CDATA Zone

Slides have been posted for the latest version of my Digital Identity talk.

This talk has evolved since I first starting giving it, but the latest version simple needed more time to present. I was asked to combine all the topics (OAuth was to be its own presentation) into one, which I probably won't do again. Even just only covering the absolute basics, I found that there just isn't enough time to cover them all in the short amount of time, so some material was skimmed over. If anyone has any questions on any of the material, please feel free to contact me.

I've been getting a number of emails asking if I'm still alive and kicking. The answer is yes, just have had a lot of things going on lately. Those of you who were at php|tek in Chicago this year know that my wife and I are having our first baby. We've been busy doing the doctor's visits, shopping, getting nursery ready, shopping, wondering if we have everything we need, and did I mention shopping. Never realized how expensive babies are and he's not even here yet (Yes, I said "he", we are having a boy).

On the flip side, work has been very hectic. Things are going well and we are very busy. For the past 5-6 months, on top of my regular work on our proxy, I have been living and breathing OAuth. Unlike OpenID, which is really only found in the social networking/blogging areas, and Information Cards which is still new and has some ways to go for more widespread adoption, companies have started actively adopting and implementing OAuth for use with their APIs. Things should start getting interesting once they start rolling these out to the general public.

I'm still involved with my xmlseclibs project, PHP and libxml2/libxslt. I just haven't had as much time over the past few months. I try to fix what I can when I get a chance, but my participation really has been slacking. With fall having started and winter on the way, I'll have more free time to work on these things. Hope to hit some of the feature requests I've gotten in the XML/PHP areas, as well as soon add some additional functionality to xmlseclibs to work with WS-BPEL (just needs some additional testing). If there are any additional feature requests or bugs I haven't looked at yet (I got a number via email that aren't in any of the bug systems - so may have forgotten about them), let me know and I'll make sure they make my TODO list.

My buddies over at AITCOM did it again. On July 10th, around 5:45 pm EST my server went mia. Being a Friday and occasionally experiencing the minor outages (< 5 minutes), I didn't give it much thought and left it for the night. The outage wasn't as minor as I had thought, the next morning I go to check email and nothing... The server was dead in the water. Calls to AIT pretty much fell on deaf ears. They performed a reboot and called it fixed. Of course they test things really well. After my forever long wait on hold back on the phone with them and once again my outage report falls on deaf ears. They tell me that they went ahead and found no hardware failure, so this must be my fault and I have to pay them to look into it. Their admins much be morons, after a couple of minutes, without any access to their network, I was able to determine that my IP addresses had been re-assigned elsewhere. Would you believe that even after telling them this, they said there is no hardware problem and that I had to pay them to get this issue resolved. WTF?!?!?!

After a few deep breaths, I said fine as long as once they found out that the problem was theirs that I wasn't going to be charged. Day after day, no progress. I spent many hours on the phone ripping their customer service people new ones. I hate dealing with customer service people. Their roll is simply to be cannon fodder for the times serious issues arise. All they can say is that they are sorry, someone is working on it and no one else there can help, so I have to be patient. Between that and their incompetent engineers, I am surprised they are still in business. Finally after 5 days, they come back and tell me things are fixed and I wont be charged because it was due to a hardware failure on their end. It took 5 frickin days to figure out there was a hardware failure somewhere (that only was affecting my server of course) and they even knew where to start looking from? Things didn't sound right to me. At least I was able to get my mail back online along with my blog. The problem is that I still don't have 6 of my IP addresses. I am now on day 7 of this and my server is only limping along. The only saving grace here is that the server isn't running anything critical. Imagine being a business customer and having a complete outage for 5 days and after 7 days you still are only partially online. I think it might be time to look for a new provider :/

The long awaited 1.2.1 release finally sees the light of day.
It can be downloaded from:
http://xmlseclibs.googlecode.com/files/xmlseclibs-1.2.1.tar.gz


Changes include the following:

Features:
- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos).
- Add fallback to built-in sha1 if both hash and mhash are not available and
throw error for other for other missing hashes. (patch by Olav Morken).
- Add getX509Certificate method to retrieve the x509 cert used for Key.
(patch by Olav Morken).
- Add getValidatedNodes method to retrieve the elements signed by the
signature. (patch by Olav Morken).
- Add insertSignature method for precision signature insertion. Merge
functionality from appendSignature in the process. (Olav Morken, Rob).
- Finally add some tests

Bug Fixes:
- Fix canonicalization for Document node when using PHP < 5.2.
- Add padding for RSA_SHA1. (patch by Olav Morken).

This library has undergone extensive testing prior to release so, please
let me know if anyone runs into any issues.

I had a good number of requests for write-ups of the material I presented in the Streaming XML session, so will try to put something together over the next couple of days. The session went over by just a bit so if I missed addressing any questions, please feel free to email me with them.

Working with Web Services
Who Am I?
Streaming XML

Did you ever think you would have to worry about your data while visiting the grocery store? Less than 3 months ago, I was one of the victims of the Hannaford data breach where my credit card number was stolen and fraudulently used. This is kind of ironic. I talk about the digital identities and keeping your data safe. I never thought I would end up on the receiving end of this. Discover card has an excellent fraud department, imo, and immediately of detecting fraudulent use, contacted me. I was issued a new card and it was sent overnight. On Saturday, while in Chicago for php|tek, I received another message from Discover card about fraudulent use. It really sucks when this happens while traveling because the card gets shut-off. I was leaving on Sunday morning, so an overnight delivery wouldn't even reach me. Anyways, I got things settled and was able to check out of the hotel - even paying my bill .

Now that I've settled into my job at Mashery, I've starting getting a chance to get back to some of my side projects. On the information card and openinfocard front, I am currently looking at getting the selector to export and import cards so that I can synch up my cards amongst my different selectors. More importantly though, I will be in San Francisco for work in little over a week, allowing me to attend and participate in the OSIS User-Centric Identity Interop event at the RSA Conference. While I only play an insignificant role in the openinfocard project, I will be there as part of that project as well as representing my own information card code.

We even have our own logos . Axel did a great job coming up with a logo for openinfocard. As I was up at the PHP Quebec conference when they asked for logos, Julie was kind enough to quickly pull one together for me. With under 24 hours to get it done, no graphic utilitities installed on her new macbook and extremely bad internet bandwidth to even try to download any applications, I think she did a fantastic job.

Anyone interested in participating or seeing demonstration of the identity technologies should be sure to check it out on April 8th and 9th from 11am - 6pm. As I am out there primarily for work, I will most likely will be there later in the day. If you can't make it but are interested in getting involved, interoperability testing is currently underway.

Updated 04-03-2008: The openinfocard logo has been changed to the one now displayed

For a long time now I have been saying that I need to get the library within a public source repository, write documentation, etc... Thanks to Andreas Solberg, all of this is finally coming to fruition. He has setup a home page for xmlseclibs, as well as the xmlseclibs project at Google Code. Things are still in the early stages, so there is still no documentation, but at least everyone now has access to the source repositry, mailing list and bug tracker for it. Documentation is something sorely needly, so if anyone would like to help in this aspect, please contact me personally or send a message to the mailing list.

My unemployment streak is coming to an end. Earlier this week I accepted a position at Mashery as Senior Software Architect, where I will be working full time with XML and web services. This is now also going to allow me to spend more time working on these within the PHP code base as well as libxml2. It's great when you get to work full time on the things you like to do. I'll still be working from the east coast and make the occasional trip to San Fransisco, which although I don't want to live there, I really enjoy visiting.

Everyone I know keeps telling me how great it must be to have some time off and all that jazz. I am curious if they actually have ever gone through an unexpected and forced lay off. As I don't start until the beginning of February, and my time off so far has been spent on pursuing my next job, I am going to finally take a week off before I start and unwind. Something much needed after all of this.

2008 is sure off to a lousy start. I went back to work the first work day of the new year after some relaxing time off just to be told the entire IT department has been let go effective immediately. I am just praying this isn't an indication about how the rest of the year is going to go. I get enough of the open position emails, but the trouble is that I am not going to leave Maine. I like it here and it's a great place to raise a family. That being said, if anyone is looking or knows of someone looking for a developer in Maine (I'm trying to avoid doing Java full time) or that allows for a full time telecommuter, I would appreciate any leads: You either already have my email address or contact me via: =rob.richards.

As far as outside projects I am involved in and work on, I do plan on continuing working on them, although I might be a bit MIA for some time until I get settled. My apologies for tagging this in all categories, but hey I need to get maximum exposure here.