OAuth's current access dance is based getting a request token that is later exchanged for an access token. Introducing the request token takes what could have been a 4 round trip protocol and makes it into a 6 round trip protocol. Couldn't we just simplify OAuth down to 4 round trips by getting rid of the request token all together? Or is there some critical use case enabled by request tokens that makes all the complexity worth the price?

[5/26/2009 - Updated with Q&A on open redirectors]

[6/2/2009 - Updated with a note from Allen Tom on another way to prevent open redirector attacks]

(more…)

I'm writing an enterprise service. A request comes in. Do I honor the request or reject it? Answering this apparently trivial access control question has spawned whole universes of interlocking protocols. Kerberos, Shibboleth, SAML, WS-*, Liberty, OAuth, OpenID and so on. Before I can pick which protocol to use I need to define my requirements.

DISCLAIMER: Although I am an architect on .NET Services' Access Control Service nothing said in this document necessarily represents the opinions of my employer, my friends, my enemies or my teddy bears. No warranty express or implied. Your mileage may vary. Do not remove tag.

(more…)

How do you get a Prius through the snow? I didn't used to care but in the last few years Redmond has had snow sitting on the ground for a week or two. There are low profile chains that will work on a Prius but that's a bad solution for me because the main roads in Seattle will be clear of snow, it's the neighborhood roads and side streets that will be covered. So after a mile or two of driving I would have to take the chains off. Studded tires could work but most of the time there is no snow on the ground and having to have my wheels put on and off is a pain. Snow tires could work but the snow season is only a month long and temperatures go all over the place, besides we get more water than ice/snow towards the end of the down fall and snow tires do badly on that. In the end I found and have tried out a reasonable solution to my problem âÄì The Autosock.

I tried out the autosock on my car last winter and this winter. Both times they worked really well. They gave me excellent traction both on packed and loose snow. They take literally 60 seconds to put on and take off. They aren't perfect but they work pretty well. Where I ran into problems with them is on slushy snow. I had to rock the car several times, driving back and forth, to get through a few really slushy patches. And when the snow started to seriously melt the autosock met it's match and stopped working. But so long as the snow was reasonably solid (e.g. power or packed) they worked well. I tried them on the steep hills around my home and they gave excellent traction both going up and down hills. Besides the looks on people's faces as a Prius with what looked like a shower cap on its wheels confidently drove past in the two foot snow was priceless.

I have never driven a four wheel drive but my guess is that autosocks are no substitute for a four wheel drive or real snow tires. But they got me around just fine and the cost is certainly right.

I guess I got lucky because all the folks I voted for made it to the general election so I don't have to go back and revisit those choices. The big choices then were President, which I covered in a separate article and the various initiatives which I cover below.

• President/Vice President- Ralph Nader/Matt Gonzalez

• United States Representative - Congressional District No. 1 - Jay Inslee

• Governor - Christine Gregoire

• Lieutenant Governor - Marcia McCraw

• Secretary of State - Jason Osgood

• State Treasurer - Allan Martin

• State Auditor - Brian Sonntag

• Attorney General - Rob McKenna

• Commissioner of Public Lands - Peter J. Goldmark

• Superintendent of Public Instruction - Randy Dorn

• Insurance Commissioner - Mike Kreidler

• State Representative - Legislative Dist No. 45 - Position 1 - Roger Goodman

• State Representative - Legislative Dist No. 45 - Position 2 - Larry Springer

• State Supreme Court - Justices of the Supreme Court - Position 3 - Mary Fairhurst

• State Supreme Court - Justices of the Supreme Court - Position 4 - Charles W. Johnson

• State Supreme Court - Justices of the Supreme Court - Position 7 - Debra L. Stephens

• Court of Appeals, Division No. 1 - District No. 1 - Judge Position 5 - Lau, Linda

• Court of Appeals, Division No. 1 - District No. 1 - Judge Position 6 - Ann Schindler

• Superior Court - Judges of the Superior Court - Position 1 - Tim Bradshaw

• Superior Court - Judges of the Superior Court - Position 22 - Julia Garratt

• Superior Court - Judges of the Superior Court - Position 37 - Jean Rietschel

• Initiative Measure No. 985 - No

• Initiative Measure No. 1000 - Yes

• Initiative Measure No. 1029 - No

• King County Charter Amendment No.1 - No

• King County Charter Amendment No. 2 - Yes

• King County Charter Amendment No. 3 - Yes

• King County Charter Amendment No. 4 - No

• King County Charter Amendment No. 5 - Yes

• King County Charter Amendment No. 6 - Yes

• King County Charter Amendment No. 7 - No

• King County Charter Amendment No. 8 - No

• Sound Transit - Proposition No. 1 - No

(more…)

Those I have told my intention to vote for Mr. Nader have generally had one of two reactions. Either they said I was throwing away my vote or they said that I was helping McCain to win. My response to these accusations is that my vote is about indicating where I want this country to go and I don't want it to go to the same corporate owned, poll driven, pork barrel politics we have had to date. I am confident that neither Obama nor McCain will make any substantive changes to what ails this country so I feel duty bound to vote for someone who I think will make a real difference. Therefore I am voting for Ralph Nader.

(more…)

The short answer is that we don't know. And before someone says "what about the 529 prepaid plans?!?!" (which I will discuss in a future article) please keep in mind that those plans only track in state tuition fees and are quite expensive. So bottom line is - we don't know, in fact, I would argue, we can't know. The guiding light of finance being "the future's not our's to see." So I'm going to guess. My guess, assuming our daughter goes out of state for college in 17 years and attends college for 4 years is that our total bill (tuition, fees, room, board, etc.) at the end of her undergraduate education will be $281,000 in 2008 dollars. Oy.

(more…)

Now that we have decided to use CollegeSure CDs to save for our daughter's college the question is - how? The answer turns out to be non-trivial in that we need to figure out how many CDs of what duration at what cost to buy each year between now and when she finishes college. After some experimentation I came up with an approach that seems to provide a reasonable cost and purchase plan. Below I explain how the approach works and provide a calculator that creates a purchase plan using the approach. Please keep in mind however that I'm no financial expert, that the code hasn't been properly tested and that objects may be closer than they appear.

(more…)

The denial of service attack continues. By putting such a large number of candidates on the ballot the only conceivable result is less effective representation. Unless one dedicates one's life to reviewing candidates (and how does on review judges anyway?) there is no way to give effective overview to so many candidates. The only practical result I can see from this deluge of candidates is less people voting and for those who do vote, less attention being paid to each candidate.

• United States Representative - Congressional District No. 1 - Jay Inslee

• Governor - Christine Gregoire

• Lieutenant Governor - Marcia McCraw

• Secretary of State - Jason Osgood

• State Treasurer - Allan Martin

• State Auditor - Brian Sonntag

• Attorney General - Rob McKenna

• Commissioner of Public Lands - Peter J. Goldmark

• Superintendent of Public Instruction - Randy Dorn

• Insurance Commissioner - Mike Kreidler

• State Representative - Legislative Dist No. 45 - Position 1 - Roger Goodman

• State Representative - Legislative Dist No. 45 - Position 2 - Larry Springer

• State Supreme Court - Justices of the Supreme Court - Position 3 - Mary Fairhurst

• State Supreme Court - Justices of the Supreme Court - Position 4 - Charles W. Johnson

• State Supreme Court - Justices of the Supreme Court - Position 7 - Debra L. Stephens

• Court of Appeals, Division No. 1 - District No. 1 - Judge Position 5 - Lau, Linda

• Court of Appeals, Division No. 1 - District No. 1 - Judge Position 6 - Ann Schindler

• Superior Court - Judges of the Superior Court - Position 1 - Tim Bradshaw

• Superior Court - Judges of the Superior Court - Position 10 - Regina S. Cahan

• Superior Court - Judges of the Superior Court - Position 22 - Julia Garratt

• Superior Court - Judges of the Superior Court - Position 26 - Laura Gene Middaugh

• Superior Court - Judges of the Superior Court - Position 37 - Jean Rietschel

• Superior Court - Judges of the Superior Court - Position 53 - Mariane Spearman

• King County Initiative 26 and Council Proposed Alternative - Question 1 & 2 - No/Council-Proposed Alternative

(more…)

In previous articles (here and here) I have talked about what software program managers do. And in another previous article I talked about Cosmos. In this article I bring the two topics together and talk about what Cosmos program managers actually do. (For those just joining us Cosmos is Microsoft's internal platform for reliably storing and processing petabytes of information such as all of Microsoft's log data from its various websites.) The issue of what PMs on the Cosmos team do is near and dear to my heart because I'm the lead program manager for Cosmos and we are hiring!

(more…)

Cosmos is Microsoft's internal data storage/query system for analyzing enormous amounts (as in petabytes) of data. As the lead Program Manager for Cosmos I can't say too much about it but what I can do is take a tour of the information that Microsoft has published about Cosmos. So read on if you are interested in the architecture Microsoft uses to store and query petabytes of data and what technical issues Microsoft's approach brings up.

(more…)