Skip to Content »

online discount medstore
advair diskus for sale
buy advair diskus without prescription
allegra for sale
buy allegra without prescription
aristocort for sale
buy aristocort without prescription
astelin for sale
buy astelin without prescription
atarax for sale
buy atarax without prescription
benadryl for sale
buy benadryl without prescription
buy clarinex without prescription
clarinex for sale
buy claritin without prescription
claritin for sale
buy flonase without prescription
flonase for sale
buy ventolin without prescription
ventolin for sale
amoxil for sale
buy amoxil without prescription
augmentin for sale
buy augmentin without prescription
bactrim for sale
buy bactrim without prescription
biaxin for sale
buy biaxin without prescription
buy cipro without prescription
cipro for sale
buy cleocin without prescription
cleocin for sale
buy dexone without prescription
dexone for sale
buy flagyl without prescription
flagyl for sale
buy levaquin without prescription
levaquin for sale
buy omnicef without prescription
omnicef for sale
amaryl for sale
buy amaryl without prescription
buy cozaar without prescription
cozaar for sale
buy diabecon without prescription
diabecon for sale
buy glucophage without prescription
glucophage for sale
buy glucotrol without prescription
glucotrol for sale
buy glucovance without prescription
glucovance for sale
buy micronase without prescription
micronase for sale
buy prandin without prescription
prandin for sale
buy precose without prescription
precose for sale
buy cialis professional without prescription
cialis professional for sale
buy cialis soft without prescription
cialis soft for sale
buy cialis super active without prescription
cialis super active for sale
buy cialis without prescription
cialis for sale
buy levitra without prescription
levitra for sale
buy viagra professional without prescription
viagra professional for sale
buy viagra soft without prescription
viagra soft for sale
buy viagra super active without prescription
viagra super active for sale
buy viagra super force without prescription
viagra super force for sale
buy viagra without prescription
viagra for sale
buy celebrex without prescription
celebrex for sale
buy colcrys without prescription
colcrys for sale
buy feldene without prescription
feldene for sale
buy imitrex without prescription
imitrex for sale
buy inderal without prescription
inderal for sale
buy indocin without prescription
indocin for sale
buy naprosyn without prescription
naprosyn for sale
buy pletal without prescription
pletal for sale
buy robaxin without prescription
robaxin for sale
buy voltaren without prescription
voltaren for sale

Tech Life of Recht » archive for 'itst'

 OIOSAML.java in public release

  • July 24th, 2008
  • 4:07 pm

Vacation is over, and we’ve finally come to the point where we have published OIOSAML.java to the general public. It’s probably not of great interest to that many, but if you are one of the lucky people who have to implement a SAML 2.0 Service Provider in Java, this might be something for you.
As the name suggests, the implementation is done primarily with OIOSAML in mind, but it should be usable with just about any identity provider – we have tested with PingFederate and SimpleSAMLphp.
The downloadable files include source, demo war file, and documentation, and we’ve tried to make it as easy as possible to install. OIOSAML.java is licensed under MPL 1.1, so it should be usable in most circumstances.

 REST, Architecture, Privacy

  • June 25th, 2008
  • 5:51 pm

As you probably know, I’m involved in the OIOREST work for NITA. The work is progressing slowly, but recently I’ve had some thoughts on REST which I thought were sharable.

First of all, REST invites to a completely new kind of architecture. Nothing new here, it’s been known as mashups for a while, but I don’t think the relevance of this has been very obvious. Mashups are often taken to be something non-enterprisey about combining data in new ways, preferably in the browser by using some sort of Javascript. One thing is the possibility of combining data in new ways, but equally interesting is the fact that a lot of data manipulation is moved from a central service to distributed clients. In the good old WS-* world, mashups are known as ESBs. An enterprise service bus, whatever that is, is orchestrated into making web service calls to different services, transforming the results, combining them, and returning a complete document to the caller. The net effect is more or less the same: You get a page with the data you wanted to see (hopefully), but the ways it’s done are just about as different as they can get.
I’ve been on quite a number of projects where one service had to call another service in order to return a complete result. This gives long chains of service calls, and lead to highly coupled systems which are not very fault tolerant. With REST, it’s suddenly much easier to just return a document with references to other documents, and if it’s necessary, the client can fetch the other documents, and in the process utilize HTTP caching and other well-known mechanisms. This way, a client can fetch a root document, and immediately show the page and then fetch the rest of the data – what Martin Fowler calls Segmentation By Freshness.
Unfortunately, I’ve not seen any “enterprise systems” use REST like this, but I can’t see why it should not be possible, and even better than the WS-approach.

The second point about REST is about privacy. This is a hot topic in Denmark at the moment – a new national digital signature is on the way, and we’re helping NITA implement Single Signon using SAML 2.0. SSO makes it easier to acccess protected resources, but it also makes it harder to maintain privacy as a citizen. Most people look at SSO and the government pragmatically and trust that the government will do no harm. I guess I belong to that group to some degree, but other people, like Stephan Engberg maintains that the government should not be trusted, and that data should forever be owned by the person behind it, and nobody but the person should be able to combine it with data from other systems. Typically, this is accomplished by using pseudonyms – the person essentially gets a new identity for each system, and nobody knows all the identities (unless the person revals some or all of them).
I quit agree with this, I just can’t see how it can be implemented just now. However, REST looks like a good technology to use here. REST is relevant because, as mentioned above, it moves the responsibility for combining data from a closed system to an open client. With REST, a client can retrieve data from different sources, using different identities, and combine it locally, and the person behind the computer will be the only one to ever know. The same principles apply when
Of course there are details like XSS, trusting the client code not to do something wrong, and so on, but again: it’s all based on an open platform, and if you’re worried, you can make your own client.

I doubt anything like this will happen anytime soon – the tax office probably won’t like not being able to combine data automatically to prevent fraud, so we’ll probably just work on REST services which are not people related for now.

 Scrum and the Public Sector

  • May 18th, 2008
  • 2:36 pm

Projects for the public sector have, for a long time, had a reputation of being overspecified, tightly controlled, contract-focused, and in many cases badly managed. Some call them waterfall projects. Luckily, it’s been a while since I was on a project like that – the projects I’ve worked on, also for NITA have been run as Scrum projects with a good amount of success. It has, however, mostly been smaller projects – a month or two, and without any real focus on the process from the customer’s side. Now it looks like we’re finally heading away from the classic waterfall approach, as NITA has openly confessed to Scrum (in Danish only). Just as important, Trifork is helping both with Scrum and doing the implementation. I’m not on the project at the moment (still busy with OIOSAML and REST), but I’d be surprised if I didn’t get involved at some point.

 Testing legacy code

  • April 10th, 2008
  • 9:06 pm

I’m currently working on an open source SAML 2 toolkit for the National IT and Telecom Agency. Exciting stuff in many ways, but mostly because we might contribute to the adoption of SAML in a pretty constructive way. I still think that SAML is overly complicated at times, and the closed nature doesn’t make it very scalable – every service provider has to be registered in the identity provider up front in order for anything to work, which is a huge maintenance issue. However, with the right setup, it doesn’t have to be that complicated. We’re developing a servlet filter, which can be plugged into any Java-based web-application in order to protect it with SAML single signon. The work is based on code developed elsewhere, and when we received it, there were no unit tests. At all.
No tests is not exactly the best way to start off, so the first tasks on our backlog was to implement unit tests for as much as possible. While the code is not exactly legacy, it’s still written by someone else, and structured in a way that you don’t quite understand.
Writing unit tests under these circumstances neither easy nor fun. There are clear advantages, though: the code will be tested, and any further work can proceed with a much higher level of confidence, and the code will be refactored intensively in the process. The refactorings happen for two reasons: to better understand the code, and to make the code testable.

So far, the main obstacles for testing have been

  • Passing around too “large” objects – for instance a HttpServletRequest only a single request parameter is needed
  • Calling static methods
  • Relying on static initializers to configure a class, for example from a file on the file system
  • Using singletons and calling them everywhere
  • Methods with side effects – why should a method named getId() put something in the HttpSession?

All of this can be refactored to make it testable. One can only wonder why it wasn’t written that way from the beginning. Anyways, the tests have been written, and the quality of the code base has increased considerably. Because of the tradition of always including new technologies in projects, this has also been the first time I’ve used JUnit 4 and jMock 2 extensively, and I quite like both of them. Especially jMock has helped a lot, and it has a very nice API.

For those who are interested, the SAML toolkit is based on OpenSAML 2, and will be released under an open source license (I’m guessing MPL) at Softwarebørsen at some time in the near future. It’s main focus is on supporting OIO-SAML, but it should support just about any SAML 2 compliant setup.