Sunday, February 11, 2007

Success!

Ah. Sweet success. Finally.

A InfoCard compliant STS which issues credentials from a LDAP backend based on X509 credentials. A pursuit which was wonderfully enlightening, painfully tedious, and maddening at times. Thanks to an idiotic obsession to complete this thing and some limited help received from a Java PingIdentity guy on the MSDN forums about proper certificate hashing (!), I've got a working proof of concept based on the work of the XMLDAP work.

As I close the compiler and take a few deep breaths (and back everything up to a DVD-R), I figured I'd have a quick reflection upon a few things I've learned.

1) Microsoft hasn't seemed to dedicate the necessary support to handle developers' questions. Perhaps it was just the time of the day/week/year that I asked, but getting the ear of anybody of consequence on the MSDN forums was not possible. Simple yes/no questions appear to languish unanswered for weeks and months. I won't rant about this subject again, but an identity metasystem built upon open standards but with a closed reference implementation and no support can be just as frustrating to develop for as an all-closed solution.

2) PingIdentity announcement of their intention open-source their InfoCard related code (RP and STS) is just lip-service. I defy them to prove me wrong. :)

3) The CardSpace client wants WS-Security headers, but it really doesn't care what's included.

4) The CardSpace client will fail with a critical fault if it cannot write to the logs. It's a bug that's been identified in the MSDN forums, but it's pretty damn frustrating when the CardSpace client fails, causing IE to fail, causing Explorer to fail, eventually requires Windows restart. (for approximately 20 iterations when I thought it was my STS cards causing the problem)

5) One's progress on a given task is directly proportional to the demand for one's presence elsewhere. It is, therefore, impossible to get anything done.

6) As I continue working with the technologies, the more my mind wonders regarding use cases and applicability.

More to come later, but a good high-level start.

No comments: