Skip to main content

Posts

Showing posts from March, 2005

Atom Authentication

I've written up a replacement for the authentication section of the Atom protocol: http://intertwingly.net/wiki/pie/PaceAuthentication. It's simple but unusable by servers in restricted hosting situationstypical of Movable Type and Blosxom blogs; I hope this serves asprovocation for someone on that side to nail down an alternativeauthentication scheme.  But even if not, at least everyone elsewill have a minimal fallback for authentication.

Note that the proposal also allows servers to require authenticationfor comments -- something that would be a helpful building block infighting comment spam.

SD West: SOA: The Next Big Thing (Keynote)

Dave Chappell delivered an entertaining keynote. Again, this was targeted squarely at enterprise applicationdevelopers.  I felt a bit like a tourist in a foreign country -- happyto be there, interested, but a bit puzzled and probably missing some ofthe shared cultural nuances.  (Despite having createdsome enterprise development tools, I've never actually worked as an enterprise developer.)

Dave cut the Gordian knot involved in defining service orientedarchitecture ("the debate is both endless and pointless") by statingthat it's defined by the dominant technologies:  A service is what thedominant products say it is -- and WebSphere and .NET are the dominantproducts, so services means SOAP and WS-*.  And I'm not sure, but Ithink he defines 'dominant products' as 'whichever platforms have themost market share among vendors selling tools to enterprisedevelopers'.  Which of course rules out anything that doesn't help sellplatform tools :^).  I glanc…

SD West: Software Requirements: 10 Traps

Next up: Karl Wiegers talks about the 10 Traps of Software Requirements.  I plan to check out processimpact.com  for sample documents and spreadsheets (the requirements prioritization example spreadsheet sounds especially useful). 

Lots of good advice and pointers to resources in the talk.  He had somevaluable points regarding the different views of what a 'requirement'is to different stakeholders.  He presented a frameworkfor separation into business (why), user (what), and functional(high-level how) requirements, and how to categorize requirements intothis framework to help avoid confusion.  This becomes particularlyimportant when doing incremental development (which is what almosteverybody does):  It's OK to be fuzzy on some of the functionalrequirements before starting a project, but the business requirementshad better be very clear and solid.

Regarding change control boards, I asked how one can scale a CCB so itdoesn't become a bottleneck in a large program.  He sa…

SD West: Understanding SOA

First up: Mike Rosen presented Understanding SOA. This talk was oriented very much towards enterprise developers who areconcerned with automation of business processes -- in some ways, adifferent world from where I operate most of the time.  Mike'sdefinition of SOA is pretty much what either Microsoft or IBM areoffering as platforms (.NET or J2EE plus SOAP).  Their main sellingpoint seems to be that once everything is exposed as web services,business analysts will be able to create and manage business processesby configuring services via graphical tools rather than by writing codeor even scripts.  (This syncs up with the presentation later on by DaveChappell.)  I am skeptical, but then again the problems thesedevelopers have are not my problems.

Quick takes: Mike stated that UDDI is not used much outside thecorporate firewall (my personal prediction: It never will be in itscurrent form.)  IBM and MSoft are repurposing existing applications,such as Tivoli, to help manage corporate w…

Inductive Blacklisting?

It looks like someone is trying out some type of comment spamon AOL Journals.  Or was; it sounds like a straightforward Termsof Service violation and I'd expect it to get yanked quickly. 

Fortunately, Journals provides a way to both delete a comment and blockthe commenter's user id (screen name) from future comments to thatJournal, which is handy in these situations.  But perhaps itdoesn't go far enough.  Perhaps there should be anauto-blacklisting feature:  If enough different peoplecomment-block a user id, perhaps it should be blocked from any furthercomments anywhere for a significant period of time.  It would atleast slow down the spammers.