Some background for folks that have never heard of this app: About 2 years ago I started working on a prototype that would demonstrate some of the coolness that is Windows Presentation Foundation (WPF, formerly codenamed “Avalon”). It was shown publicly for the first time at the Microsoft Worldwide Partner Conference in July 2005.
Since then it’s sort of taken on a life of its own. It’s been shown at an incredible number of events both publicly and internally by myself and numerous others. It’s even made it onto what we refer to internally as the Windows Vista Readiness Toolkit. This is the standard toolkit that most Microsoft employees and some partners are using to demo Windows Vista. So it’s sort of become one of the canonical Vista demos as well.
Since the very beginning the demo has helped many partners envision how an application might take advantage of some of most interesting new features in WPF and Vista. Based on feedback I know that it’s done a great job of that. Onthe other hand, one of the top requests has been from developers wanting access to the source code. Rob Relyea even built a tutorial for building a portion of that app which he presented at PDC’05. That was incredibly useful and whet the apetite of many developers. Nothing beats having the full source code and that’s exactly what we’ve just posted publicly.
Kudos and thanks to Tim Sneath and Karsten Januszewski for making numerous changes to keep the code fresh and working with the many Windows Vista builds.
Some background for folks that have never heard of this app: About 2 years ago I started working on a prototype that would demonstrate some of the coolness that is Windows Presentation Foundation (WPF, formerly codenamed “Avalon”). It was shown publicly for the first time at the Microsoft Worldwide Partner Conference in July 2005.
Since then it’s sort of taken on a life of its own. It’s been shown at an incredible number of events both publicly and internally by myself and numerous others. It’s even made it onto what we refer to internally as the Windows Vista Readiness Toolkit. This is the standard toolkit that most Microsoft employees and some partners are using to demo Windows Vista. So it’s sort of become one of the canonical Vista demos as well.
Since the very beginning the demo has helped many partners envision how an application might take advantage of some of most interesting new features in WPF and Vista. Based on feedback I know that it’s done a great job of that. Onthe other hand, one of the top requests has been from developers wanting access to the source code. Rob Relyea even built a tutorial for building a portion of that app which he presented at PDC’05. That was incredibly useful and whet the apetite of many developers. Nothing beats having the full source code and that’s exactly what we’ve just posted publicly.
Kudos and thanks to Tim Sneath and Karsten Januszewski for making numerous changes to keep the code fresh and working with the many Windows Vista builds.
I’ve been working with Accruent, a Microsoft Gold Partner, as they migrate to their next generation of Real Estate Management System. Sanjay Parthasarthy, who heads up all things evangelism, invited me to demo the really cool work they’ve done during his keynote at the Microsoft Worldwide Partner Conference in July. In this demo, I step through various parts of the app showing how Accruent takes advantage of various pieces of the Microsoft stack to its full advantage.
I start off in Office on the client, in this case Word, showing how they pull line of business info down to the desktop to help individual information workers be more productive. (starts at: 0:50)
I then move to the server where they use SharePoint and Excel Web Services as the infrastructure on which they build their dashbaords for team collaboration around individual stores. It’s here that they use Virtual Earth and Windows Live Local to build a mashup showing geospatial data that would have been a hard-to-grok list on a web site. Cool! (starts at: 2:49)
The grand finale comes where we move to an jaw-dropping, eye-popping 3D view of customer data. I won’t spoil the ending by trying to describe it but it’s defintely worth watching. (starts at: 8:00)
I’ve been working with Accruent, a Microsoft Gold Partner, as they migrate to their next generation of Real Estate Management System. Sanjay Parthasarthy, who heads up all things evangelism, invited me to demo the really cool work they’ve done during his keynote at the Microsoft Worldwide Partner Conference in July. In this demo, I step through various parts of the app showing how Accruent takes advantage of various pieces of the Microsoft stack to its full advantage.
I start off in Office on the client, in this case Word, showing how they pull line of business info down to the desktop to help individual information workers be more productive. (starts at: 0:50)
I then move to the server where they use SharePoint and Excel Web Services as the infrastructure on which they build their dashbaords for team collaboration around individual stores. It’s here that they use Virtual Earth and Windows Live Local to build a mashup showing geospatial data that would have been a hard-to-grok list on a web site. Cool! (starts at: 2:49)
The grand finale comes where we move to an jaw-dropping, eye-popping 3D view of customer data. I won’t spoil the ending by trying to describe it but it’s defintely worth watching. (starts at: 8:00)
Opportunities abound for improving our experience on the web today. Nowhere is this more obvious than in the area of how we identify ourselves. We’re improving on that dramatically but we need your help to ensure that consumers on the web get the full benefit.
Usernames Suck
We’ve grown so used to identifying ourselves on the Internet that we often don’t give it a second thought. And yet, from a security standpoint the typical method of doing that, the ubiquitous username and password, is just not that good. Criminals and ne’er-do-wells of all kinds have figured out that they can make a lot of money or cause a lot of havoc by scamming folks into handing over their identities. The reality is that usernames and passwords benefit the sites we’re logging into but are not really doing much to help us, the consumers. We need a way for sites to clearly and securely identify themselves to us when we visit. How do you know that you’re really at your bank’s site if anybody can set up a site that looks exactly like it in minutes?
Passwords Suck
On the Internet we are asked to identify ourselves seemingly at every turn. It’s only natural, I suppose, that as we’ve gone from a web where we were just browsing to one where we are shopping, banking or part of a community the need to identify ourselves is important. But as a consumer why do I have to explicitly identify myself at every site I visit. On my PC, I don’t do that. For the most part, I only do it once when I log on. Imagine if I had to identify myself every time I opened Outlook, or Excel or Word. I’d go nuts. Or even worse, imagine if, on top of that, for every application where I did have to identify myself I was forced to have a different username and password. And yet, the reality of the web today is that the vast majority of sites require a username and password and many sites have different policies for what is a valid username and password. Sorry, I know you can use an underscore over there but we don’t allow that. Hmmm, I know they allow you to use your daughters name but we need you to include upper and lowercase letters. Oops, yeah, we know you don’t do it over there but we require digits and special characters. Yes, yes, nice password but our site requires it to be 8 characters long. What a pain! Heaven forbid you should forget your password cause then you have to go through another painful experience of getting it reset… and of course picking another password that you’ll also soon forget. Newspaper sites are among the worst for this. I can understand how they might want demographic data so they can charge more for the ads on their site but there has got to be a better way.
Does all this really make us more secure? It may have for a while but as the burden of security has fallen on the shoulders of the consumer, the consumer has naturally adapted to find ways to avoid this pain. Where we used to pick passwords that we could easily remember; we now have spreadsheets with the lists of the sometimes hundreds of passwords we need to remember. I, personally, have an app that runs on my PC that helps me track my passwords. I suspect most folks have scraps of paper all over there desks or sticky notes all around their screens with their usernames and passwords scribbled where they (and anyone who walks by) can get to them quickly. There are even applications springing up that bypass the annoying compulsory registration pages that don’t give me any benefit.
Hailstorm Sucked
Why do we go have to through this? I understand the reasons for identification and the importance. The question is why do we have such a horrid experience for it. We have solved this type of problem before. At Microsoft, for instance, when I log into our network, I do it once and that gives me access to a myriad of applications, both internal (e.g. expense reports) and external (e.g. booking travel). Those who have been paying attention to this space know that we tried to take a similar approach to trying to fix the identity problem on the Internet. It was a little project named Hailstorm. For a lot of reasons it was doomed from the start. A big reason is that we stored all the user data on Microsoft servers in Microsoft data centers. Most folks liked that we were trying to solve the problem, but owning the data… not so much…
InfoCard Doesn’t Suck
As bad as it was, we learned a lot from that experience. Like, for instance, what not to do: Don’t grab users’ personal information, Don’t try to control the identity system, and Don’t try to get in the middle of every identity transaction, etc. With all that in mind and the painful reality that the problem is getting worse not better, we’ve been designing a new solution to this problem. That solution, code-named InfoCard, goes a long way toward making presenting and verifying identity on the Internet as easy as the browser has made navigating the web. That means a lot of good things like: Giving the user full control over where information is stored and what information is disclosed to who, Working directly with the many other existing point solutions to increase their reach, and Staying out of the way when users are trying to talk directly to their content or service providers.
The only way InfoCard is going to help solve this problem is if we work with all the other players in this space and keep the user front and center. So what do you think? Does managing your own digital identities sound like heaven? Is using open industry standards a good thing? Is promoting interoperability between identity providers and the sites that rely on them something you can get behind?
Opportunities abound for improving our experience on the web today. Nowhere is this more obvious than in the area of how we identify ourselves. We’re improving on that dramatically but we need your help to ensure that consumers on the web get the full benefit.
Usernames Suck
We’ve grown so used to identifying ourselves on the Internet that we often don’t give it a second thought. And yet, from a security standpoint the typical method of doing that, the ubiquitous username and password, is just not that good. Criminals and ne’er-do-wells of all kinds have figured out that they can make a lot of money or cause a lot of havoc by scamming folks into handing over their identities. The reality is that usernames and passwords benefit the sites we’re logging into but are not really doing much to help us, the consumers. We need a way for sites to clearly and securely identify themselves to us when we visit. How do you know that you’re really at your bank’s site if anybody can set up a site that looks exactly like it in minutes?
Passwords Suck
On the Internet we are asked to identify ourselves seemingly at every turn. It’s only natural, I suppose, that as we’ve gone from a web where we were just browsing to one where we are shopping, banking or part of a community the need to identify ourselves is important. But as a consumer why do I have to explicitly identify myself at every site I visit. On my PC, I don’t do that. For the most part, I only do it once when I log on. Imagine if I had to identify myself every time I opened Outlook, or Excel or Word. I’d go nuts. Or even worse, imagine if, on top of that, for every application where I did have to identify myself I was forced to have a different username and password. And yet, the reality of the web today is that the vast majority of sites require a username and password and many sites have different policies for what is a valid username and password. Sorry, I know you can use an underscore over there but we don’t allow that. Hmmm, I know they allow you to use your daughters name but we need you to include upper and lowercase letters. Oops, yeah, we know you don’t do it over there but we require digits and special characters. Yes, yes, nice password but our site requires it to be 8 characters long. What a pain! Heaven forbid you should forget your password cause then you have to go through another painful experience of getting it reset… and of course picking another password that you’ll also soon forget. Newspaper sites are among the worst for this. I can understand how they might want demographic data so they can charge more for the ads on their site but there has got to be a better way.
Does all this really make us more secure? It may have for a while but as the burden of security has fallen on the shoulders of the consumer, the consumer has naturally adapted to find ways to avoid this pain. Where we used to pick passwords that we could easily remember; we now have spreadsheets with the lists of the sometimes hundreds of passwords we need to remember. I, personally, have an app that runs on my PC that helps me track my passwords. I suspect most folks have scraps of paper all over there desks or sticky notes all around their screens with their usernames and passwords scribbled where they (and anyone who walks by) can get to them quickly. There are even applications springing up that bypass the annoying compulsory registration pages that don’t give me any benefit.
Hailstorm Sucked
Why do we go have to through this? I understand the reasons for identification and the importance. The question is why do we have such a horrid experience for it. We have solved this type of problem before. At Microsoft, for instance, when I log into our network, I do it once and that gives me access to a myriad of applications, both internal (e.g. expense reports) and external (e.g. booking travel). Those who have been paying attention to this space know that we tried to take a similar approach to trying to fix the identity problem on the Internet. It was a little project named Hailstorm. For a lot of reasons it was doomed from the start. A big reason is that we stored all the user data on Microsoft servers in Microsoft data centers. Most folks liked that we were trying to solve the problem, but owning the data… not so much…
InfoCard Doesn’t Suck
As bad as it was, we learned a lot from that experience. Like, for instance, what not to do: Don’t grab users’ personal information, Don’t try to control the identity system, and Don’t try to get in the middle of every identity transaction, etc. With all that in mind and the painful reality that the problem is getting worse not better, we’ve been designing a new solution to this problem. That solution, code-named InfoCard, goes a long way toward making presenting and verifying identity on the Internet as easy as the browser has made navigating the web. That means a lot of good things like: Giving the user full control over where information is stored and what information is disclosed to who, Working directly with the many other existing point solutions to increase their reach, and Staying out of the way when users are trying to talk directly to their content or service providers.
The only way InfoCard is going to help solve this problem is if we work with all the other players in this space and keep the user front and center. So what do you think? Does managing your own digital identities sound like heaven? Is using open industry standards a good thing? Is promoting interoperability between identity providers and the sites that rely on them something you can get behind?
A few people have asked me to post the slides I used from last night’s session at SDForum’s Windows SIG session. I’ve attached them here in PDF form. They’re kinda big at 40MB. Too many pretty pictures, I guess.
Thanks to all of those who attended. I had a great time. The discussion was animated and there were lots of great questions. I’m looking forward to the session I give next month on Windows Vista for Developers.
BTW, I’d love to hear your comments. What’d you like or didn’t like, etc. Post them below.
I’ll be having some fun at the SDForum Windows SIG meeting next week. Come join me as I give an overview of some of the ultra cool WinFX stuff we showed at the PDC. I haven’t got a lot of time but I’ll try to get through Windows Presentation Foundation. Windows Communication Foundation, and Windows Workflow Foundation. I’ll make sure you get a good … errr… foundation in this stuff.
The event is on Wednesday, October 5, 2005, 6:30-9:00 PM and will be held at the Cubberly Community Center, 4000 Middlefield Road (Room H-1) in Palo Alto, CA. (Directions)