at the hospital:

Today, I spent 5 hours at the hospital having tests run. But the tests were so cool, that it was like being in a sci-fi film… or the future. The future is now!

And here’s a tiny snippet from today’s entry on hair loss:

I’ve been planning to start posting video to this site. I’ll record getting my head shaved and make that my first post! Stay tuned to my blog for more details.

You may be moved to stay tuned; I certainly will, and will keep sending good vibes in Tonua’s direction. If you’re also moved (as I was) on this occasion to contribute to the cause of finding a breast cancer cure, Tonua is participating in the Susan G. Komen Breast Cancer Foundation Race for the Cure and you can donate here. You can also find a race/walk that’s close to you.

Been meaning to share this little tidbit for a long time. I had this cartoon on my office wall at Digital for many years in the 80’s; I think it came from the New Yorker but can’t recall, and there’s no sign of it online that I can find. (Click for a larger version.)

It was brought to mind recently when my bandmate diagnosed me as — accused me of being? — a high-functioning obsessive. It has gotten to the point where we joke about it on stage, and I found myself saying into the microphone, “An organized kitty is a productive kitty!” Now at least some people will have a referent for this odd saying.

Kitty’s Datebook

I admit to being tickled that this particular week in April 2006 seems to correspond to the fictional week being displayed here. Is that part of my malady?

…with another layer of abstraction. I’m in a Microsoft software design review conference this week, and I just heard a speaker refer to WS-Transfer — with tongue only partially in cheek — as “HTTP over HTTP”. Oh dear.

After having mentioned the great two-day web services/SOA track we’ve got planned for the XML Summer School, I’m delighted to report that Jeff Barr of Amazon is now on board as our guest lecturer, providing a case study. He ponders: “I’m not sure, but I think this means that I can tell my (future) grandchildren that I was once a guest lecturer at Oxford University.” Hey, when I began my involvement with this event, it took all of 15 seconds for my mom to start telling her friends that I “teach at Oxford”. It’s true in some sense!

I just read this great New York Times article on Condoleezza Rice and her amateur chamber music group. I would never claim to have the same dedication or virtuosoisticness, and it’s for sure that our genres are pretty far apart (mine requires playing in pubs rather than living rooms — and we practice in a place called the Groovebox). I’m pretty sure Condi would never say “Sorry, I can’t make that state dinner with the President of Burundi next weekend; I’ve got band practice.” But I understand well the satisfaction that comes from rehearsal sessions and performances.

Though the Schumann went well, Ms. Rice felt that things had become shaky in the exuberant push to the coda. “Can we try the ending again,” she asked, “just for our pride?” So they did, and they played it with more solidity and just as much spirit.

…

Ms. Kim commented on the articulate way Ms. Rice played a series of thick chords. “You’re playing them really short, Condi,” she said. “I hadn’t thought of that,” she added, warming to the idea.

“I like them separated,” Ms. Rice replied. “Not too short, maybe kind of sticky.” Everyone knew what she meant.

The process of tweaking and ultimately nailing a passage feels great, particularly when you’re playing with emotionally (and actually) mature people who can give and take constructive criticism, and who can appreciate and take advantage of each person’s talents and insights. Let me tell you, the maturity is worth as much as the talent.

Our gigs tend to fall a couple of months apart at this point, and in between we try to learn a handful of new tunes and improve the weakest handful of our current tunes. Right now we’re learning, among other pieces, Lonnie Smith’s Love Bowl — big fun. I often joke about practicing keyboards without a license, but since the band keeps picking keyboard-heavy tunes, I’m definitely stretching my abilities. Luckily, a pocketful of blues organ riffs goes a long way…

Paraphrasing Condi, “‘It’s not exactly relaxing if you are struggling to play [Stevie Wonder],’ she explained. ‘But it is transporting.’”