Archive for Oct 2003


Connecting Stateful Session Beans and JSPs

Note: This example has been updated. See this essay on connecting stateful session beans for the most recent description. In my class on large scale distributed systems, we've been talking about enterprise java beans. The question at this point (since they're starting on their project) is how to implement a system so that session state is maintained across multiple JSP pages and inside an associated stateful session bean. Since I've not been able to find many great examples that show how to put it all together, I wrote one today and I thought I'd share it here. Here's the
Continue reading...


Make Sure You're Playing the Right Game

Chess and poker are perfect analogies for the competing interests in deciding how and where to be transparent. In chess, the state of the game is transparent. Each player can see the current state of the game and plan their strategy, and try to deduce their opponents strategy, from that state and the actions taken to get there. In poker, the current state is a secret, or at least mostly secret. You can't bluff in chess the way you can in poker. Most geeks play better chess than poker, metaphorically at least. IETF and other organizations work on the
Continue reading...


Its Like Windows, But it Sucks Less

Jon Kale has an amusing and interesting post on the first day of Microsoft's PDC. One of the most interesting things is his description of Allchin (MS Group VP for Platforms) editing code live in front of the 7000 member audience. That's the way it ought to be.
Continue reading...


Organizational Blogging

I got an email from Thomas Burg in Austria asking for any hints on introducing blogging to an IT organization. Here's what I told him: Don't do it if you're not prepared, as an organization, to speak the truth. Blogging promotes, but also requires to some extent, a culture of candor. Start small. You need an organizational leader to set an example. Set up the infrastructure, buy licenses, etc. early and make it easy for people to get started. I bought Radio licenses for everyone. You could choose Moveable Type as well, but I think Radio has some definite
Continue reading...


Serendipitous Flexibility

I got a lesson today in how loose coupling provides flexibility to applications in the face of change. Interestingly enough, I got the lesson from myself. As I've reported, I moved www.windley.com to a new server last Saturday. One of the things on my TODO list was to "fix" my newsletter since I was sure it was broken. My newsletter is created from a special RSS feed on my blog. I created a category in Radio called "newsletter" and set it up so that it doesn't generate HTML, just RSS. Whenever I write an article on my blog that
Continue reading...


If You're Going to be Naked, You'd Better Be Buff

Regular readers will know that transparency is a favorite topic of mine. One of the chief benefits of eGovernment is transparent access to information about what government does. In an IT organization, transparency makes happy customers: there's no place inside a healthy organization for hiding information about rates, project status, or operational metrics. IT customers should have ready access to all that information. Now, Don Tapscott and David Ticoll have written a book which deals with transparency in the larger organization called The Naked Corporation: How the Age of Transparency Will Revolutionize Business. The book was the subject of
Continue reading...


Upgrade to Panther

This was the weekend of moves and upgrades. In addition to moving my weblog to its new server, I also got Panther, the newest version of Apple's OS X, in the mail on Friday. I waited a little while to see what the forums were saying about the upgrade process and then went ahead and installed it on my TiBook. Here's what I did: Backed up /Users, /Library, and /Applications, just in case. All of your user data, including address book entries, mail (if you use the Apple Mail client, at least), etc. are in your /Users/$user_name/Library folder. I
Continue reading...


A New Home for Windley's Enterprise Computing Weblog

I've slowly been moving services that I used to host at Verio over to my co-located server. This weekend, I'm moving www.windley.com and this blog to the new machine. If you're seeing this message, then you're seeing the new digs. I'd appreciate any bug reports. The new machine is hosted by Fibernet, a local ISP and hosting company run by my friends Lane and Lee Livingston. I've got a lot of respect for them because they've been around since the beginnin and they've survived in the boom times and the lean times. While others are struggling, they recently built
Continue reading...


Dan Farber on DIDW and PingID

Dan Farber was at Digital ID World and has written up a great article for ZDNet's TechUpdate. I didn't get to meet Dan at DIDW, I wish I had. Dan highlights three things from DIDW: Tony Scott's keynote, the discussions of federation, and PingID, and manages to tie them together nicely in a discussion of PingID and its mission (disclosure: I'm on the PingID advisory board). One of Tony Scott's main points was that the technology to federate is the easy part, the hard part is issues like organizational trust, scenario planning, regulations, changing usage patterns, and how to
Continue reading...


Long Road, Large Gains for Identity Management

Tom King is CISO at Lehman Brothers Holdings. He had a simple idea: rather than build authentication into each application, they would build a central identity. provisioning and authentication system. Three years later, he's still working on the project. Before he could implement his idea, he first had to create a single repository of identity information in the company. Why go to the trouble? Read the following paragraph from the CIO magazine article where Tom's story is told:: So why bother with identity management at all? Because the returns can be impressive. According to a survey of more than
Continue reading...


Digital Identity is Not an Emerging Technology

I proposed doing a tutorial on digital identity management protocols (SAML, SMPL, XACML, WS-Security, etc.) at the O'Reilly Emerging Tech conference next year. Just got notice that they didn't accept the proposal. I was planning on doing an expanded version of the tutorial I did at DIDW, but with more meat concerning the protocols and their implementation. I guess digital identity is not cutting edge enough for ETCon? Go figure.
Continue reading...


Salt Lake Public Library

I'm sitting at the Salt Lake library in between a couple of meetings. Since the last time I was here, they've installed free Wi-Fi courtesy of XMission. I took some pictures of the library and its rather dramatic architecture earlier this year and they've become a popular attraction on my blog. They show up third in a google of "salt lake public library". One of the things I've discovered about blogging is that its hard to predict why people visit your blog. You can try and build a body of material that will attract that readership, but then your
Continue reading...


Closing the XML Security Gap

If you use a firewall as part of your network security strategy, you might be feeling smug, thinking that you've closed access to thousands of ports and vulnerabilities. What you may not realize is that your firewall is most likely blithely passing XML through port 80, the Web's default port. ... But there is hope for application security in the form of XML firewalls. These devices sit behind a traditional firewall and monitor traffic on port 80 and any other ports you select. They pick through the contents of the XML packets, looking for potential trouble and taking action
Continue reading...


Redesigned Utah Legislature Page

The Utah Legislature's Web site has undergone a redesign. I like it. The new look is clean and functional and there are high profile links to the things people will want the most. They are even using le.utah.gov as the URL instead of le.state.ut.us! (You wouldn't believe the flack I took from the Legislature over the move to utah.gov.) And in a fit of foresite, legislature.utah.gov redirects to the same place. Very nice. My favorite part is the "What's happening today" box at the bottom of the page and the associated link out to a calendar of events. I
Continue reading...


Open Source Business Conference

You've seen open source conferences and conventions. Maybe you've been to a few. They're interesting and exciting, but they rarely focus on what most businesses want to know: how do I make money if I open up the source code? Now there's a conference that answers that question. Matt Asay, a good friend of mine and one of Utah's most active open source source proponents, is putting together a conference called the Open Source Business Conference (March 17-18). Matt has a knack for brining people together--he's the founder and host of Utah's largest monthly meeting of entrepreneurs and venture
Continue reading...


More on Massachusetts Moves to Open Source

I wrote about Massachusetts moving to OSS a few weeks ago. This AP story has more information. According to the article, the Microsoft-led industry group Initiative for Software Choice has tracked 70 different open-source preference proposals in 24 countries.
Continue reading...


So Far, Participatory Democracy for Democrats Only

Esther Dyson wrote a piece for the New York Times last week called Power in Participation about some recent trends in politics involving the Web and blogs. She mentions MeetUp.com, a Web site for that helps organizes physical meetings. When I looked at MeetUp my first thought was "I can't believe its taken us this long to create a Web site that does this." MeetUp is well done and has active groups in many different categories. Its also been discovered by the politicos, as Esther points out: Meetup was recently discovered by the Democrats, most famously and effectively by
Continue reading...


DIDW: Doc Searls Endnote

There's now a tradition that Doc closes out Digital ID World. Its a good conference strategy--I stuck around to hear Doc even though the desire to get into the sky and home is pretty strong. I'm glad I did. I can't possibly do justice to a Doc Searl's presentation, but here's some thoughts I had while I was listening. Doc is speaking on the topic of "Myidentity, Ouridentity, Theiridentity," Andre's three tier hierarchy of identity domains and tying it into ClueTrain ideas. While he's been here, he created a vocabulary of identity buzzwords for his Buzzphraser application. Here's some
Continue reading...


Salt Lake County Recorder Web Site Get and Public Access

eGovernment is largely about public access to information. What does that say, then about making web sites as widely accessible as you possible can? I think there eGovernment Web sites have an obligation to be as accecssible as possible. In this category, I have to give the Salt Lake County Recorder's Office a grade of "F". Here's what I saw when I went to their Web site: I sympathize with web site developers who want to offer some neat functionality that's browser specific, but I think its decidedly broken to offer public services only to people who use a
Continue reading...


DIDW: The Identity of Things

This morning's opening session was a panel moderated by Esther Dyson on the Identity of Things. The debate naturally moved to what does it mean for all of the things I buy to be individually identified. Who manages the relationships? Me? Others? A near-term example that can shed light on some of the questions is SpeedPass, the RFID devices that are being distributed in urban areas to charge tolls to cars as they speed by rather than making the cars stop and pay the toll. These can, of course, be used to track the vehicle in other places as
Continue reading...


Details on the Vonage Ruling

The judge who vacated the Minnesota Public Services Commission regulations concerning Vonage earlier in the week issued more detailed comments and rationale today. In a Washington Post article the judge is quoted: State regulation would effectively decimate Congress's mandate that the Internet remain unfettered by regulation. The court therefore grants Vonage's request for injunctive relief. I haven't found the actual ruling yet to link to. The MPSC has not said whether they'll appeal or not, but I think its a foregone conclusion that they will. The real issue in my mind is this. If I had brought the Cisco
Continue reading...


DIDW: Personal Area Networks

While I was chatting with Andre and Doc today, Andre mentioned something that I liked: a personal area network. Your personal area network is the group of folks in your buddy list. This is an incredible resource that no one has really tapped. People who use instant messaging have taken the time to indicate the people that they consider their friends and right now all its used for is chatting and presence. There's got to be other things that we could do with it. This comment happened in the context of a larger conversation with Simon Grice, the founder
Continue reading...


DIDW: How Identity will Refocus IT

Here's the cast of players: Moderator: Phil Becker, Editor, Digital ID World Rick Caccia, Director & Product Mgr, Oblix Brian Anderson, Program Director, IBM Tivoli Andy Eliopoulos, Director, Business Mgt. Network Identity, Sun Kurt Johnson, VP Business Development, Courion The number of applications that IT shops are supporting and the number of connections to partner systems is going up, not going down. Companies that can put the right people through the right resources, with the right resources are the companies that succeed. Identity has moved beyond can I come in, to the questions of where can I go and
Continue reading...


DIDW: Tony Scott Keynote

Tony Scott, GM's CTO, is today's second keynote. SInce 1996 GM has made significant progress toward common processes. They've reduced their legacy systems from 7000 to 3500. They have built a common email systems, created a global employee portal, created a single global CAD/CAM system (down from 23), and gone from having the highest IT cost as a percentage of sales to the lowest IT cost in the industry. That is impressive. They've achieved this by taking a "one-company" approach to IT. They still have regional CIO's responsible for systems, but overlay that with cross regional "process information officers"
Continue reading...


DIDW: Jamie Lewis

Jamie Lewis, from the Burton Group, is giving today's first keynote. I remember enjoying Jamie's talk last year, although I didn't realize how much was there. I ask him for the slides and recently went back and reviewed them and realized how many concepts I hadn't gotten at all a year ago that now seem very important. Jamie defines the virtual enterprise network (VEN) as the corporate network along with the connections to employees, partners, customers, and suppliers. Jamie's first thesis is that tightly coupled systems won't enable large-scale interoperability. The most important benefit of Web services is that
Continue reading...


DIDW: Photos

I have a gallery of photos I've taken at Digital ID World.
Continue reading...


DIDW: Grassroots identity: Does it Have a Chance?

I was torn between Carol Coye-Benson's session on The Business of Digital Identity and the session on Grassroots Identity. Grassroots Identity finally won out because the characters they've got assembled for this panel are bound to provide an interesting show: Moderator: AKM Adam, Reverend Dr., Seabury-Western Theology Seminary Doc Searls, Sr. Editor, Linux Journal Simon Grice, CEO, Midentity Marc Canter, Chairman & CEO, Broadband Mechanics Simon Phipps, Chief Evangelist, Sun T-shirts, haircuts, tattoos, cars, vanity plates, and so on are examples of non-digital grassroots identity. Digital example include email addresses that are picked,meetup.com and other community creating services. Issued
Continue reading...


DIDW: Federation, Policy, and Trust Management

I'm in the Federation, Policy & Trust Management session. The participants are: Moderator: Jim Hurley, VP, Aberdeen Khaja Ahmed, Chief Security Architect, Microsoft Michael Barrett, VP Internet Strategy, American Express Tim Moses, Sr. Director Advanced Security Technology, Entrust I apologize that I've not kept careful track of who said what in the following. There's some general discussion of policies and trust. Access policies should be: Accessible to people and businesses in native languages Portable from business strategy through IT operations Consistent from human readable to digital instruction and across time and location invariant Reliable Trusted Policy is the set
Continue reading...


DIDW: Digital Identity Tutorial

My tutorial on digital identity management was this morning from 10:15 to 12:15. It overlapped a keynote and consequently we were slow getting going. Initially there were just three people there, but by the time we finished the room was full. Many of those present were people I know and respect; I felt like I was talking to a group of people who knew more about digital identity than I did. We had some good questions and discussion and I had several people say that going over the basic technologies in context was helpful. That's why I developed this
Continue reading...


DIDW: Identity Management vs. Managing by Identity

Phil Becker is using an interesting distinction to emphasize a point I've made several times before: identity management is about opportunity, not just security. He calls this "managing by identity" rather than "identity management." He says managing by identity uses identity to organize, manage and secure computing processes allows business process and computing process to align more naturally releases the real promise and capability of network computing: networking business processes Networking business processes across business boundaries has now become possible. Soon it will be necessary for survival. Phil moves onto the topic of trust. Networks require trust to release
Continue reading...


nTAGS at Digital ID World

We're using these interactive name tags called nTAGS. These are little computers that you were around your neck. The goal is to provide a technology that enhances, rather than disrupts, face to face communication. The devices have a pretty simple interface and function well. They are a little heavy, but that's the first generation. I wish they were more dynamic. They're meant to be that, but the information that the conference attendees provided was more multiple choice than free form, so they're a little less free form than I think they need to be. Still its a fun experiment
Continue reading...


Travel to Digital ID World

I'm at Digital ID World in Denver tonight. This was a great conference last year and promises to be even better this year. I flew my plane to Denver rather than going commercial. I was able to leave my house and be in the air 45 minutes later and land just 5 miles from the conference hotel. I had a 50 knot tail-wind and was traveling as fast as 218 knots at one point. Not bad. My door to door time was about an hour shorter than if I'd flown commercial. As a bonus, I was able to bring
Continue reading...


Public Records are No Longer Effectively Private

There are a lot of government records that are public: court proceedings, arrest records and property recordings are examples. Public records are one of the cornerstones of democracy. Democracies prefer accountability to enforcement. Rather than trying to enforce every rule and law with absolute certainty, we make information public and make people accountable. Accountability based systems scale better than enforcement systems. Even so, the Internet has upset some long held practices related to public records. Here's an example: Utah County, where I live, has put property records online. They've also done a good job of making their queries using
Continue reading...


Web Services Early Adopters

Many companies are reluctant to deploy Web services, having heard scary stories about security threats and half-baked standards. Still, a number of IT departments are moving forward--some slowly with pilot projects and others more aggressively. This most recent CIO magazine has an article on Web services early adopters and why they're keen on the technology. The highlighted organizations include Motorola, the US Navy, and Wells Fargo. Samir Desai is Motorola's CIO: "This is about increasing the throughput, agility and cost-effectiveness of IT," says Desai. "How many times should I code a credit card check? With Web services the answer
Continue reading...


Local Government and Telecommunications Services

The Supreme Court is going to hear arguments on whether States can bar local municiplaities from entering into the telecommunications business. The question is before the court because the 1996 Telecommunication Act provides that no State regulation may prohibit the ability of any entity to provide any interstate or intrastate telecommunications service. Even so a number of states, including Utah, have passed legislation that restricts local governments from providing these services. There's a lot of strong feeling on this question. I heard both sides of it while I was CIO. Private companies are scared that government will drive them
Continue reading...


Federal Court Issues Injunction Against MPUC on VoIP

A few weeks ago, I noted that Wisconsin had moves to regulate VoIP provider 8x8. The Minnesota PUC had made a similar move against Vonage. Today a federal court issued a permanent injunction against a recent ruling by the Minnesota Public Utilities Commission to regulate Voice over IP provider Vonage as a telephone company. This is a huge win for VoIP companies (at least in Minnesota) since it gives them a significant pricing advantage over traditional CLECs and ILECs. Here's why: A traditional ILEC (incumbent local exchange carrier) or CLEC (competitive local exchange carrier) has to pay numerous fees
Continue reading...


Quicksilver Wiki

I've been a huge Neal Stephenson fan since I read Crytonomicon. Since that time, I've added Snow Crash and Diamond Age to my list of books that have influenced my thinking and led me down new paths. Consequently, I was quite excited to see Quicksilver, Stephenson's newest book, at Borders last week. The book is a work of historical fiction, something of a break for Stephenson, set during the 1600's amid a period of unbelievable scientific awakening. The protagonist is Daniel Waterhouse, a friend of both Newton and Lieniz, who were hotly contesting the origins and directions of Calculus
Continue reading...


Setting Up a Serial Console on Linux

Tomorrow my new server (1U, rackmount) moves into its new home. There's still much to do, but I've been focusing on things that are easier to do while its in my machine room in my basement, like configure RAID-1 on the two 80Gb disks. The other task I wanted to get done before I installed it remotely was get the serial console working. The serial console enables start-up and configuration of the machine using a serial cable plugged into a laptop instead of having to haul a monitor and keyboard around. You have to do that at least once
Continue reading...


Joel's Bionic Office

Joel Spolsky recently moved his business, Fog Creek Software, to a new building and put a lot of thought into what the environment ought to be for developers. He came up with what he calls the Bionic Office with the help of a good architect. Joel says: Maybe I'm just an architecture queen. I probably pay more attention to my physical surroundings than the average software developer. I might take it too seriously. But there are three reasons I take it so seriously: There's a lot of evidence that the right kind of office space can improve programmer productivity,
Continue reading...


Using Identity to Fight Spam

An article in today's NY Times (free registration required) discussed the use of identity in fighting spam. It seems that companies that send out lots of legitimate email are increasingly getting caught in SPAM filters and the mail is not getting delivered. I can sympathize with that. This last month, I did not receive a prescription renewal notification from MedCo Health because their reminder was filtered out. I also nearly missed an invitation to speak (part of my livelihood) because the email seemed like SPAM, even though it was legitimate. I control my own SPAM filter, so fixing these
Continue reading...


ICANN Calls Verisign on the Carpet

Numerous people reacted with outrage over Verisign's DNS wildcard scheme. Apparently ICANN did too. Friday, Verisign announced that it will suspend the service so both sides can discuss it. From the InfoWorld story: The controversial Site Finder service unveiled on the Internet last month by VeriSign Inc. was temporarily suspended by the company late Friday after the Internet Corporation for Assigned Names and Numbers (ICANN) demanded that the feature be halted immediately due to concerns about its effects on the Internet. In an announcement late Friday afternoon, Mountain View, Calif.-based VeriSign, which oversees the main Internet database of .com
Continue reading...


Share Documents Safely

Information security has traditionally been handled at the network perimeter, its focus on defending the edge of the organization with firewalls and hardened servers. Cyber-Ark's Inter-Business Vault takes an alternative approach, storing sensitive data in digital vaults that -- by limiting data access channels and encrypting data on disk and in transit -- provide extraordinary security. A bank, for example, could use Inter-Business Vault to share lock-box, automated clearing house, and account reconcilement processing records with its commercial customers. These processes have traditionally been done using homegrown applications that integrate FTP with encryption, couriers, faxes, VPNs, and leased lines.
Continue reading...


RSS for Court Decisions

Rory Perry, Clerk of Court, Supreme Court of Appeals of West Virginia, has published an article entitled Syndication and Weblogs: Publish and Distribute Your Court Information to the Web. The document goes into some detail about how West Virginia has created RSS feeds for ÊRecent Opinions, Civil Topics, Criminal Topics, and Family Topics. He also gives resources for using RSS. The Utah courts have done a good job of putting together information resources on things like court opinions. There's even an email notification tool. So far, no RSS, but creating it from what they already have wouldn't be difficult.
Continue reading...


Pushing the Rope: How States Can Drive IT Innovation

In this month's Governing Magazine, Tom Davies' column is about the surprisingly small amount of influence states have on IT even though their total spend is roughly equivalent to the spend by the Federal government. The Feds, of course, have a huge influence. Tom writes: Since the first generation of computers, the federal government has played a critical role in shaping the evolution of the technology industry. It was the federal government that sponsored the original research and development during WWII that led to what is now the computer industry. It was the federal government that purchased the first
Continue reading...


Negroponte on Rethinking Telecommunications

As part of a larger Wired New article, Nicholas Negroponte talks about rethinking telecommunications: Telecommunications is now at a cusp, after "almost ice-age economics over the past few years," he said. But the cusp is historical, not simply economic. "This cusp is much more fundamental and intellectual and comes from looking at things in a different perspective," he said. For example, Negroponte talks about business models: Overall, the industry must totally rethink the way in which it values revenue streams, he said. Right now, telecoms still think in terms of revenue generated per user, from a single handset. Yet the
Continue reading...


Better Blog Quoting: Preserving Source Attributes

Jon has picked up on my quote blogmarklet idea and extended it so that it preserves the links and other source information in the quoted matter. That was on my list of things to do. Links are powerful tools that we're still learning to use, but citation is a more than just linking. I'm becoming deeply interested in how we can publish fragments that are easy to cite and that, when cited, carry rich context with them. Phil Windley's quote bookmarklet is an example of what can be done. If you are running Mozilla and want to see a
Continue reading...


More Interoperability Frameworks for eGovernment

If you have any interest in the enterprise architecture and standards activities of governments outside the US, like Britain's GovTalk program that I featured yesterday, here's some links to a few more interoperability frameworks: Australia's National Office for the Information Economy France's Agency for ICT in Public Administration (ATICA) Germany's Standards and Architectures for e-Government-Applications New Zealand's e-Government Interoperability Framework (NZ e-GIF) I've been giving thought to the contents of an interoperability frameworks. They are, of course, mostly about listing standards, but there are some other important parts that I put under the general category of "Guidelines:" Governance How
Continue reading...