My new project, currently underwraps, will make a brief appearance today in one of the TechReady sessions. If you're a MS employee, swing by and check it out.
The details..
Session Code: ARC325
Time: 3pm – 4:15pm
Location: WSCTC 3AB
One of the great things about Microsoft is that we have a number of distribution lists (dls) on every topic under the sun, from product or technology specific discussions (biztalk, wcf, silverlight), broader topic discussions (architecture, marketing), to the completely non-technical (concert tickets, people from country x, new college hires, poker players at MS, etc.).
On one of these DLs there was an interesting thread this week about architectural content. Specifically, someone was preparing a presentation and asked the DL audience (a mix of corp and field staff) what our architecture audience would expect. Most people immediately get the thought of "that's silly, it's obvious that it should include '[insert here]'". If we asked that question to 20 different people in the industry, you'd likely end up with multiple different responses. In a side conversation, I told someone that this was the 'Costanza Dilemma', and after describing it to him, he suggested I share it on the blog.
Part of the challenge is that the word architect is a loaded term. The terms architect and architecture mean a number of things to a number of people. Sure, at the top level there are some straightforward designations and areas of speciality - infrastructure architect, product architect, solutions architect, platform architect. From a presentation perspective, you could determine your top level audience and startup powerpoint, right?
Not so much. If you're targeting a small audience, you may have enough context you can make a decent go of it. But what if you were working on a presentation for a wide audience where you likely don't have that context? Unlike the architecture of physical structures, where there are industry accepted definitions, degrees and professional certifications broadly available internationally, we don't have the same for software.
If you've ever seen the US television program Seinfeld, there's a character named George Costanza who's had a number of interesting positions (real estate agent, hand model, bra salesman), but what's interesting is that in several of the episodes he identifies himself as an architect. George's knowledge of architecture is confined solely to the few issues of Architectural Digest that he's read. But George aspires to be an architect, and if he were at a conference he might attend an architecture session or if on a site might read architecture-focused blogs. But if you're developing for a breadth audience, where you may have George, an aspiring architect, and one of the worlds top architects, say Frank Ghery, what content should you include? This is what I refer to as the 'Costanza Dilemma'.
There are some folks doing a great job to address this very issue as we speak, and I also have some ideas on how to address it with context, personalization and collective intelligence. I'm working on my new project at the moment, so this is not a primary focus, but with the new public facing role I expect to do some additional blogging about this in the coming months.
What are your approaches to solving the 'Costanza Dilemma'?
Not sure if you caught the mention of this last week, but the Syndicated Client Experience Starter Kit Beta & Reader SDK was released last week. This is a "a Starter Kit designed to make it easy to create rich, syndicated multimedia and content experiences which engage the user, from documents and photos to videos and podcasts."
If you've seen the Architecture Journal Reader, the Times Reader, or the MSDN Reader you're already familiar with what this starter kit can do for you. If you want a rich presentation of RSS content (regardless of whether it's coming from outside or inside the firewall), it's definately worth a look.
You can find out more details on it here:
http://windowsclient.net/wpf/starter-kits/sce.aspx
Interested in a course on Silverlight but not sure what to start? Mike Harsh has recorded five hours of video training for Lynda.com, which you can access for free.
It covers the following topics -
1. Understanding Silverlight
2. Discovering Silverlight Experiences
3. Silverlight Tools: Expression and Visual Studio
4. Getting Started with XAML, JavaScript, and HTML
5. Advanced XAML
6. Advanced JavaScript Techniques for Silverlight
7. Asset Preparation for Designers
8. Working with Media in Silverlight
9. Creating a Media Player with Silverlight
10. Creating Programmatic Animations
11. Silverlight Deployment
12. Conclusion
You can check it out here: http://movielibrary.lynda.com/html/modPage.asp?ID=473
It's not quite the end of January, but there's already alot of "new" in my new year. There's a new car, some new gadgets, and on the work front a new project and a new team.
As you may have heard, Charles Fitzgerald, left Microsoft to head to a startup. Charles was the GM that my old team, platform incubation, reported into. Charles set the mission for that team, and was the major stakeholder for Tafiti and several other internal facing projects that I worked on. Charles was a great GM, and while this is a loss for MS, I'm confident we haven't heard the last of him.
With Charles' departure, Scott and I will be moving to different roles in the company. I am happy to report that I am now officially part of Simon Guest's team.
One of the few negatives about my last role in incubation was that it was inherently secretive, as parts of the work could be patented. As a result, after delivering my book on CardSpace I mostly dropped off the public scene, save for promoting Tafiti. With Simon's team having a key focus on talking about architecture with the broader community, this is something that will change, and you'll see me engaging more publicly on architecture related subjects. Simon's team has a big focus on Software+Services, which if you've read the blog for awhile know is something I've been looking at for some time in and outside of Microsoft. Expect to see me blogging more, podcasting/screencasting more, and writing the odd article or two. (No more books for awhile, though. Having written or co-written 3 books in 2 years, I've committed to my wife not to start another one until 2009)
I also mentioned there's a new project. I'll be carrying over a project with me from incubation to Simon's team as well. Nothing I can share at the moment, other than it will be public focused and it's going to be a key focus for me for a good portion of 2008.
While this project is big, there's another project I'll be working on that's even bigger. This is a longer term project, estimated to last decades with a budget estimated to be in the seven figures. Oh, and it has nothing to do with software. My wife and I are expected our first child, a son, to literally arrive any day now. While there's alot of great 'new's in 2008 already, this will surely be the best.
Here's hoping your 2008 is going well, and I look forward to engaging with the community more broadly once again. If there's anything you'd like to see me engage on - be it in blog, article, or podcast, let me know. As always, I can be reached at mmercuri@microsoft.com
I saw on Amazon that Vittorio, Garrett, and Caleb's new CardSpace book, "Understanding Windows CardSpace" has shipped.
As Vittorio and I were teammates when our respective CS book projects began, some people asked me if there were any competitive juices flowing. Not at all, the reality is that I had signed the deal with my publisher for my book after finishing WCF Hands On! and before hearing from Vittorio he was working on a book on the subject. Rather than being competitive, the hope was the end results would be complementary. From looking at Amazon, it looks like that may just be the case, which is greatness.
Congrats to Vittorio, Garrett, and Caleb all on this latest addition. Hopefully this encourages more folks to write books on the subject.
Before the holidays I sat down with Catherine Heller from Channel 9 and Max Zuckerman from Channel 8 to talk about the new shared source release of Tafiti.
The Channel 9 video can be found here http://channel9.msdn.com/showpost.aspx?postid=371527
The Channel 8 video can be found here http://channel8.msdn.com/Posts/tafiti/
These videos will be my last for Tafiti, the code has now officially been transferred over to Angus Logan and his team. Angus & co. are already hard at work on a new release with some really cool new functionality.
If you've not seen Angus' blog before, it's worth checking out for all sorts of Live goodness. You can find it at http://www.anguslogan.com
I wanted to give you an update on Tafiti, Microsoft’s experimental site that explores the intersection between Silverlight and Windows Live Search. Tafiti, which means "do research" in Swahili, is an experimental search front-end from Microsoft, designed to help people use the Web for research projects that span multiple search queries and sessions by helping visualize, store, and share research results. Tafiti uses both Microsoft Silverlight and Live Search to explore the intersection of richer experiences on the Web and the increasing specialization of search.
When the Tafiti.com site went live, I did a couple of interviews where I said that we would make the code public if people were interested. We recieved a fair amount of interest, and linked up with Angus Logan's Windows Live Apps team to do just that.
Today, I'm happy to announce the release of the Tafiti Search Visualization source code to CodePlex which means developers can download, modify, and resell the code (see MS-PL License for all the details).
The CodePlex project provides access to all of the source, which you can use in it's entirety or piece meal based on your needs. The project includes a number of Silverlight controls, code that wraps the Live Search SOAP API, contains code for posting to your Live Space blog, and is also working example of how to incorporate Windows Live ID into your apps. We've also included the code for the tree screensaver that so many people commented on.
 
Because I do work for Microsoft, I do need to preface this entry with the disclaimer that while I do work for Microsoft, the views or opinions expressed here are my own.
---------
In my group of family and friends, I'm seen as the 'gadget guy', and every holiday I end up getting phone calls and emails for feedback on what to get people for Christmas.
This year, there were two recurring themes - Xbox360 vs. PS3 and HD DVD or BluRay. Part of what prompted the discussion was the fact that the PS3 is a new addition, an early Christmas present from my wife.
The general response was "You got a PS3? Why? Don't you have 3 Xbox360s?"
The answer I gave them was one they found interesting, and someone suggested I blog about it to help other folks looking to make the same decision this holiday.
The first thing I told them was that my mindset when buying each device was different. I bought my Xbox360 primarily because it was a great next generation gaming console. I bought my PS3 primarily because it was a low-cost BluRay DVD player.
I bought the 360 for games, and I was very happy with the graphics and with the onling gaming in Xbox Live. The backwards compatibility with the original XBox is also good. There have been multiple updates to add more games to the 'supported' list, so for gaming overall the 360 rocks.
What was interesting was that I was pleasantly surprised with the non-gaming functionality. I can use it as an 'extender' for my computer, allowing me to watch the TV shows, pictures, and videos on my computer. I can also use the 360 to listed to music on my computer, including the music on my Zune player.
The 360 also allows me to download movies - regular and HD versions - directly to the hard drive. It also lets me download arcade games, music videos, game demos and game trailers directly to the device.
I later bought the HD-DVD drive add-on for the 360, and was really pleased with it. I'd won one of the first gen Toshiba HD-DVD drives, so I was familiar with HD-DVD, and to be honest I was more impressed with the Xbox360 version than the standalone player I had.
Last winter, we had a flood, and as a result our media room with the HD TV was out of commission for months. The Xbox360 and the HD-DVD worked fine upstairs and allowed me to watch my HD movies on SD while construction continued downstairs.
At Thanksgiving this year, we found another great feature. We bought the camera add-on for the 360, and sent one to my sister who lives on the east coast. The 360 let us do video conferencing via the TV, allowing for us to see and talk to our relatives and vice versa. This is a great feature that doesn't get alot of press, but another pleasant surprise.
On top of all of this functionality, the interface for accessing everything on the 360 was super easy to use and I've just been super pleased with my 360. I purchased it as a gaming console, and ended up with an HDDVD player, real-time video conferencing, online gaming, and access to all of my photos, pictures, and video.
Now onto the PS3.
Now, I wanted the PS3 primarily as a low-cost BluRay player, and for that function it works great. I brought the device home, installed it, and watched the new James Bond film (Casino Royale), and was very pleased. The remote (purchased separately) was not backlit like the one for the 360, which made it a bit challenging to control if you had the lights out/dimmed while watching the film. Otherwise, as a BluRay player, it works great.
Moving beyond BluRay, let's start with the upfront purchase. I had an old PlayStation2, and if we were going to get a PS3 for BluRay, it would be nice to have it's touted backwards compatibility. Fortunately, I read tech blogs which pointed out what a tricky proposition this was and showed the right path. The PS3 sells in 80, 60, and 40 gig varieties. The 60 gig has full, hardware based backwards compatibility. The 80 gig has software based compatibility (not all games), and the 40 gig ships with no backwards compatibility. (I got the 60). I tried a couple of PS2 titles and they seemed to play fine.
But unlike the 360, I was generally disappointed when I went outside of BluRay use.
First, there was the interface. While the 360 had a simple, easy to use interface. The PS3's interface was horrible. It is not user friendly at all.
Next, I tried a game. Resistance: Fall of Man. was a good looking action/shooter. I had a PS2 previously, and that was primarily to play games that were exclusive to the PS2. In the new generation of consoles, there aren't as many high profile exclusives on the PS3. The result many games are available on both consoles and some (like Halo3) are exclusive to the 360. When looking at the online reviews of games on both the 360 and PS3, the 360 seemed to consistently be better rated (this years Madden football game was the first big example). The reality was that because the game developers have had the Xbox360 longer they seem to be more knowledgeable and take better advantage of it than the PS3. I've heard that from a developers perspective that the PS3 is harder to write for, so I'd expect it would be awhile before there's a comfort level and parity in the games. So while Resistance was good, for anything that's out on both PS3 and Xbox360, there's no question I'll buy it for the Xbox.
I then decided to try their online store and download some game trailers and demos. The store itself was ok, but the interface was a different experience than what was on the core PS3. I decided to download one of the game demos available, Conan. The download experience was again disappointing in comparison to the 360. On the 360, games download and then they're all set to play. On PS3, it's almost like downloading it on your PC, you need to download it and then install it. Unfortunately, Conan downloaded ok but failed during installation. This has never happened on the 360. So disappointed overall.
Next, onto the media functionality. It could see my PC, and while it could show the pictures on my PC, it had trouble accessing the recorded TV shows and music on my PC. Again really disappointing.
So from a Xbox360 vs. PS3 perspective, I bought the Xbox360 for games, and ended up getting alot more. With the recent price drops on the 360, you can now get it and the HD-DVD drive for a price comparable to the PS3. When people ask me which of the two they should buy for their kids or their spouse this year, I emphatically endorse the 360.
So the next question is BluRay or HD-DVD. Sometimes this is the determining factor for their Xbox360 vs. PS3 purchase decision, other times they're looking at standalone players.
My thoughts on the matter is that eventually, HD content will be delivered on demand, eliminating the need to pick a particular format. Based on that, I lean more towads the Xbox, as they have the infrastructure in place to deliver HD content and are delivering it well today.
For picture quality, I have HD-DVD via my Xbox360 and BluRay via my PS3, both using HDMI cables to a Pioneer receiver going to a 62" 1080i screen. They both look great. If you're a hardcore film afficionado, folks debate which format is better with people siding with one of the two formats. The reality is for most people, you'll end up with a great picture regardless. The decision here is really based on content, as certain studios are releasing content only on HD-DVD, others on BluRay, and others still releasing on both. HD-DVD appears to have more studios on board (Universal, NewLine, Paramount, Warner, Image, The Weinstein Company, Rhino, Bandhi, Dreamworks, and Canal Studios), in addition to their own studio, BluRay also has Disney and 20th Century Fox.
One thing to point out about HD-DVD is that alot of discs are shipped in a hybrid format that lets you play one side in a regular DVD player and the other in HD. This is great if you travel and want to be able to watch a disc in your portable DVD player or your laptop.
From a cost perspective, HD-DVD players overall are significantly less than BluRay players. WalMart has had advertised prices below $150 vs $399 for a BluRay.
So, for the format war, my recommendation to family and friends is that unless themovies that you want in HD are only available on BluRay, HD-DVD seems the be the way to go. And if your budget can afford a BluRay player, I'd look at the Xbox360+HDVD. You'll get alot more value of it and they've consistently delivered.
"Consider a turkey is fed every day. Every single feeding will firm up the bird's belief that it is the general rule of life to be fed every day by friendly members of the human race 'looking out for its best interests,' as a politician would say. On the afternoon of the Wednesday before Thanksgiving, something unexpected will happen to the turkey. It will incur a revision of belief."
Nassim Nicholas Taleb, from the book "The Black Swan" warning of the traps built into gaining knowledge by observation
When the iPhone was first introduced, there were a number of articles that talked about whether or not they would be supported in Enterprise environments.
Reading Gizmodo this morning, I ran across this video that shows a Unix security consultant hacking the iPhone such the he's not just able to retrieve email, but also install a remote recorder device and effectively 'bug' the iPhone. This effectively lets someone use the iPhone to record conversations and ambient noise in a room, even when it looks like the phone is off.
Any customer conversations. Any strategy discussions. Any board room discussions. Recorded while the phone looks like it's off.
And how long did it take to do this? Less than 5 minutes.
If you don't, you probably won't find this clip all that funny. If you do, watch the video below. It shows what the show '24' would have been like circa 1994 w/ early 90s tech. http://www.collegehumor.com/video:1788161
I'm reading Alan Greenspan's book 'Age of Turbulence' and found this quote interesting -
"You're entitled to your own opinions, you're just not entitled to your own facts." - US Senator Patrick Moynihan
The team wanted to do an update to Tafiti that enabled some skinning functionality and Search Macros and Jamey (who also runs geezergamers.com) suggested 'Halo Search'. With the upcoming Halo3 launch, we thought this was a great idea, and built out the mechanics for skinning, Jamey built the search macro of the top 30 Halo-related sites, and Tim Aidlin did some great design work. All of it came together and for a limited time, you can find it on the http://www.tafiti.com main site.
You'll see that the book search icon was replaced with the Halo symbol. Click on that symbol and you can get results just from Halo and gaming sites. I took a screenshot of the main screen and then also of the search screen and have shown them below. And if you're a fan of the original Tafiti site, you can still get to that skin using the link in the upper right corner.
To learn more about search macros (and why I think trust and constrained universe searches are valuable), check out my earlier blog post
When we released Tafiti, I had a chance to sit down with Beet.TV for an interview/webcast.
This can be found here: http://www.beet.tv/2007/09/tafiti-microsof.html
The link to the standalone video can be found here: http://blip.tv/file/377555
Note: this was before we added the limited edition Halo skin to Tafiti. To get to the UI listed here, use the link in the upper right corner of the UI.
Working on an interesting side project this weekend, so pulled another interesting entry from the archives. This was originally posted in December, 2006.
I've had an interesting day today. Checked into the airport this afternoon, and had a debate with the woman at the counter about my reservation. I received my ticket and was surprised to see I wasn't sitting in business class.
The funny thing is, I had an itinerary and record locator that indicated that I was in business class, but our check in clerk claimed I didn't.
A quick call to her supervisor came back with a confirmation that I did not have a business class seat. The options - take a business class seat for another $200 Euros or take a seat in coach. There was some additional discussion on my part, but I was amazed at how uninterested and unhelpful this particular individual was.
Before leaving the desk, I requested that she use my air miles card from a partner airline. Her response, which struck me as a bit odd, was that there was no need, as I was a gold member.
I begrudgingly took the coach seat and made my way to security. While in line I was thinking about her comment about my being a gold member. While I'm gold on other airlines, this (and the partner) weren't one of them.
I rechecked my ticket, and found it had someone else's name on it. Not sure who Vincent Mercier is, but he sounds a bit more French than this guy who grew up in Tewskbury, MA and knows just enough French to be either polite or offensive. I returned to the desk, pointed out the mistake and had my business class ticket in hand.
When sitting in the airport lounge a bit later, I thought about what had just transpired. Air France had asked initially for my passport, to check claims of identity. Those claims were recieved but were not utilized by the requestor, and a secondary claim - my reservation locator - was provided. Again, this wasn't used. Without success, the workflow required an escalation to another service - the supervisor - and again there was a failure. Here it was based on the information provided by the initial requestor.
It stresses the potential for a breakdown in an identity valdation scenario which involves a human component. The difference between Vincent Mercier and Marc Mercuri is fairly obvious, but the check-in clerk may have done some faulty pattern recognition based on seeing MERC in both.
Had this been a machine driven interaction, this would likely have gone flawlessly. A selection of destination city would have been used to limit the number of potential name matches and from that subset, the name would have been valdated either 1:1 or possibly with something along the lines of a Soundex.
What makes this breakdown of 'the system' incredibly alarming is that there was no validation of claims from that point forward - once ticket was in hand, I had free access to the system, boarded the plane, disembarked in Paris and am now in my hotel.
Sure, I provided the token assigned by the airline (a boarding pass) at security - but there was no requirement/check of my passport. If I had continued through with my initial, erroneously issued token (the ticket in someone elses name), I would surely still be in Paris eating the French interpretation of Cajun Chicken wings.
In this specific context, an identity breakdown has horrific potential. Suppose the mistaken identity had occured with a guy less interested in connecting systems as in disrupting them - a terrorist.
There were no further checks for identity (intra-EU flights do not have passport control), so someone who slipped through the system could now be freely traversing France. Given the political climate here in Paris this week (for those unaware, there have been riots and individuals setting fire to cars in France), it's even more alarming.
With the recent move to self-service kiosks for check in, the mechanisms I mentioned earlier are helping avoid this issue. Introducing some of the technology used there in the human interaction piece (i.e. scanning of passports and system retrieval of information) would help solve the issue, surely.
But that answer begs different questions. We do quality assurance of the software systems, but how do we and how much time do we do testing of the human components in connected systems? And once you've established your test plan, and you go to 'rtm' of the process/workflow, how do your federated users report bugs? In this particular instance we're not talkng about a situation that results in some bizarre behavior in an IDE, we're talking about international security in the heart of Europe. The clerk surely isn't going to tell her manager, as it points out big mis-step on her part. There's no contact information on the boarding pass or airline timetable. Going to the Air France web site, I went to the link to their corporate office, which is entirely in French. I'm on a hotel internet connection at 90 cents per minute, chances are I'm not going to spend an hour navigating their site to let them know about the issue, resulting in an open loophole in a frequently used workflow with potential for failure far, far worse than any blue screen.
In this particular scenario, the issuance of a false token was an 'honest mistake', but suppose that it wasn't. Imagine if a terrorist cell had someone working behind the ticket counter, what checks are in place to prohibit intentional bad issuance or trust violations?
This isn't just with transportation companies, it spans verticals. For example, if John Smith is caught owing $200,000 in taxes, and the workflow for resolving this dispute is handled by Bill Jones who makes $20,000 per year, what can happen is John pays $50,000 to Bill Jones to make this whole matter disappear. This is not fiction, this really happens. Depending on the country, it happens alot.
These example involved a relatively simple workflow, this obviously gets more complex when dealing with interactons that run multiple partners/parties deep.
If you have a business with a high volume of transactions or high value transactions with consumers or areas with complex workflows , how do you / would you handle these situations? What types of SLAs and legal terms do you have in place to handle scenarios where a human taints the system with a manual violation of trust in a federated scenario?Feel free to speak in the third person and without corporate identities, I'm curious how/if this is being addressed.
I'm enjoying the last week of summer, so in lieu of a new post, I'm reposting a 'best of' entry this week. This was originally posted May 13th, 2006.
NOTE: There is a political refernece below, as it is a topical situation that got me thinking about trust communities in search. This blog is a-political, and the scenario is used as it is the one that sparked the idea. I take no stance on whether the claims made by Mr. Snow are valid/invalid.
I was reading some news sites this week, and was reminded that this was the first week of US President George Bush's new press secretary, Tony Snow.
Before he gave his first press conference, he did something interesting. He sent out press releases questioning the validity of comments made by the New York Times, USA Today, and other publications.
So this got me thinking. Playing devils advocate, suppose that he's right. If I trust Tony Snow (based on his historical record of trust worthiness), I may now discount results from these media outlets in favor of others. But for me to discount these sources when searching, I can't. Even if I cease to trust them (or trust them less), they show up in the the rankings per Google or Microsofts opinion of their relevance.
The search engines from Google, MSN, and Yahoo have their own algorithms to consider relevancy. One of the things these search engines do provide is a level of filitering for “safe content“, blocking out material that may be considered objectional (i.e. these block pornography results).
What they don't do is consider in the rankings is the levels of trust of an individual or of community. What I want to see is something that goes to the next level, don't just block what's objectionable, show me the results that are relevant to me based on trust.
Perhaps one of the media outlets Mr. Snow referenced, let's pick a fictional name, say MakeBelieveReporting, Inc., is regularly mis-reporting information or is slanting stories towards a particular political viewpoint. I may cease to trust that organization to provide news to me, and would like to rank them lower in my personal results when searching for news, if not remove them altogether.
When I search for news, perhaps there are certain stations / periodicals I trust - for example the Wall Street Journal, the Financial Times, CNBC, and my friends John Smiths blog. These are entities - regardless of web site traffic or the opinion of the search engine I'm using -that *I* trust to be accurate and provide me information. I do not, however, want results from news outlets that are part of MakeBelieveReporting, Inc. as I have ceased to trust them.
What I'm thinking of isn't based on assumed trustworthiness based on click traffic, this is based on trust relationships. Even if I visit a site twice per year, it could be far more relevant to me than a site that is viewed more regularly by others.
And my community of trustworthy providers could be extended based on the feedback of those people I trust.
There's the concept that if person A trusts person B, and person B trusts third party C, that person A shoud likely trust Corporation C based on the fact that he trusted person B's judgement.
In the previous example, I trust my friend John Smith who writes a blog. If John trusts the Crosby Herald, and I trust John, then I too could trust the Crosby Herald and have it included in my community of trust that is reflected in my search results.
Think about the days before Axciom, TRW, and credit reports. People vouched for other people to get jobs, apartments, loans, etc.
When you sign for a loan and you are not a known entity, you need a co-signer or guarantor. The bank says, I don't know if I can trust this person, but I trust the co-signer. The co-signer also trusts the loan recipient to pay the money back.
If someone co-signs for a loan for me and I decide not to pay it, there are financial responsibilities that are then taken on by the co-signer. The co-signer will trust the recipient less, as a result of mis-placed trust, the bank may stop trusting the co-signer's ability to identify a trustworthy loan recipient.
In another example, suppose you make plans to go out to dinner with your spouse on Friday night, and when you ask her where they'd like to go, she says “you pick - I trust you.“ If you're new to the area, you may ask a colleague - whom you trust - for a recommendation of a local restaurant. If you go to the recommended restuarant and you end up getting food poisoning from the meal, you probably will not look to your colleague for advice on restaurants in the future - and you - who vouched for the restaurant -will likely end up at a restaurant of your spouse's choosing next time around.
Your spouse trusted you, you trusted the colleague and when the information relayed turned out to be bad, two things happen. You cease to trust the advice of the colleague (atleast in the context of cousine), and your spouse trusts you less as the broker of the information.
Once you start adding in trust, you also need to be able to trust in context. That same colleague from work may not be someone I trust on picking restaurants, but may be someone I look to as a source on technology subjects.
What we need is search that includes both consideration of these communities of trust, where we as participants in the web determine who is trusted and who is not, and provide the ability to apply trust in context.
By introducing contextual trust as a first-class citizen in search, it has the opportunity to both provide results more relevant *to me*, and as trust=traffic=revenue, provides a financial incentive for providers to be trustworthy.
That's my two cents - what do you think?
Nayna and Rob have made it official with their post (http://winliveid.spaces.live.com/Blog/cns!AEE1BB0D86E23AAC!931.entry), Windows LiveID has added beta support for Information Cards and Windows CardSpace.
The way this works is identical to the way I described how to add cards to an existing website in my book. Through a management interface, you associate information cards with your core account, and the user is provided the option of signing in with either their information card or a password (as shown below).
All good stuff, and worthy of checking out. 
Getting ready for the tafiti launch, I had the chance to have a discussion with Jon Udell at Channel 9 last week. We talked about incubation, services, mashups and tafiti.
The abstract for the session is -
"Marc works on the platform incubation team. In this podcast we discuss what platform incubuation means, how the Tafiti project exemplifies it, and what the future may hold not only for Tafiti but for a platform that's evolving to encompass both software and services. "
The podcast of that conversation is now on the main page over at Channel 9 (channel9.msdn.com), the permalink for it is here - http://channel9.msdn.com/showpost.aspx?postid=335996
Being on an incubation team, many of the projects I'm attached to are not discussed with the public. Today, however, is a great exception to that rule.
I'd like to introduce you to Tafiti.
Tafiti, which means "do research" in Swahili, is an experimental search front-end from Microsoft, designed to help people use the Web for research projects that span multiple search queries and sessions by helping visualize, store, and share research results. Tafiti uses both Microsoft Silverlight and Live Search to explore the intersection of richer experiences on the Web and the increasing specialization of search.
You can try Tafiti following these steps:
· Go to http://www.tafiti.com
· Enter a search query
· Drag interesting results to the shelf on the right. Each box on the shelf can be used to save a related set of results. Shelf contents can be saved and shared.
· Use the carousel at the bottom left to do different types of searches (image, blog, etc.)
· Visualize your results using the Tafiti Tree View.
I did a video interview with Channel 10 on this that has just been posted here.
http://www.on10.net/Blogs/larry/first-look-microsoft-tafiti/
I also did a standalone walkthrough you can get to here:
http://www.tafiti.com/walkthru.html
More to come as the week progresses....
RSS. Really Simple Syndication. Great for identifying your available content, great for sharing content that can be consumed by aggregators and readers.
What it's not great at is providing a monetization model. Sure you can use ads on your website, but I think there's a better way.
I put together a screen cast that talks about syndication and the opportunity to leverage information cards and CardSpace to monetize RSS and OPML.
Watch it by clicking on the link below.
http://www.marcmercuri.com/downloads/MonetizingRssWithInformationCards.wmv 
If you've just bought my new book and were looking for the completed exercises, I've posted them at the link below:
http://www.marcmercuri.com/downloads/beginningcardspacecode.zip
As some of the code focuses on and/or builds upon code that exists in existing projects (that evolve outside the book), refer to the links in those chapters for links to where the base projects can be found.
This download should be available on the APress website next week as well.
I was reading James McGovern's blog today and ran across the following question -
I am still awaiting a perspective from Marc Mercuri on his thoughts of when someone presents a personal card to a relying party and it requires a workflow (Kim Cameron's blog requires a lightweight email confirmation) should the relying party integrate into BPEL or SPML and what is the best way for folks to think about this?
Before I answer the question, I want to establish two assumptions I've made, based on my interpretation of the question. The first is that 'personal cards' here is synonymous to 'self-issued cards', the second is that when referring to workflows, we're discussing workflows whose focus is to perform some process that will validate that the claims presented are accurate and the individual presenting the claims is indeed the person he/she/it claims to be.
If you've seen any of the videos I've done on information cards, you may have picked up on the fact that I'm a big fan of self-issued cards, as they allow an individual to readily share details about him/herself to recieve a a much more pleasant experience on a website or when accessing a web service. Many sites today ask you to sign up with a username and password and ask you to populate forms. With a self-issued information card, the key claims are already on the card, so it makes signing up for a site fast and painless. Then there's the personalization benefits. You could have a government site that read your postal code and provided a personalized view of "your government" - complete with data ranging from when trash is picked up on your street to legislation that may be impacting your area. You can log onto the website of an electronics store and present your card to easily get to the details for current sales in your area. There are plenty of great scenarios where a site or service can take an information card and use it - without the need for validation - to provide a better experience.
But 'plenty of great scenarios' does not translate to every scenario. There are circumstances where you will want to validate the claims that are on the card. Those scenarios are all tied to risk. And this is typically tied to risk of financial loss or an potential impact to reputation. In these cases, you'll want to take the information provided and evaluate it using a workflow.
Real World Examples
In the real world, I may call a local restaurant to deliver a pizza to my house. They take my order, my address, and my phone number. For orders below a certain dollar threshold, they'll typically just make the order and deliver it. However, if I ordered 12 pizzas, there's now more risk. And because there's financial risk that they'll waste time and resources creating 12 pizzas for what could be a prank, they'll undoubtedly call the phone number I provided to confirm that I placed the order.
If you want to publish a letter to the editor in a newspaper, you typically need to provide some evidence that can be used to prove you are who you say are. The New York Times requires that any such letter "must include the writer's address and phone numbers.". Why? Because there's risk to their reputation - as well as to the reputation of the people letter writers could claim to be - if the identity of the writer can not be determined.
Online Examples
If you've ever used Paypal, then you've taken part in a workflow where information that you've self-asserted has been validated. In this case, when you open an account they place a very small deposit (pennies) in a financial account you claim to hold. To validate your identity, you examine your account and provide the amount of the deposit. This is a very clever workflow, because it leverages an account that you have with an existing financial institution, an account that likely required your identitiy being authenticated in person, using a drivers license, passport, etc.
From a risk of reputation perspective, James pointed out what will become one of the more key scenarios, validating the identity of someone who posts to a blog. To avoid both spam and anonymous comments that could range from libelous to threatening, the owner of the blog will want to make sure you are who you say are. This is really almost identical to the New York Times' Letter to the Editor requirements.
Using Workflow
Once you've assed the nature of the risk is financial or reputation related and the specific valuation of that risk, you'll want to identify the type of workflow that will mitigate that risk for you.
Sometimes, that will be a sequential workflow, and that is typically where you will invoke one or more automated services to validate the claims in real time. For example, given my name, birthdate, home phone number, and website, you might be able to tie into some back end systems to validate the information I provided. In some cases, a workflow may retrieve additional data, which can then be used to challenge the user. This type of interaction happens synchronously and my identity can be validated during my same online session.
In other circumstances, you'll want to use a state machine workflow. This workflow is longer running than it's sequential counterpart. Once information is presented at a site or service, a communication could be made to one of the modes specified in your contact details - this is typically an email, but could just as easily by an automated speech-based service (IVR). When contacted, the workflow will deliver a code to the user. The user will then go back to the website and provide that code. This is typically accepted as a proof of identity for providing blog comments. Other examples of state machines could include a site performing related checks, for example a dating website could validate your information and then perform a check with other systems to validate that you're not married. In these circumstances, the process could be completed quickly - I could get the email right away and respond in minutes, or it could complete in hours, days, weeks, months even. If John Smith signs up for a site before he goes on vacation, and the validation email doesn't arrive until after he's left, that process could remain in the 'waiting for response from user' state for several weeks.
Back to James' question
So now, back to James' question, "should the relying party integrate into BPEL or SPML and what is the best way for folks to think about this"
I couldn't in good faith tell everyone they should implement this in BPEL. If the whole REST vs WS-* debate has taught me anything, it's that while there is tremendous value in having well thought out standards that are implemented by Enterprises, ISVs, and Infrastructure companies, there is a large segment of folks that won't use it for any number of reasons (learning curve, implementation complexity, required tools/infrastructure, time to implement, etc.).
What I'd do first is identify the workflow itself, specifically what business rules need to be validated and what integration points need to be in place to feel comfortable that the risk has been mitigated. Before we talk technology, what is the type of interactions that need to happen. Do you need to send an email and then wait for a response? Do you need to tie into back end systems to validate the information? If the workflow is based on identity validation, identify what should happen when identity validation is successful, when it is not successful (identity could not be validated) or when it fails (system exception).
Then, look at technology and determine what works best for you. For some folks this could be Windows Workflow Foundation, for others this could be BPEL, for others it could be BizTalk, and others still it could be C#, Java, Ruby, or PHP libraries that implemented the workflows directly in code. If you're writing this yourself, I'd typically advise taking whatever code you build and make it available with it's own service(s). This has benefits on a number of fronts.
I will add that there is an opportunity for someone/some group to identify some of the more common patterns (similiar to what was done with the document referenced in my last post) and then to implement and make available those patterns in the form of binaries or services.
I'm just finishing up another project at the moment, once that's out the door, I'll take a look at coding up one or more examples and then throwing the bits over onto CodePlex for people to have at it.
Over the course of writing the book, there were a number of things going on in parallel inside MS, some of which weren't finalized when the book went to press. One of those items was the patterns document that the product group published this month. I had a chance to sit down with one of it's authors, Bill Barnes, while writing the book, and serve as a reviewer on the initial passes of the doc.
It's an excellent doc and a must read. One thing to note, is that if you look at the chapter on modifying the existing ASP.NET membership controls to support information cards, you'll see that I provide a number of stored procedures to handle additional scenarios mentioned in the doc.
You can get the document here
http://www.identityblog.com/wp-content/resources/information_card_patterns.pdf
I was reading the news this morning and saw that Google announced they were now going to sell people cloud storage, targeting folks with large media collections.
Not a bad idea, but why pay Google when you can get storage for free? Last week Microsoft announced the beta of Windows Live SkyDrive. You can get 500 meg, and it's compat with IE and FireFox on both Windows and Mac. But it's better than just storage, because it allows you to place your files in folders and then have the option of sharing those folders with everyone (making them public) or just a select group of friends.
Full details are here.
http://skydrive.live.com/WelcomeMoreInfo.aspx
When looking at personalization, there are a couple of concepts that most people assume -
(1) This is primarily of interest in eCommerce Sites
(2) To perform personalization, a site either needs a transaction history (from which to draw inferences/make recommendations) or requires a user to manually fill out a profile.
The reality is that personalization is valuabe across industry verticals, and now with information cards, you have the ability to easily provide personalization on a persons first visit.
Rather than use the expected eCommerce Site example for personalization, I decided to go a different route. Instead, I dedicated a chapter to building a project I named "Personal Government". Using a self issued information card, the Personal Government web site can take a single claim - postal code- and retrieve data across multiple data stores for a personalized expereince. The chapter has the user build this public sector mashup with free web services from StrikeIron. If you actually wer ea public sector website, you can imagine how you could extend this with real data - everything from municipal schedules (what day is trash pickup?) to legislation (which legislation tha tis underconsideration would affect my neighborhood?)
The video can be found at the link below, or by clicking on the image below.
http://www.marcmercuri.com/book/cardspace/informationcardsandpersonalizationinPublicSector/InformationCa |