Security/identity / XML · 2007-07-31

Summer School droplets

Barred from punting?!

Despite parts of Oxford turning into a big blue wobbly thing and punting getting canceled, the XML Summer School this year provided a great experience for speakers and track chairs and, I hope, delegates as well. Others have written about their experience. I thought I’d share some of the more interesting moments from the Web Services and Identity speakers here, with more to come as I slowly complete my reverse timezone shift.

Marc Hadley (apologies for lack of speaking photo!): The first of two speakers to strongly recommend the O’Reilly RESTful Web Services book. Make services “part of the web” rather than just working “over the web”.

Paul Downey - be afraid Paul Downey: In addition to thinking about the services part, we should think about and exploit the web part. “Aristotle, the canonical information architect, says you must have command of your metaphor.” The contract approach is a problem and taxonomies bias things. “I don’t think there is a WS-* caching spec, interestingly enough. [pause] Please don’t write one!”

John Kemp John Kemp: The same web services concepts apply to networked services that aren’t on the web per se. John generated an amazingly prescient horoscope from a Python-based web service running on a virtual phone on virtual Windows on MacOS, using an HTTP-like protocol over SOAP over BEEP (whew): “You will make a presentation about web services.”

Jeff Barr Jeff Barr: Shared the Amazon Web Services story, which demonstrates the power of web services for fun and profit. Demoed sales rank messaging; surprise surprise, Deathly Hallows was #1. :-) Showed cool sites liveplasma, blingee, and The Sheep Market. Developers don’t ask about “SOAP vs. REST” anymore; they tend to use purpose-built AWS toolkits.

Rich Salz Rich Salz: “You are your key” — that is, your cryptographic key is a very close analogue to your digital identity, particularly in app-to-app interactions. On any digital signature system, XML canonicalization is the most expensive part of the processing.

Paul Madsen and his new Web 2.0 app, Bladder Paul Madsen: In response to a question about whether he truly understands XRIs, admitted that “I don’t have any magical powers.” :-) Rudely used his speaking opportunity to look for investors in his new Web 2.0 app.

John Chelsom John Chelsom: An argument for holding health information in a national electronic record as opposed to paper copies all over the place is that if a breach happens, at least you know about it!

One more moment I have to share: Bob DuCharme and I have been talking for a couple of years about setting up the perfect geek photo. See, one of his daughters is named Alice, and we saw an opportunity to illustrate an important data security principle…

Eve eavesdropping on Alice and Bob's conversation

(More pix of the event by various people here and here, and flood photos here.)