All entries for Friday 14 January 2005

January 14, 2005

Mediachest – Federated identity and trust

Writing about web page

This is not a hint about my new project by the way :) Just something I thought up whilst browsing over lunch!

Mediachest allows people to inventory their collections of books, CDs, DVDs, and video games. On top of this inventory management application is a social software layer that allows friends to keep track of their friends' collections. This social inventory tracking application extends to two degrees of separation beyond friends (friends of friends of friends). Using a zip code database, Mediachest also allows people to find other people in the same geographic area that have items in their collections that are of interest.

The potential problem with Mediachest is trust. You can setup groups and lists of friends to try and manage the trust issues, because at the end of the day you might be giving something you own to a stranger and hoping they give it back. There is nothing stopping someone registering with a fake name and email address, building up a bit of trust and then stealing someones stuff when they lend it.

However…what if it wasn't just any old person who could register. What if Mediachest and Warwick had an agreement that Mediachest would auto-register and login users who were logged in securely at Warwick. I'll not go into the details of how this works, but basically you can let a user login to Warwick (where we really do know who you are) and then essentially tell Mediachest who you are. Because of our agreement and the technology that ensures you can't cheat, Mediachest trust us to tell them who is logged in.

This means that you could perhaps automatically join the Warwick group on Mediachest just by logging into the Single Sign On system at Warwick. Then when you borrow something or lend something, you really know who you are dealing with.

Because of the standardised way the identity can be federated, Mediachest or any other 3rd party could very quickly create an agreement with Warwick or any other standardised party. The other big advantage is that you never actually login and give a username and password out to Mediachest, so you have one less login to worry about, which is always nice.

The barriers to entry for using and registering this new service are also much lower because you don't have to go through such a length registration process.

Now, some people will no doubt worry about the privacy implications of this. It is important to note that this does not involve giving a hugh database of all our users over to Mediachest or any 3rd party. All it means is that we will confirm to Mediachest that a user is securely logged in and give them your name and perhaps email address, nothing else.

I really think this is the way forward, and lots of other people do to because there is a lot of work going on out there around this area of identity management.

This is all theory by the way and is not currently implemented either by Warwick or by Mediachest. This is also kind of what Athens is all about.

New year, new project

Looks like I'll be dedicating a lot less time to blogs in the coming months. As we are pretty happy with the stage BlogBuilder is at right now, we are going to wind down the amount of work put into it for the time being.

This definately doesn't mean it is being abandoned, it just means that I've got a more important project to work on right now. If there are particularly pressing problems, they will most likely get fixed, but new features are on hold right now.

Hopefully people will continue to use Warwick Blogs and find it useful and find new ways of using it. I feel it needs a bit of time to settle down and for more usage patterns and needs to emerge.

So, onto my new project. It's kind of strange working on something new when I've spent the best part of a year working on BlogBuilder.

This project is very different, I've found myself writing more documents in the last week than I have done since I left Uni. BlogBuilder was a very organic project because we didn't really know exactly what we wanted at the start. I worked on the project in a very Agile way, preferring code over documentation.

However, my new project has some very important and tight specifications and processes. I'm going through and documenting these now and specifying interfaces up front like I've not done in a long old while. It feels quite old fashioned almost compared to the "Agile way". But it is the right way of doing things. I don't think you can really apply the code over documentation type philosophy to every project.

I was very tempted to dive in and start coding up prototypes, but resisted and with a little bit of prodding was persuaded to do it the "old fashioned way". The reason people used to and still do things like this is because when you truely know what the system is meant to do, you may as well spec it up properly. I guess the problem is that often people know what their customers want, but are way way out. That is when the rigid up front design can come back and bite you in the ass.

I'm just hoping that I really do know that this spec isn't going to change :)

January 2005

Mo Tu We Th Fr Sa Su
Dec |  Today  | Feb
               1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30


Search this blog

Most recent comments

  • One thing that was glossed over is that if you use Spring, there is a filter you can put in your XML… by Mathew Mannion on this entry
  • You are my hero. by Mathew Mannion on this entry
  • And may all your chickens come home to roost – in a nice fluffy organic, non–supermarket farmed kind… by Julie Moreton on this entry
  • Good luck I hope that you enjoy the new job! by on this entry
  • Good luck Kieran. :) by on this entry


Not signed in
Sign in

Powered by BlogBuilder