Hello from sunny LA.  Yes, all the natives thought they had seen a pre-halloween ghost when this seattle native hit the streets for the Microsoft Professional Developers Conference 2008 (PDC2008).  As usual, Microsoft has some new, cool products and technologies in the developer space that hit in a big way.  You’ve probably been seeing headlines covering Windows 7 and Microsoft “Azure”. 

Here is my very short, sweet summary of this new stuff.  First, Windows 7:

  • Winows 7 will fix all that stuff that caused negative reviews on Vista. 
  • It also has a lot of great, new shell features that will positively impact the experience for the everyday user.  Just the taskbar improvements alone are pretty cool.
  • UAC will still be there, but in a more flexible format for configuration and they have decided to except more operations from prompting.  However, Microsoft continues to be hardcore about forcing all apps to the do the right thing and operate under “standard user”.  The stats do show that most developers are getting the message and a lot of progress has been made.  As a user, UAC drives me up the wall.  As a security person, it’s the right thing to do.

The more exciting (to me) and new technology has to do with the new Microsoft services strategy which includes “Azure” and the “Geneva” server.  This technology will catalyze  two, important business scenarios that really need to get over the hump:  (1) B2B connectivity in which there are many enmeshed partners sharing a workflow and (2) hosted services for enterprises (not just small orgs).

Microsoft has a big cloud in the sky and plays traffic cop for all services that register to the Microsoft “Services bus”.  But, the bus supports some serious authentication and authorizatio through use of WS federation and SAML tokens.  And, part of the offering is SQL services which equates to a SQL DB that is up in the cloud and protected by the aforementioned authentication and authorization.  So, you can support some great B2B scenarios:

  • Partners that all need access to a workflow, but need a slightly different type of data for the same workflow transactions
  • Partners that all use a different directory or authentication type can still positively identify into one cloud
  • Eventing enables store and forward of transactions when one particular partner connectes to the service.

If you are a small company and you are interested in advertising your service, click into the Microsoft service bus and you just go a free advertisement to services consumers.

But…that’s not all.  The biggie is Geneva because it creates a super easy to setup and configure Enterprise Service connector for Active Directory.  This could enable hosting of an internet-based service to a company with an internal Active Directory.  There is a question here of whether the company will accept the Microsoft EULA for connecting to the Services bus and whether their security policy will accept their authentication getting proxied through the Microsoft Federation Gateway in the cloud.  But, the good news is that all the authentication against the hosted service is handled by the Microsoft Service Connector which is located on the company premises.  It reminds me a little bit of ADSI, but better.  If the company doesn’t want to accept the Microsoft EULA, they can set up a B2B direct to their partner ( the hosting provider) who will have the Federation Gateway  (Geneva) handling “claims”.

We still have 1.5 more days here, but I think all the big news has already popped.

Dave Field, CISSP, MCP