Twilog

[Twitter]今日のつぶやき ff.im/bE8Nj #

#pdc09 会場到着。先頭の席を確保。 #

#pdc09 ウルトラ７だ #

#pdc09 ネットが重い #

#pdc09 windows error reporter #

#pdc09 user account control #

#pdc09 windows 7マシンくれるらしい。ホント? #

#pdc09 HTML5 JavaScript #

#pdc09 internet explore 9 #

#pdc09 ie9は性能でff3.6, chrome4 webkit nightyにちょっと負けてるけどいいところまで来ている。Acid3 #

#pdc09 silverright #

#pdc09 visial studio 2010 #

#pdc09 data annotationいい #

#pdc09 sliverlightをsandboxの制限を外してそのままデスクトップアプリ化できるのか。 #

#pdc09 snapflowのデモもデスクトップアプリと遜色のない機能、スピードだった。silverlight面白いかも。 #

#pdc09 office and sharepoint 2010 #

#pdc09 『Development Best Practices and Patterns for Using SQL Azure Databases』 #

#pdc09 Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to backend SQL #

#pdc09 Scalability an dAvailability: Fabric, Failover, Replication, and Load balancing #

#pdc09 LB - load balancer forwardds 'sticky' sessions to TDS protocol tier #

#pdc09 applications use standard SQL client libraries: ODBC, ADO.Net, PHP, ... #

#pdc09 geo-location (has a unique DNS name)
A zone fo radoministration policy
A point of billing and reoiring aggregation #

#pdc09 <- Each SQL Azure server provides #

#pdc09 Where should I create my server?
Best practice: co-locate server with Windows Azure app role (if using) to reduce latency #

#pdc09 When should I create a new server?

• Trade off between geo/admin/billing #

  #pdc09 Server Management

• through the portal
• through the master database #

  #pdc09 Server: Network Access control

• each server defines a set of firewall rules #

  #pdc09 -controlled using

  • TSQL API against Master DB
  • Portal** #

    #pdc09 Security: AUTHN and AUTHZ

• SQL Azure uses SQL authentication (UID/PWD) #

  #pdc09 Authorization model fully compatible with SQL #

  #pdc09 authorizationをAUTHZ、authenticationをAUTHNと略すのか。 #

  #pdc09 Billing and Reporting

• sys.bandwidth_usage: usage in KB
• sys.database_usage: instance count by SKU #

  #pdc09 SQL Azure connection strings follow normal SQL syntax - except for an unusual username format #

  #pdc09 format of username for authentication: ADO.NETとODBCで違う。 #

  #pdc09 applications connect directly to a database

• "Inital Catalog = <db>" in connection string #

  #pdc09 ADO.NET Data Source=server.database.windows.net;

User ID=user@server;Password=password;... #

#pdc09 ODBC:
Driver={SQL Server Native Client 10.0};
Server=server.database.windows.net;
Uid=user@server;Pwd=password;... #

#pdc09 connections may dro due to: network connectivity blips, idle or long running transactions, throttling, database filover actiivty #

#pdc09 DOS protection may deny connectivity #

#pdc09 application design topics #

#pdc09 most-applicable sql best practices

• connection poling
• query parameterization
• batching #

  #pdc09 when pooling, use connection an dreturn immediately.

Do not hold for a long time - pool enusre fast turnaround one second use. #

#pdc09 first step: reconnect immediately #

#pdc09 tracing helper pattern #

#pdc09 batching: push logic to Server
parameterized queries #

#pdc09 declare parameter lengths! #

#pdc09 divide your data into smaller chunks
using shorter transactions
<- maximize elasticity benefits #

#pdc09 sql azure support standdard sql data import and export patterns #

#pdc09 use bulk loading pattern where possible

• BCP
• SSIS
• Bulk APIs #

  #pdc09 load blobs to azure, BCP from Azure worker, Reduced latency -> improved throughput. バルクアップロードする時のtipsみたい。 #

  #pdc09 connectivity, tracing and support, batching, pooling and parameterization. bcp (in, out) #

  #pdc09 'M'のランチセッションに来てみた。 #

  #pdc09 visial studioを使ったライブ。 #

  ＃ｐｄｃ０９ MでBNFを定義しているなう。 #

  #pdc09 token HashTag, token User, token AlphaNumberの定義中。 #

  #pdc09 セッション名『Microsoft Project Code Name “M”: The Data and Modeling Language』Don Box, Jeff Pinkston #

  #pdc09 don boxがしゃべりまくって、助手が横でライブコーディング。面白い。 #

  #pdc09 tweetをパースする言語みたい。 #

  #pdc09 シンタックスを定義すると、リアルタイムでパース結果がウィンドウに出てくる。 #

  #pdc09 languages are declarative functions from text to some value #

  #pdc09 "M" has a set of "intrinsic" data types #

  #pdc09 users can define constraint-based structurral types that match a set of values for a given intrinsic type #

  #pdc09 ライブコーディング再開 #

  #pdc09 M modules can be compiled and run in SQL server #

  #pdc09 'M'はデータベース・スキーマも定義できる。ライブプログラミング中。 #

  #pdc09 データベースのスキーマとデータの両方をMで定義してから、データベースを自動生成。 #

  #pdc09 検索はLINQなのかなー #

  #pdc09 "m" being extended to support edm - inheritance, associations, declarative mapping #

  #pdc09 pdc09 bits contain an early preview #

  #pdc09 varとdynamicは便利そうだ。C# #

  #pdc09 データベースの内容をASPに埋め込むライブコーディング中。 #

  #pdc09 msdn.com/data #

  電源確保できた。らっきい #

  #pdc09 次は『The 'M'-Based System.Identity Model for Accessing Directory Services』 #

  #pdc09 朝のセッションのSQL Azureの話は、多分SQLエンジンはSQL Serverと同じなので、最適化には同じテクニックが使える、ということだったと思う。 #

  #pdc09 ただし、SQL Serverをクラス構成にしてSQL Azureにしている(と思われる)ので、パーティショニングを意識するとよい、点が追加のTipsというところかな。タイムアウト時間の制約なども加わるか。 #

  #pdc09 vesion of a Federated Directory

evolving Active Directory #

#pdc09 Introducing "System.Identity" the model
Introducing "System.Identity" the API #

#pdc09 we need a directory metasystem that works holistically in the cloud, in enterprises and organizations, and on devices. #

#pdc09 shared architecture, data model and semantics, protocols publication paradigm #

#pdc09 policy framework for configuration #

#pdc09 simple apis integrated with developer platforms #

#pdc09 constraiont
cloudとon-premiseで開発経験を共通化
end-user experience
directory must be insulated from its success
(ex. Active Directory) #

#pdc09 The directory shouldn't need to trust the application* #

#pdc09 new demands on the directory
relationships and multiple identifieers
cross directory federation and virtual teams #

#pdc09
partitioning (data & worklaod)
extensible without disruption
Support RSS, REST, WS*, .NET, Win32, ... #

#pdc09
Simplify common tasks
Complex query, polyarchy
Use ubiquitous tooling #

#pdc09 directory serviceのfederationが業務アプリケーション構築の上でとても重要な技術になると予想される。ということでこのセッションを選んでみた。目的どおりだったのでちょっと安心。'M'の実例という面でも興味がある。 #

#pdc09 Directory federation service will "clamp on" to existing Active Directory, much like ADFS does tody #

#pdc09 Leverages repository patterns hosted on top of SQL server and Cloud DB #

#pdc09 software service, group, organization, device, peopleをpartyとｈして抽象化 - System.Identity Schema #

#pdc09 everything is 'kind' #

#pdc09 Party and Extend
Parties ExtentとPersonas Extendの例 #

#pdc09 Parties ExtentとPartiesPersonsRelationpExtentの例 #

#pdc09 PartiesExtentとIdentityKeysExtentの例 #

#pdc09 Partiesが代表となるParty、Partyインスタンスの元となる物理的なIDをIdentityKeysExtentで管理。1つのParty IDに複数のIDがKindをユニークに関連付けられる。 #

#pdc09 ProcessRole, party-To-Party Relationships #

#pdc09 principals, identity keys and party-to-party-relationships #

#pdc09 reduce data redundancy through a normalized representation #

#pdc09 factored to cleanly separate the information associated with different applications while allowing shareing #

#pdc09 separation between the conceptual / logical shcema and the physical shcema / implementation #

#pdc09 extensible "Kinds" system that allows developer s to add new functionality *** #

#pdc09 SystemIdentity API -> TDS -> NextGen AD & SD #

#pdc09 旧：LDAP API -> LDAP -> AD/(X.500) #

#pdc09 (X.500)から(System.Identity)にローディング #

#pdc09 (X.500)と(System.Identity)のsync/repliation #

#pdc api principles

• high level .NET API which exposes the logical schema entities and relationships to developer through LINQ #

  #pdc09 LINQで論理と物理を分ける #

  #pdc09 Extending the directory

kinds and kind relationships
party to party relationships
partyAttributes & PartyMedia
private Extends #

#pdc09 summary
A logical schema for "directory" information #

#pdc09
Accessed through an API which exposes the "logical model " via LINQ to developers #

#pdc0 『Enabling Single Sign On to Windows Azure Applications』開始 #

#pdc09 Federated Identity: Enterprise SSO to Windows Azure #

#pdc09 active directory federation service #

#pdc09 externalizing authentication #

#pdc09 present claims - establish session #

#pdc09 Windows Identity Foundation (WIF) #

#pdc09 handles federation protocols

• extensible set of Security Token formats (U/P, X.509, SAML, ...)
• WS-Federation and WS-Trus #

  #pdc09 - Federation metadata(?) #

  #pdc09 next generation AD security token service #

  #pdc09 saml 2.0 protocol #

  #pdc09 Rule-based claims transformation engine

• Inbound and outbound transformation, request authorization #

  #pdc09

• AD LDS + SQL attribute stores, custom store extensibility
• Identity Delegation with ActAs #

  #pdc09 Intranet and Extranet capable with smart proxy service #

  #pdc09 cookie-mode and session-mode

"cache to wire" or "cache to storage" #

#pdc09 cookie mode
recommended approach; must use this for WCF #

#pdc09 sesson mode

• works in a web farm with a shared database
• recommended for ASP.NET if your cookies get too big #

  セッションに復活。PC貰ってきました! #

  #pdc09 Beyond Web Single Sign-On #

  #pdc09 WIF and ADFS2 do WCF as well

• We've tried many bindings in Windows Azure
• You'll need KB971842 to enable WCF WSDL in a web farm #

  #pdc09 Custom Security Token Services

Identity and Federation Providers all work #

#pdc09 Store trust data in Azure Storage or SQL Azure

• Certificates without keys are fine in a database #

  #pdc09 Summary

WIF lets you external Authentication #

#pdc09 ADFS opens up AD for Fedration

• Multiple protocols, Active and Passive #

  #pdc09 - Intranet and Extranet Authentication

• Smart Claims Generation #

  #pdc09

WIF on-premmise or in Windows Azure

• Same conceptual model
• Samme application code
• Same configuration model #

  #pdc09 『REST Service Security　using the Access Control Service』 #

  #pdc09 クラウドでも必ず問題になりそうなのが、ディレクトリ、SSO、アクセス・コントロール。 #

  #pdc09 how do we allow our customers to grant others access on their behalf? #

  #pdc09 ACS == claims based access control for REST web services #

  #pdc09

usable from any platform (for real)
Implements OAuth WRAP & SWT
Low-friction way to onboard new clients #

#pdc09
Integerates with ADFS v2
Enables simple delegation #

#pdc09 A web service can take advantage of these capabilities with ONE code base. #

#pdc09 Oauth Profiles

• Web resource authorization protocol (WRAP)
• Simple Web Tokens (SWT) #

  #pdc09 ms, yahoo!, google contributed #

  #pdc09 groups.google.com/group/oauth-wrap-wg #

  #pdc09 2. customer -> Request Access Token(Claim)

acs service namespace -> Return Access Token #

#pdc09 tokenを添付してクライアントはサーバにサービスを依頼する。
tokenはauthorization serverがauthorizationして渡されたもの。 #

#pdc09 3 ways to request a token
plaintext
signed token
ADFS v2 issued SAML bearer token #

#pdc09 ACS always returns the same kind of token (SWT) #

#pdc09 windows azure
ACS Token issuing endpoint
ACS Management endpoint
Portal #

#pdc09 デモで使っているWindows Azurのメニューの構成がWindows Azure, SQL Azure, AppFabric, MarketPlaceとなってた。ACSは
AppFabricの中。 #

#pdc09 AppFabricはWindows ServerとWindows Azureをつなぐ通信基盤と考えればよいのかな。相互運用の核になるのでハイライトされている。 #

#pdc09 ACSはACLではなくてRule-Baseというのも一つの特徴。 #

#pdc09 OAuthはよいとして、OpenIDはどこにも出てこなかった。OpenIdをやらないと汎用的にはクラウド・サービスには利用できないかも。要確認。 #

#pdc09 Token issing behavior

• token policy
• issue
• scope
  • URI that ACS uses to group Rule entities
• rule set /rule #

  #pdc09 RESTでアクセスできるようになっているのかな。 #

  #pdc09 ACS & Enterprise Integration

• ACS accepts signed SAML bearer tokens in token requests #

  #pdc09

• WIF is the easiest way to request a SAML token from AD FS v2 #

  #pdc09

• ACS must have knowledge of the signinig key in order to validate the SAML token
• ACS publishes and parses WS-Fed metadata #

  #pdc09 ACS Service Namespace #

  #pdc09 futures

• support for web identity providers
  • web identity providers (Live ID, Facebook connect, Google, Open ID, etc.) #

    #pdc09

  • Enterprise identity providers
• native WS-* support #

  #pdc09

  • WS-Trust and WS-Federate
  • CardsTrus(?) #
    Automatically shipped by LoudTwitter