今日のつぶやき
[Twitter]今日のつぶやき ff.im/bE8Nj #
#pdc09 会場到着。先頭の席を確保。 #
#pdc09 ウルトラ7だ #
#pdc09 ネットが重い #
#pdc09 windows error reporter #
#pdc09 user account control #
#pdc09 windows 7マシンくれるらしい。ホント? #
#pdc09 HTML5 JavaScript #
#pdc09 internet explore 9 #
#pdc09 ie9は性能でff3.6, chrome4 webkit nightyにちょっと負けてるけどいいところまで来ている。Acid3 #
#pdc09 silverright #
#pdc09 visial studio 2010 #
#pdc09 data annotationいい #
#pdc09 sliverlightをsandboxの制限を外してそのままデスクトップアプリ化できるのか。 #
#pdc09 snapflowのデモもデスクトップアプリと遜色のない機能、スピードだった。silverlight面白いかも。 #
#pdc09 office and sharepoint 2010 #
#pdc09 『Development Best Practices and Patterns for Using SQL Azure Databases』 #
#pdc09 Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to backend SQL #
#pdc09 Scalability an dAvailability: Fabric, Failover, Replication, and Load balancing #
#pdc09 LB - load balancer forwardds 'sticky' sessions to TDS protocol tier #
#pdc09 applications use standard SQL client libraries: ODBC, ADO.Net, PHP, ... #
#pdc09 geo-location (has a unique DNS name)
A zone fo radoministration policy
A point of billing and reoiring aggregation #
#pdc09 <- Each SQL Azure server provides #
#pdc09 Where should I create my server?
Best practice: co-locate server with Windows Azure app role (if using) to reduce latency #
#pdc09 When should I create a new server?
- Trade off between geo/admin/billing #
#pdc09 Server Management
- through the portal
- through the master database #
#pdc09 Server: Network Access control
- each server defines a set of firewall rules #
#pdc09 -controlled using
- SQL Azure uses SQL authentication (UID/PWD) #
#pdc09 Authorization model fully compatible with SQL #
#pdc09 authorizationをAUTHZ、authenticationをAUTHNと略すのか。 #
#pdc09 Billing and Reporting
- sys.bandwidth_usage: usage in KB
- sys.database_usage: instance count by SKU #
#pdc09 SQL Azure connection strings follow normal SQL syntax - except for an unusual username format #
#pdc09 format of username for authentication: ADO.NETとODBCで違う。 #
#pdc09 applications connect directly to a database
- "Inital Catalog = <db>" in connection string #
User ID=user@server;Password=password;... #
#pdc09 ODBC:
Driver={SQL Server Native Client 10.0};
Server=server.database.windows.net;
Uid=user@server;Pwd=password;... #
#pdc09 connections may dro due to: network connectivity blips, idle or long running transactions, throttling, database filover actiivty #
#pdc09 DOS protection may deny connectivity #
#pdc09 application design topics #
#pdc09 most-applicable sql best practices
- connection poling
- query parameterization
- batching #
#pdc09 when pooling, use connection an dreturn immediately.
Do not hold for a long time - pool enusre fast turnaround one second use. #
#pdc09 first step: reconnect immediately #
#pdc09 tracing helper pattern #
#pdc09 batching: push logic to Server
parameterized queries #
#pdc09 declare parameter lengths! #
#pdc09 divide your data into smaller chunks
using shorter transactions
<- maximize elasticity benefits #
#pdc09 sql azure support standdard sql data import and export patterns #
#pdc09 use bulk loading pattern where possible
- BCP
- SSIS
- Bulk APIs #
#pdc09 load blobs to azure, BCP from Azure worker, Reduced latency -> improved throughput. バルクアップロードする時のtipsみたい。 #
#pdc09 connectivity, tracing and support, batching, pooling and parameterization. bcp (in, out) #
#pdc09 'M'のランチセッションに来てみた。 #
#pdc09 visial studioを使ったライブ。 #
#pdc09 token HashTag, token User, token AlphaNumberの定義中。 #
#pdc09 セッション名『Microsoft Project Code Name “M”: The Data and Modeling Language』Don Box, Jeff Pinkston #
#pdc09 don boxがしゃべりまくって、助手が横でライブコーディング。面白い。 #
#pdc09 シンタックスを定義すると、リアルタイムでパース結果がウィンドウに出てくる。 #
#pdc09 languages are declarative functions from text to some value #
#pdc09 "M" has a set of "intrinsic" data types #
#pdc09 users can define constraint-based structurral types that match a set of values for a given intrinsic type #
#pdc09 ライブコーディング再開 #
#pdc09 M modules can be compiled and run in SQL server #
#pdc09 'M'はデータベース・スキーマも定義できる。ライブプログラミング中。 #
#pdc09 データベースのスキーマとデータの両方をMで定義してから、データベースを自動生成。 #
#pdc09 "m" being extended to support edm - inheritance, associations, declarative mapping #
#pdc09 pdc09 bits contain an early preview #
#pdc09 データベースの内容をASPに埋め込むライブコーディング中。 #
#pdc09 msdn.com/data #
電源確保できた。らっきい #
#pdc09 次は『The 'M'-Based System.Identity Model for Accessing Directory Services』 #
#pdc09 朝のセッションのSQL Azureの話は、多分SQLエンジンはSQL Serverと同じなので、最適化には同じテクニックが使える、ということだったと思う。 #
#pdc09 ただし、SQL Serverをクラス構成にしてSQL Azureにしている(と思われる)ので、パーティショニングを意識するとよい、点が追加のTipsというところかな。タイムアウト時間の制約なども加わるか。 #
#pdc09 vesion of a Federated Directory
evolving Active Directory #
#pdc09 Introducing "System.Identity" the model
Introducing "System.Identity" the API #
#pdc09 we need a directory metasystem that works holistically in the cloud, in enterprises and organizations, and on devices. #
#pdc09 shared architecture, data model and semantics, protocols publication paradigm #
#pdc09 policy framework for configuration #
#pdc09 simple apis integrated with developer platforms #
#pdc09 constraiont
cloudとon-premiseで開発経験を共通化
end-user experience
directory must be insulated from its success
(ex. Active Directory) #
#pdc09 The directory shouldn't need to trust the application* #
#pdc09 new demands on the directory
relationships and multiple identifieers
cross directory federation and virtual teams #
#pdc09
partitioning (data & worklaod)
extensible without disruption
Support RSS, REST, WS*, .NET, Win32, ... #
#pdc09
Simplify common tasks
Complex query, polyarchy
Use ubiquitous tooling #
#pdc09 directory serviceのfederationが業務アプリケーション構築の上でとても重要な技術になると予想される。ということでこのセッションを選んでみた。目的どおりだったのでちょっと安心。'M'の実例という面でも興味がある。 #
#pdc09 Directory federation service will "clamp on" to existing Active Directory, much like ADFS does tody #
#pdc09 Leverages repository patterns hosted on top of SQL server and Cloud DB #
#pdc09 software service, group, organization, device, peopleをpartyとhして抽象化 - System.Identity Schema #
#pdc09 everything is 'kind' #
#pdc09 Party and Extend
Parties ExtentとPersonas Extendの例 #
#pdc09 Parties ExtentとPartiesPersonsRelationpExtentの例 #
#pdc09 PartiesExtentとIdentityKeysExtentの例 #
#pdc09 Partiesが代表となるParty、Partyインスタンスの元となる物理的なIDをIdentityKeysExtentで管理。1つのParty IDに複数のIDがKindをユニークに関連付けられる。 #
#pdc09 ProcessRole, party-To-Party Relationships #
#pdc09 principals, identity keys and party-to-party-relationships #
#pdc09 reduce data redundancy through a normalized representation #
#pdc09 factored to cleanly separate the information associated with different applications while allowing shareing #
#pdc09 separation between the conceptual / logical shcema and the physical shcema / implementation #
#pdc09 extensible "Kinds" system that allows developer s to add new functionality *** #
#pdc09 SystemIdentity API -> TDS -> NextGen AD & SD #
#pdc09 旧:LDAP API -> LDAP -> AD/(X.500) #
#pdc09 (X.500)から(System.Identity)にローディング #
#pdc09 (X.500)と(System.Identity)のsync/repliation #
- high level .NET API which exposes the logical schema entities and relationships to developer through LINQ #
#pdc09 Extending the directory
kinds and kind relationships
party to party relationships
partyAttributes & PartyMedia
private Extends #
#pdc09 summary
A logical schema for "directory" information #
#pdc09
Accessed through an API which exposes the "logical model " via LINQ to developers #
#pdc0 『Enabling Single Sign On to Windows Azure Applications』開始 #
#pdc09 Federated Identity: Enterprise SSO to Windows Azure #
#pdc09 active directory federation service #
#pdc09 externalizing authentication #
#pdc09 present claims - establish session #
#pdc09 Windows Identity Foundation (WIF) #
#pdc09 handles federation protocols
- extensible set of Security Token formats (U/P, X.509, SAML, ...)
- WS-Federation and WS-Trus #
#pdc09 - Federation metadata(?) #
#pdc09 next generation AD security token service #
#pdc09 Rule-based claims transformation engine
- Inbound and outbound transformation, request authorization #
#pdc09
- AD LDS + SQL attribute stores, custom store extensibility
- Identity Delegation with ActAs #
#pdc09 Intranet and Extranet capable with smart proxy service #
#pdc09 cookie-mode and session-mode
"cache to wire" or "cache to storage" #
#pdc09 cookie mode
recommended approach; must use this for WCF #
#pdc09 sesson mode
- works in a web farm with a shared database
- recommended for ASP.NET if your cookies get too big #
セッションに復活。PC貰ってきました! #
#pdc09 Beyond Web Single Sign-On #
#pdc09 WIF and ADFS2 do WCF as well
- We've tried many bindings in Windows Azure
- You'll need KB971842 to enable WCF WSDL in a web farm #
#pdc09 Custom Security Token Services
Identity and Federation Providers all work #
#pdc09 Store trust data in Azure Storage or SQL Azure
- Certificates without keys are fine in a database #
#pdc09 Summary
WIF lets you external Authentication #
#pdc09 ADFS opens up AD for Fedration
- Multiple protocols, Active and Passive #
#pdc09 - Intranet and Extranet Authentication
- Smart Claims Generation #
#pdc09
WIF on-premmise or in Windows Azure
- Same conceptual model
- Samme application code
- Same configuration model #
#pdc09 『REST Service Security using the Access Control Service』 #
#pdc09 クラウドでも必ず問題になりそうなのが、ディレクトリ、SSO、アクセス・コントロール。 #
#pdc09 how do we allow our customers to grant others access on their behalf? #
#pdc09 ACS == claims based access control for REST web services #
#pdc09
usable from any platform (for real)
Implements OAuth WRAP & SWT
Low-friction way to onboard new clients #
#pdc09
Integerates with ADFS v2
Enables simple delegation #
#pdc09 A web service can take advantage of these capabilities with ONE code base. #
#pdc09 Oauth Profiles
- Web resource authorization protocol (WRAP)
- Simple Web Tokens (SWT) #
#pdc09 ms, yahoo!, google contributed #
#pdc09 groups.google.com/group/oauth-wrap-wg #
#pdc09 2. customer -> Request Access Token(Claim)
acs service namespace -> Return Access Token #
#pdc09 tokenを添付してクライアントはサーバにサービスを依頼する。
tokenはauthorization serverがauthorizationして渡されたもの。 #
#pdc09 3 ways to request a token
plaintext
signed token
ADFS v2 issued SAML bearer token #
#pdc09 ACS always returns the same kind of token (SWT) #
#pdc09 windows azure
ACS Token issuing endpoint
ACS Management endpoint
Portal #
#pdc09 デモで使っているWindows Azurのメニューの構成がWindows Azure, SQL Azure, AppFabric, MarketPlaceとなってた。ACSは
AppFabricの中。 #
#pdc09 AppFabricはWindows ServerとWindows Azureをつなぐ通信基盤と考えればよいのかな。相互運用の核になるのでハイライトされている。 #
#pdc09 ACSはACLではなくてRule-Baseというのも一つの特徴。 #
#pdc09 OAuthはよいとして、OpenIDはどこにも出てこなかった。OpenIdをやらないと汎用的にはクラウド・サービスには利用できないかも。要確認。 #
#pdc09 Token issing behavior
- token policy
- issue
- scope
- rule set /rule #
#pdc09 RESTでアクセスできるようになっているのかな。 #
#pdc09 ACS & Enterprise Integration
- ACS accepts signed SAML bearer tokens in token requests #
#pdc09
- WIF is the easiest way to request a SAML token from AD FS v2 #
#pdc09
- ACS must have knowledge of the signinig key in order to validate the SAML token
- ACS publishes and parses WS-Fed metadata #
#pdc09 ACS Service Namespace #
#pdc09 futures
- support for web identity providers
- web identity providers (Live ID, Facebook connect, Google, Open ID, etc.) #
#pdc09
- Enterprise identity providers
- web identity providers (Live ID, Facebook connect, Google, Open ID, etc.) #
- native WS-* support #
#pdc09
- WS-Trust and WS-Federate
- CardsTrus(?) #Automatically shipped by LoudTwitter