I wrote this a few years ago, just months after moving to the U.S. I was in San Diego at that time, at the 49th IETF meeting. One afternoon, I had some time, so I decided to drive to the U.S.-Mexican border. It was quite an experience, and quickly afterwards I sat down in a small outdoor cafe to write down some thoughts that I had back then. I just found this piece when cleaning up my home directory.

Sadly, the House Commitee on Energy & Commerce decided to strike down the provisions in a draft bill that would have allowed the FCC to stop ISPs and telco from extorting customers and web service providers. The arguments of the ISPs are hypocritical: the lack of such provision will allow them to stifle innovation, effectively shut down or limit competition (like e.g. Vonage VoIP service, or the next generation of media delivery).

I sincerely hope that other commitees of the House and maybe other parts of Congress in general will handle this ciritical situation with a better understanding of the technological and commercial ramifications. I also hope that Rep. Markey will not bow down to this defeat, but instead fight for his very sensible provisions elsewhere.

It is interesting to see what Microsoft has done with Windows Mobile so far, and where they plan on going. This presentation give a good overview and also a fairly good lookout on what is coming and when.

Some highlights:

• Windows Mobile 5.0 - released
• MSMQ support
• SQL Server 2005 mobile
• .NET 2.0 compact
  
• 'Crossbow' Release in late 2006, to hit the market by mid-2007
• 'Photon' Release in late 2007, to hit the market by mid-2008
• New kernel
  

It seems that they are now switching to releasing a new version of the mobile OS every year or so.

Interestingly enough, they seem to have cut the roadmap slides in the above version (or am I missing something?), but you can still see the full slide deck using Google's cache.

If you are at all interested in non-SOAPy web services, you might want to take a close  look at WADL, the Web Application (!) Description Language. It is an XML based language that can be used to describe general HTTP-based service APIs that can not be described reasonably in other meta-description frameworks, such as WSDL.

Ultimately, this technology will allow web service providers (such as Amazon, Ebay, Google, Yahoo!) to focus on providing their respective services, and not on creating new APIs in a variety of languages to use these services.

Aside from everything else happening around me, I had 'one of those days' yesterday:

It actually started pretty good. I finally got my acto together and moved my 19" rack from my garage to work, to get better use out of it. Fortunately Marc H. was able to help me, since this thing is really heavy (and would never fit into my little crappy car). Everything worked great, and in less than two hours the rack was happily humming in my lab. We went to lunch.

Now, after lunch I want to move my old server (mail, file & print, CVS, etc.) into the rack. Fair enough, not a big one: everything in the rack connected, I start the system, BIOS and POST come up, the OS is starting to boot happily ... 3 ... 2 ... 1 ... BLACK. No more restarts - the system is DEAD.

A few sweat drops later, I see that the fuse in the power supply blew. Well, not a problem: it is a six year old system and after a little scavenging in old PC rubble, I find a compatible 6.3A fuse, replace it, put the system back together: it works! Great, back into the rack, power on, BIOS comes up ... 3 ... 2 ... 1 ... BANG, smoke coming out of my server .... argh!

The adrenalin level is quite high now, and I decide that a smoking power supply will be a little too hard to fix. CompUSA is your friend, and a few 45 minutes later I am back with a brand new 500W power supply. Finally. Well, the old one was over 6 years old anyways, no surprise. Into the rack, power on ... 3 ... 2 ... 1 ... BANG ..BANG.... (dead silence).

Something is definitively fishy here, right? Have I just lost my marbles or what is going on?

Well, something is strange, but this time it was not me: The Compaq (now Hewlett Packard) PDU (Power Distribution Unit) is a 127V 30A monster, which comes with a fat power cord and a huge three prong plug. In the past it fit happily into a 125V, 30A outlet. The outlet in my lab, which fits the plug really well, is a 250V outlet.

It seems to me that either (i) the electricians of the building have made a fatal mistake, (ii) the Compaq (now HP) engineer designing the PDU was smoking something terribly unhealthy or (iii) the electrical code is inconsistent. Either one of the three possibilities is not quite reassuring ...

Here is my presentation from yesterday's panel discussion at the Network Security 2006 conference (many thanks to Hubert and Eve, which have essentially provided the largest part of this).

Network Security - SAMLv20.pdf (103.81 KB)

After an interesting panel discussion yesterday at the Network Security 2006Conference, I started to think about security protocols in general again. One comment from a gentleman in the audience struck me in particular: PKI (and other authentication systems) are hard to setup and control, because every time you create a new authentication service you have to fill in all kind of attributes for the user at hand, e.g. name, employee id, group membership etc.

As we all know, directories are great, but they are not exactly capable of solving this problem. Instead, this problem could be solved by separating authentication and autorization data, keeping the authZ data in a common format [1]. SAML (in particular attribute statements) might be a good solution for the authZ data format, since it is well undestood, extensible and has good privacy features. But obviously, there might be other good, open authZ languages, as well.

If the authentication mechanism are now capable of carrying the authZ data (such as the in the SAML TLS proposal, or in GSS-SAML), then a few requirements of a good authorization model are fullfilled:

1. The authorization data is described by an open language.
   
2. The authorization language is stable across different authentication mechanisms.
3. It can be carried directly within the framework of the authentication protocol, - or -
   it can be left on the authorization server an only be referrenced.
   
4. It provides at least for pseudonymity, if properly properly profiled also for anonymous authorization.
   

[1] I am assuming here that a bag of attributes is sufficient to enable authZ decisions.

On May 17, 2006 at 9:30pm Paul, Santiago and I will host a BOF on "Project FIFI - Bridging the Interoperability Chasm". FIFI (Fast Infoset For Indigo) is a prototype project that aims at bringing the Fast Infoset ITU-T/ISO standard to the .NET 2.0 platform and furthermore integrating it with the upcoming Windows Communication Framework (WCF - aka Indigo).

BOF 2535: Project FIFI - Bridging the Interoperability Chasm
Track: Web Tier
Room: Hall E 135
Date: 17-MAY-06
Start Time: 21:30

Stay tuned for more.

Fresh from Washington state: Indigo to support POX in TextEncoder

Combine this with Marc Hadley's adventures with REST in JAX-WS, and you might actually get something interoperable ..

This will make the SunRay slim clients more useful: You can attach all kinds of USB mass storage devices to the SunRay USB ports. E.g., if you have your USB key chain drive, you can connect it and it will be automounted in

$DTDEVROOT/mnt

which resolves by default to

/tmp/SUNWut/(username)/mnt

CDs, DVDs and the like are not yet fully supported, but they might work.

To administer your drives and allow for graceful removal, use the /opt/SUNWut/bin/utdiskadm command.

It kinda seems obvious, but you will loose access to the drive if you hotdesk (i.e. switch from one terminal to the other).

This feature is available since the SSRS 3.0 release.

I'll be speaking at Network Security 2006 in Washington, D.C. The session is a panel discussion on 'User Authentication Technologies', moderated by Radia Perlman.

I will be spaking on SAML, Liberty and some new developements in that area, with a particular focus on using SAML in new ways for network security. This will include using SAML for TLS, Kerberos and more genrally within the GSS-API.

Today, Sun opens their Enterprise tools to the NetBeans community. This is really good news for Java developers, since they now get a truly modular, extensible, easy-to-use and easy-to-install IDE, that features:

• UML modelers (both ways)
  
• XML tools
• SOAP orchestration
  

This is obviously in addtition to the Matisse UI builder, the profiler, the J2ME development tools etc. Also, the NetBeans platform is now also being used for non-development applications (see e.g. the Stocktrader application).

The blog on my home system was last night not reachable, since my cable modem decided to refuse service. I hope this is fixed and service will be reliable, once more.

Hmm - unfortunately, dasBlog is not very friendly to JRoller when talking MetaWeblog. It seems that I have to stick to Blogger ... sigh!

Here is a screenshot of Vista on a Sun Ultra 40 AMD workstation. I forgot to post it earlier, my apologies.

Note that the video board is fully supported without any additional drivers. Only the audio board does not work out of the box.

Through Tim's ongoing: Check out this post on WS-SopranosDesperateHousewivesKwisatchHaderach ...

In an earlier article, I showed how to make a system dual-boot Windows Vista and Debian Linux through GRUB. This was fairly straightforward, even with the new boot loader (BCD) that ships with the latest Vista builds. All of that happened in a reasonably simple environment - I used Microsoft Virtual PC 2004 SP1 to run Vista build 5342 and Debian.

This time, things are bound to get a little bit more interesting: I am installing Vista build 5342 on a Sun Ultra 40 AMD workstation. The other OS is - obviously - Solaris 10 01/06 (Update 1).

The overall procedure is very similar to what I have described before:

1. Install Windows Vista

2. Install Solaris and edit /boot/grub/menu.lst as described here.

STOP: Solaris is not quite as smart about the boot loaders as GRUB and does some strange things to the MBR - OR - Vista x64 has a different behavior about writing its boot records. At this point, I could start Solaris by default. Vista did NOT boot for me - it was complaining about \Windows\System32\Winload.exe missing.

As such, I ran the System Recovery option from the Vista boot DVD, which reinstalled the Vista boot loaders. To be sure, I ran the bootsect.exe with switch /nt60 on the SYS volume.

For the restore options it is very important that you decline to have the boot problems fixed automatically .Just say "No" and click "Next" and you will be taken to a menu where you can get a full Windows shell - this is MUCH better than the recovery console.

3. Reboot into the Windows shell on the Vista Install DVD.

4. bcdedit /set {default} device partition=c:

5. bcdedit /set {default} osdevice partition=c:

6. Run d:\boot\bootsect /nt60 c:

You should be all set.

If you screw up GRUB

Now back into booting Solaris by throwing the Solaris install DVD into the drive, going to the command prompt of grub and specifying

	root (hd0,1,a)
        kernel /platform/i86pc/multiboot
        module /platform/i86pc/boot_archive

Great. Solaris boots. Now run installgrub(1M) with the following arguments:

installgrub /boot/grub/stage1 -m /boot/grub/stage2 /dev/rdsk/(this is the char device for your root slice)

NOTE: After you re-install GRUB, you will need to go back to the Vista Recovery console.

Here is a help page from Microsoft on BCDEDIT.EXE. Note that you must run COMMAND.EXE as administrator, otherwise BCDEDIT.EXE is not in your search path and will not execute.

Here is a discussion on how to use BCDEDIT in some more situations.

Here is a nice article on Windows PE 2.0 and its relation to Vista.
 

Erwin Tenhumberg made some remarks on his blog that I would like to comment.

Microsoft trying to support their legacy products with an open standard is not an oxymoron. It would certainly be a lofty goal and would find my full support.

The problem that they are facing however, is that this goal is not only lofty, but extremely hard to achieve within a reasonable time frame. The old MS Office file formats are not trivial and they support OLE objects. To come up with a truely open format to support this and many other features, some of which haev been created by their 3rd party ISV's, is very hard.

If you consider now the time and market pressure, Microsoft was in need of choosing between a truely open format and a somewhat documented proprietary format. They chose the later for business reasons (I guess). One issue with a truely open format would have been the problem that public stewartship of the protocol would have further delayed either Office 12 or the implementation of that format in Office 12.

The fact that they are now trying to sell the 'OpenXML' format as open is somewhat dubious. Even worse is the proposed ECMA seal-of-approval for a subset of the output of Office 12 [1] and its submission to ISO/ITU-T for consideration as an international standard. 'Open' means much more that RAND - see e.g. the Minnesota house draft.

[1] The OpenXML specification does not include the full specifications for OPC. While straightforward (I am tempted to say 'copied from Star/OpenOffice' ...), Microsoft could potentially stall, delay and/or deter implementations for OPC through legal means. Office 12 creates OpenXML documents that are contained in OPC files. See here for some more discussions on this.

Once more, I am trying if dasBlog and JRoller are finaly cooperating. This is the first entry to be cross posted. Let's see if this works. Since I am using dasBlog as my Main blog, here are the settings for crossposting to http://blogs.sun.com/roller/page/beuchelt:

Profile Name
Host Name		Port
Username		(set)
Password		Repeat
Endpoint		API Type	Blogger