Archive
Authentication as a Service
In partnership with Swivel Secure, the owners of PINsafe, a multifactor authentication solution inTHiNK has successfully delivered a solution to hosting PINsafe in the cloud opening the way to delivering bank grade authentication as a service at a price affordable to all.
inTHiNK has developed a fully standards based Security Token Service that sits in front of PINsafe allowing the service to engage in the exchange of SAML-based claims leveraging the core value of PINsafe’s guaranteed one-time code algorithm.
As shown in the diagram here, a trust relationship is created between a relying application, here it is an Azure hosted .NET web application, but it could exist anywhere, and the PINsafe Federation Service (the Security Token Service). On entering the application, the client is redirected to PINsafeFS where they are challenged to submit a valid username and pin through this services relationship with PINsafe itself.The client submits a user name and one time pin code and on successful validation are redirected back to the relying application with a valid SAML ticket that can be used by the relying application.
To try it out, just visit http://pinsafe.cloudapp.net and see for yourself.
Once you hit this site you will be redirected to PINsafeFS and asked for a username and pin.
- Type in the user name test and tab to the password.
- A unique TURing string will now appear.
- Type in the characters that appear at position 1,2,3 and 4 of this string into the password field.
- Submit and you will be validated by PINsafe
- Once validated, a set of claims about the user will be wrapped in a SAML token and passed back to the relying application.
- Back on the relying application, this SAML token is unpacked and the claims are accessed which include the user name.
Simple!
PINsafeFS is now in beta and available to clients to work with. The next phase will see the delivery of a full featured self-service portal to allow relying applications to manage their identities and the claims they wish to store and use for their users.
PINsafeFS is full standards based and non-invasive using WS-* protocols and SAML tokens.
Now
inTHiNK become a Microsoft BizSpark Partner
inTHiNK is delighted to become the latest Microsoft BizSpark Partner to help support the development of a new social cloud service codenamed “horizon”.
We’re delighted at this news as it will allow us access to the full range of Microsoft technologies and cloud services to ensure that “horizon” is a first class resilient cloud service from day 1!
Welcome new inTHiNKERS
It’s with great delight to announce the arrival of two new inTHiNKers to the inTHiNK Associate network.
Bola Rotibi brings over 18 years IT experience and is a world renowned and respected Industry Analyst in ALM space.
Bola joins the inTHiNK network to help define and deliver first class advisory services right across the Application Lifecycle which we are seeking to launch early in 2011.
Richard Godfrey brings over 20 years experience is software development, having built some of the most powerful .NET and Windows Azure based solutions in recent times. He is a well known and respected Software Architect heralding from many years at Microsoft and Deloitte.
Richard joins the inTHiNK network to bolster our ability to deliver architectural services and solutions designs as well as taking these forward into implementation and delivery.
For more on Bola, Richard and the rest of the inTHiNKers click here.
Testing the cloud?
One of my favourite subjects of late is how do you test your cloud?
It’s always been a challenge to get testing more involved in the development process and tooling has come along way to making this possible. But what happens when you add the cloud to the mix?
I’ve had a few chats with Danny Crone from nFocus about this in relation to Azure and was really excited to see they’ve got an event on the very subject …
The only problem is that this takes place tomorrow afternoon in Reading so I can’t make it …
http://testing-with-vs2010-in-the-azure-cloud.eventbrite.com
I only hope that there’s a repeat or that they share some of the presentations …
This sits well with the ALM Health Check Service that inTHiNK is looking to offer in the coming weeks – more on this soon!
inTHiNK! it’s official!
After 5 great years of fun at Microsoft UK it’s time for me to say so long as I move on to new things although I fully expect to remain part of the Microsoft ecosystem and still haunt the corridors of the UK Campus from time to time!
So what does a Microsoft Architect do after Microsoft? Well more architecture it seems from the business through to its people and the systems the use. There are actually three main strands to my post-Microsoft strategy that I’ll summarise below:
As you may know I’ve had a long history with IASA, especially here in the UK where I founded and have chaired the UK chapter for around 6 years now. During this time we’ve been developing a credible and sustainable education and certification program for IT architects and now, along with my colleagues at IASA, I want to bring this to Europe. We’re holding our next UK certification boards this November but the plans for IASA Europe are much bigger than just this.
inTHiNK! is the name of my new professional services practice www.inthink.co.uk. inTHiNK! will offer services from business & technology strategy, architecture practice and guidance through to cloud readiness and enablement. This will scale out through an extensive associate network of solid top-level IT professionals. Contact info@inthink.co.uk if you want to follow up.
As a brand new bizspark partner I will be seeking to exploit the value of the Azure platform delivering a new breed of SaaS enablers and business offerings to the market!
Here’s my new contact details if you wish to stay in touch
Matt Deacon
CEO, inTHiNK! Ltd
www.inthink.co.uk
mattdeacon.wordpress.com
www.twitter.com/mattdeacon
Azure Architectural Guidance Part 1 Review: Migration
I once had the chance to move over to Redmond to deliver architectural guidance for Azure with the patterns & practices group so you can imagine my interest in seeing what they managed to produce in my absence, despite it taking quite a while to get this out there.
Where to get it
Documentation: 
Source code:
The Review
As a piece of “Achitectural” guidance I am to be convinced that this delivers on its promise. In what states to be the first in a series it, rather oddly, decides to focus on “Migration” as the first topic. Personally, I was expecting more of a architectural review of the platform itself taking into account architectural considerations of reliability, scalability, redundancy and security and the like. These, instead, are confined to a rather light-weight platform overview, that raises more questions than it answers, including several inaccuracies, that reads more like marketing literature than offering technical insight. This may be because it is assumed that the “what is Azure?” discussion has already been done to death, but I don’t agree. No one has really addressed the architectural considerations of the platform, providing a thorough explanation of how features have been implemented and on what their limitations are. Certainly, nothing exists, to the level required by architects facing real business and technical opposition to cloud adoption. This, in my opinion is a missed opportunity and something that is still required.
That said, this is couched as being “guidance” and therefore the fact that it seeks to investigate the process of “migration” should not make it any the less useful. However, in this regard too, it fails to really deliver what, in my opinion the architect requires. Rather than considering a wider range of ‘adoption’ scenarios, it chooses instead, a simple, straight forward migration scenario in the context of an enterprise that has no concerns over use of cloud services. The real issues architects face in convincing others of the value of cloud, and even in convincing themselves in order to champion the opportunity is therefore avoided. A broader look at migration approaches and patterns and how these apply in the context of Azure I think would have provided more value to the architect.
However, it is important to note that the guidance is not completely devoid of any architectural value and the “How much will it cost?” section is a pretty useful evaluation approach to considering the cost impact of design decisions. It also does a reasonable job at introducing the subject of lifecycle management, although this is rather over simplified, it is still useful in highlighting the requirement. But it is on the developer side where the guidance starts excel, providing hundreds of developer gems hidden through out the document, such as the effect of partition keys on table query performance and in identifying the differences between development and windows azure table storage, referencing a useful MSDN article on the subject. In valuable stuff, but hidden from view.
In fact, it is pretty clear why the scenario was chosen, this is not really about providing architectural guidance, but in providing a context for explaining how to implement claims-based identity on Azure. As a technical resource for providing practical developer guidance on implementing a Claims-Based Identity and Access Control using Active Directory with an Azure application, this guidance actually scores pretty high. This type of guidance is simply not available else where. The problem and shame is that all this architectural veneer, hides the fact that this delivers genuine and much needed technical value and further, that no one who needs it will actually find it.
All in all, this is a valuable and well written resource, but my concern is it’s misdirected and that it’s value wont be fully recognised unless the right audience find it and in its current format, this audience would find it hard to get past the first pages to find all the goodness inside. The need here is to liberate the value and consider re-delivery as a straightforward, honest, simple to follow, developer how to guide. In the mean time, if you want to try and implement claims-based identity on Azure than I’d recommend skipping straight to Phase 1: Getting to the Cloud or even straight to the source on codeplex.
The Verdict
Rating (as Architectural Guidance): 5 out of 10. There are gems, but they’re hidden.
Rating (as Developer “How to”): 7 out of 10. If reformatted as a developer guide I’d put it nearer a 9!
The Economics of Cloud Integration
I met up with an integration partner the other day and we talked about how cloud could impact their business. He talked about the typical integration project and that it was quite an investment for the customer.
- Phase 1: Partner builds out integration solution
- Phase 2: Initiates technical training for customer IT staff
- Phase 3: Handover management of integration solution
- Phase 4: Work on joint second wave project
- Phase 5: Full handover to customer.
In talking about cloud he suggested that it wouldn’t make sense when dealing with a simple EAI scenario of integrating two in-house systems. Why would you consider going outside the firewall to achieve this integration? The partner thought not, but I’m not so sure and suggested that if I offered to run the service for say a few £100 a month with strong guarantees I think the customer would have to think about it seriously. This is after all what the AppFabric in Azure is all about! At the time my mind was simply focused on the operational savings, but in going back to the phased delivery model above, there were also skilling and software licensing costs that needed to be factored into the equation.
So let’s imagine the cost of this simple EAI project from a traditional integration project and a cloud service perspective.
| Traditional integration | Cloud Service | ||
| Initial Development Project | £45,000 | Initial Development Project (50% up front remainder deferred over 5 years) | £22,500 |
| Training (x 3 people) | £15,000 | £0 | |
| Assisted Development Project | £25,000 | 50% up front with remained deferred over 5 years | £12,500 |
| Software costs | £25,000 | £0 | |
| Support & Maintenance/year (10%) | £7,000 | Development cost recovery (divided 5 years) Support & Maintenance/year (10%) Hosting support (10%) |
£7,000 + £7,000 + £7,000 |
| Internal operations expenditure (FTE @ 50%) | £30,000 | £0 | |
| Total Cost over 5 years | £320,000 | £140,000 |
In this scenario the customer saves around 60% costs over 5 years – why wouldn’t the customer be interested? Also, the partner earns an additional £35k over the 5 years too, plus they still retain a close relationship and ongoing revenue.
Ok, so the model is overly simplified and probably missing a 1,001 things but offers an indication of a more balanced economic and innovation based model that aligns much better to the customer’s needs than the old model of software delivery and maintenance. Besides the obvious savings what is far more powerful is the effect this has on cashflow over time …
Not only are the initial cost reduced and spread over the 5 years, but so too are the ongoing maintenance/management costs.
Matt Deacon's All New Digestive Blog 