Marc recently published a short tutorial on how to use Apache Abdera with Apache Abdera with our reference implementation of JAX-RS, Jersey. His code is server side, i.e. it explains using Jersey and Abdera for creating RESTful web services with Atom payload^[1]. In this article I will give an example on how the Jersey client API can be used to consume such a service with realitve ease.

It is hopefully known that Jersey contains a very simple, yet effective HTTP client API. Core to it is the heavy use of the builder pattern for creating and configuring requests. For our example, I start with creating the client:

  Client c = Client.create();

  WebResource r = c.resource(new URI(someLocation));

We can now get the InputStream from the WebResource to read the Atom feed into an Abdera Feed:

  InputStream is = (InputStream) r.get(InputStream.class);

  Document<Feed> doc = Abdera.getNewParser().parse(is);
  Feed feed = doc.getRoot();

  for (Entry entry : feed.getEntries()) {

      doSomething(entry);

  }

Now let's say we want to post an entry to the resource in Marc's article. In this case we would also have to use his AbderaSupport class, which implementes the proper MessageBodyReader and MessageBodyWriter interfaces for the Abdera objects. On the server side providing these interfaces is enough, but on the client side we need to configure the Jersey client. The following code helps doing this:

  public static class AbderaClientConfig extends DefaultClientConfig {

      @Override

      public Set<Class<?>> getProviderClasses() {

          Set<Class<?>> classes = new HashSet<Class<?>>();
          classes.add(AbderaSupport.class);
          return classes;
      }
  }

Thus completing our sample app: 

  ClientConfig cf = new AbderaClientConfig();

  Client c = Client.create(cf);

  WebResource r = c.resource(new URI(someLocation));
  
  Entry entry = AbderaSupport.getAbdera().newEntry(); 
  entry.setTitle(...); 
  entry.setContent(...);          
            
  ClientResponse cr = r.type(MediaType.APPLICATION_XML).put(ClientResponse.class, entry);  

Done.

tags: Jersey Apache Abdera Atom JAX-RS

[1] Tim pointed out that this style should properly called "AtomPub", and not APP, AtomPub/Sub or similar.

This week's VRM Workshop at the Berkman Center in Cambridge, MA was quite interesting. It helped me quite a bit to sort out how Identity Management and VRM intersect, but also differ in some respect. To put it in a nutshell, I believe that the biggest difference between the two is that they are essentially two different ways of looking at the same problem. "Traditional" identity management has been focusing largely on the varies subjects (and objects), their characterization, and how they can be mapped to digital artifacts. VRM seems to be taking a more procedural approach by focusing more on the processes and interactions of these subjects, objects, and digital artifacts. In this sense, VRM and identity management are very much complimentary.

You can find more information about Doc Searls ideas about VRM on the Berkman wiki and on his blog.

vrm2008

OpenSocial and Liberty People Services are really tackling the same problem - only from two opposing sites. While the LAP PS has established a solid foundation for secure identity management, OpenSocial has started out to define an API for allowing social networking (but also other) software from different source to be run in one (or more than one) container. Ideally, these container abstract away the underlying platform and thus enable application portability. This becomes quite useful, since facebook, MySpace, Orkut, etc. have extremely similar types of applications (friends/relationships, photo sharing, contact management, and many more). Having these applications being portable across different allows application developers to focus more on added functionality and less on platform plumbing.

Liberty - on the other hand - has created the necessary infrastructure to enable individuals to set preferences and share information about themselves with other in a secure and privacy preserving way. The protocols used in ID-WSF and people service (and not APIs) can enable containers to communicate with others based on user's policies and requests.

libertyalliance opensocial

The current economic situation is not exactly ideal: amongst many significant issues, one of the most concrete and pressing problems of today is the highly volatile energy market. Many current problem in the world (such as clean water, food, housing) could be solved almost completely, given that there is sufficient energy at hand[1].

Electric energy generation has seen a variety of approaches: some of them are quite childish, while others lack in public acceptance. Ultimately, only a sound mix of nuclear fusion and a select number of reasonable renewables such as solar or geothermal energy source (were available) will make sense.

However, electricity is not particularly easy to store, making it by far less attractive for any type of transport, especially individual transport. No technology that has been available so far has created a reasonable alternative to fossil hydrocarbon fuels: they have a sufficient energy density, are easy to handle, and the technology is very well understood. Alternatives such as canola-based diesel or ethanol-enriched gasoline are mostly carbon-ineffective ways of wasting money and alimenting lobbies.

Now, a new genetics based approach is making the rounds in various news outlets: LS9 is a South San Francisco company that succeeded in creating microorganisms that can produce hydrocarbons from renewable sugar sources. In other words, it will soon be possible to replace the back-yard compost heap with a small LS9 reactor that produces gasoline instead of dirt.

It will be interesting to see, if this technology can actually scale to a level where a large (and energy hungry) economy such as the U.S., China, or the E.U. can rely on this renewable fuel for a significant portion of their needs. But even if this approach is not fit for mass energy production, it still guarantees the available of hydrocarbon based products (i.e. plastics) in the post-fossil age.

[1] Obviously, in today's world there is also in many cases a lack of political will, but that is - at least to some extend - again a result of scarce energy.

To day, I would like to take a peek at a technology that has been living in the shadows for some time. While HDTV and digital broadcast over-the-air have been getting some attention lately (especially with the January 17, 2009 deadline looming), digital radio broadcast have not been getting any significant media attention in the U.S.A.
One of the reasons for the lack of attention might be that the digital radio standard chosen by the FCC has been met with some serious criticism. The two arguments that are most profound here in my mind are sound quality and proprietariness.
Nevertheless, since I am listening to a lot of radio during the day, I have decided to give this broadcast system a try. For receiving, I chose the Sony XDR-F1HD component tuner that allows most easy integration with a standard stereo system. Connections are made simply through RCA style component wires. The system comes with an AM and FM antenna cable, but standard connection (e.g. to you home TV antenna) are available. The unit is very simple to configure and has - in addition to the radio program information - a large clock. The display is illuminated.
Reception of FM HD radio stations is - overall - pretty good, even under adverse conditions. My antenna is setup inside the Sun office, which is a steel reenforced concrete building with excellent radio shielding qualities (sigh!). In addition, the indoor antenna cable is close to two CRT monitors and a variety of transformers. Most strong stations (such as WGBH) are readily avilable with little or no reception problems. However, AM reception is rather spotty and so far I have only been able to receive WBZ when holding the antenna at 83 degrees North-North-West about 3'7" above my desk.
The sound quality is most of the times acceptable. The radio signal codec is a proprietary version of the AAC encoding, encoded at 36 kbit/sec. This is far from being CD quality, but it does remove the noise floor of the FM signal to a large extend.
Overall, I would probably recommend this setup, as long as the broadcasting community is dedicated to continue using this sytem.

During TechEd 2008, I participated in a Panel discussion on Web Services Interoperability. Microsoft just put up the tape on their TechNet Library site. They also have a WMV video feed, and a MP3 audio-only feed.

In my earlier article today I pointed out a rather significant security blunder in Germany, where a number of municipal IT departments failed to secure their systems. This lead  to exposure of at least 500,000 personal data records to the internet - so far I have not heard that any affected person was informed about their involuntary expose to identity thieves.

In this context it seems a little untimely to publicly announce a new electronic signature program that will start in 2012.Under this program, anyone claiming any benefits from any public source (unemployment, social security, etc.) will be required to use a smart card with a personal key. In addition, employer will have to submit all salary and compensation information to a federal, centralized database that will be fully accessible to all participating government agencies on the federal, state, and local level. Contained in this database are obviously all employer records, but - in all likelihood - also all data records of current or past applications for government benefits. Employees are expected to pay for these new services themselves, with private sector  financial institutions or government agencies playing the role of the trust broker.

This program is sold to the public in two ways: on the one hand, it is supposed to save the employers and the government agencies a lot of money by streamlining reporting and decision making processes. On the other hand, in its centralized form it is expected to help limit welfare fraud, which is quite common in Germany. 

In and by itself, such a database seems harmless enough: it has some tangebile benefits, including significant savings for the private and public sector. However, this effort does not stand by itself. Over the past couple of years, privacy from prying government eyes has been under the most severe attack immaginable: A comprehensive tax ID that is coma

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus München), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.

[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus München), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.

[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.

Starting today, I will try to review some of the more interesting gadgets that I have been playing with. The first installment will be on the Windows Mobile phone that I won last week at TechEd. After attending a Mobile Security session, I won this phone for knowing the original code name for the first Windows Smartphone (that was "Stinger"). The phone is a SAMSUNG Blackjack II with AT&T branding.

The list of features is good:

• Windows Mobile 6.0

• Tri-Band UMTS (3G) and Quad-Band GSM

• 128 MB RAM and µ-SD port (up to 4GB)

• GPS

• Thin (0.4") and light-weight

• 2.0 MPixel camera

In general, the device is easy to handle. It has a jog wheel that feels a little flimsy, but it works ok (so far). The keys are a little small for my clumsy fingers, but that way the phone does not get too big, so it is a good compromise. While the above feature list ist good, there are a few things that are sorely missing:

• No WiFi - this is probably the biggest shortcomming on this device.

• Proprietary connector - now standard USB, no standard headphone jack, no antenna extension - just proprietary connectors. This was acceptable in 2000, but I am no longer willing to tolerate this in 2008.

UMTS/3G internet services are quite good, at least in most places North of Boston. As such, most web sites suited for mobile browsers display quickly and efficiently in IE mobile.

The advertised add-on software (mobile TV, Navigator, etc.) is rather disappointing: some of it works all-right, but pretty much all of the applications are only short-term trials. This is highly annoying, especially since there is no easy way to remove the various links to these app from the Start menu.

Overall, I am quite happy with this new toy (especially at the price), allthough I would probably not have extended my contract for two years and paid USD 99 for it.

Just back from Orlando, here are some takeaways from this year's TechEd 2008 for IT-pros:

• Interoperability with SOAP based web services is progressing: I was part of a panel on interoperability, moderated by Chris Haddad. It was a fairly diverse panel, with speakers from Microsoft, WSO2, Tibco, and Sun. While there was general agreement on the usefulness of the more basic WS-* specifications like WS-Security, opinions differed on where the future lies and how it can be achieved. In my opinion, the relatively high fidelity of interoperability within the WS-SX family of specifications is a direct result of the proper standardization process at OASIS that these specs were subjected to, comparable to that of ebXML or SAML 2.0. Thus, it is my expectation that the WS-RX and WS-TX protocol families will eventually yield similarly good interoperability.
• For the "Demo that almost made it (TM)", we made some serious progress: After talking to Greg Leake of Microsoft and Jonathan Marsh of WSO2, I am quite optimistinc that we can get easily inject a Metro based STS and/or OpenSSO with WS-Trust and CardSpace support into the StockTrader sample application to allow authentication through a SAML token. At the same time, I think that this demo application in particular lends itself quite nicely to showcase the strength of the Liberty framework for web services: you have a web application that needs to interact with the Business Services and the Order Processing Service. Identity has to be preserved across these different tiers, yet privacy protection would be highly desirable.
  
• It was very interesting to see that Microsoft is continuing on the path of interoperability in the systems management area. Three years after we demonstrated MOM 2005 managing and monitoring a Sun v40z with Solaris, Microsofts System Center beta features an open source Solaris management adapter. An interesting question is where this code will be hosted ...