In WCF, once you have your identity established you can create a demand for permissions against a roles server. So the permission is necessarily separate from the identity. In a smart client, where this demand is not available, do you cache a nugget for later use? If so, it freezes your abilities to the currently enrolled or demanded security. Considering the weight of most modern UI's, the ability to have the smart client detached and be able to track or validate any security bound method seems overly complex.
So here is my first blush at a hypothesis: an offline security manager can create a cache that is populated asynchronously by the startup of the client while online.
My assumptions are:
There is a coherent map of permissions that are bound to the functionality of the client.
There is at least one level of permissions that are fully enabled.
The smart client must start all permissions activities in a connected state.
Moving this security back to the client has two problems immediately apparent. More on those as I get further.
Thursday, February 17, 2011
Monday, February 14, 2011
Toughest interview ever; Google intervention needed
Recently had the toughest interview of my life. Two hours, two questions and dredging up Big O notation, binary trees and stuff like that. All without Google. Sad that it took an interview to help me realize how much Google I use through the course of a day. Have I really become so dependent on a search engine that I no longer bother to retain information? Is my brain stuffed full of nothing but keywords for search results?
Time to break the habit and start practicing on some of the more recent knowledge I have acquired. I figure jumping into a class or maybe an open source project would be a good way to wrap this kind of effort into a deadline driven activity.
Time to break the habit and start practicing on some of the more recent knowledge I have acquired. I figure jumping into a class or maybe an open source project would be a good way to wrap this kind of effort into a deadline driven activity.
Thursday, February 3, 2011
IPv4 is dead, long live IPv4!
According to CNN, SlashDot and a bunch of other people, IPv4 has died. The last IP numbers have been allocated. My question, does this matter?
Wednesday, February 2, 2011
The idea of engineering creativity
In spite of what my wife thinks, writing software is a very creative act. It takes cunning, logic, rational thinking as well as advanced problem solving. On top of that, it also takes a great deal of "Voice." If you have ever heard musicians or writers talk about Voice, you understand they mean a style that is as unique as a finger print. I think the thing that separates coders from developers is that Voice. I have seen code that makes me weep because of its elegance and simplicity. Yet this same code can do enormous work. I have seen code that makes my eyes bleed and my soul scream. This code, though countless in lines, does little more than introduce bug after bug.
Tuesday, February 1, 2011
A coherent article on SaaS security issues
In a follow up to the earlier post, I found a great article on the pros and cons of federated identity versus other ID models for a SaaS application.
http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm
In the Windows realm, cached authentication for roaming has limitations due to a lack of connection back to the ActiveDirectory. This doesn't have to be the case in a SaaS app. Federation enables a 4g connection to authenticate and update against the security token. But what is the transaction cost of this model for a smart client?
http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm
In the Windows realm, cached authentication for roaming has limitations due to a lack of connection back to the ActiveDirectory. This doesn't have to be the case in a SaaS app. Federation enables a 4g connection to authenticate and update against the security token. But what is the transaction cost of this model for a smart client?
Security and roles based authority in a smart client
I have started looking for a new way to track permissions in a smart client for a SaaS-based rich client. So far, I have nothing but theory. As I develop code, I will post. The problem I see is this; current application structures rely completely on the server or a cached principal of the server to allow operations. Offline or disconnected modes become limited.
Subscribe to:
Posts (Atom)