The Valet Key Metaphor and OAuth

Some time back, when I started reading about OAuth, I came across Eran Hammer's Valet Key Metaphor which he used in earlier days for explaining the concept behind OAuth. It was a good analogy and a good starting point for beginners before deep diving into OAuth straight away.


Quoting Eran from his blog,

Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else.

This is the basic principle behind OAuth. Allow third parties to access your resources with limited privileges for a limited period of time without sharing your actual credentials.

WSO2Con is back..

Want to know what's new in SOA and Cloud space.. ? Want to see how the real world use cases are realized using WSO2 middleware stack.. ? 

Yes, everything is being lined-up for WSO2Con-2011. With the success of the first ever WSO2Con held in last year, WSO2 is getting ready for the WSO2Con-2011 on Sept 12 - 16, at Waters Edge, Colombo, Sri Lanka.

Compared to the last year, this year's WSO2Con is a huge step ahead. Apart from the six great keynote speakers, there will be more than 30 speakers from more than 10 countries around the world. This set of speakers represents a few of our well satisfied clients, passionate users and of course the best of WSO2.

I will be conducting a tutorial session on Web and SOA Security with my colleague Amila on the first day of the WSO2Con week. Not only this, there will be a set of tutorial sessions that will lay a solid starting point for anyone willing to learn about SOA, Cloud computing and related technologies.

The gates for registration are still open. If you haven't registered yet, don't be late.

WSO2 Carbon Platform v3.2.0 Released !

Recently WSO2 announced the public availability of version 3.2.0 of the Carbon platform. This release includes 13 products and including the Carbon Core.

This release adds a lot of value to the Carbon platform in terms of new features, usability improvements, performance improvements, architectural improvements and bug fixes. If the amount of new features being added is taken into consideration, it beats previous releases with a large margin.

Another focus of 3.2.0 release was to improve the build system. Being a 100% open source platform, giving users and developers the ability of easily building the entire platform is important. Thanks to all the hard work put into this area, the source code in 3.2.0 release is much more organized and it can be easily built.

WSO2 Identity Server v3.2.0 was also released along with the Carbon 3.2.0 release. Following is a list of new features available in this release of Identity Server.

• XACML UI Editor for the Policy Administration Point
• Enhanced Policy Administration Point features with policy versioning and notifications
• Support for multiple XACML Policy Information Points
• Improved XACML policy test UI
• ApacheDS based key distribution center
• Custom security policy support for STS
• Support for SAML 1.1/2.0 Bearer Subject Confirmation

One of the main features that we have mainly focused is the all new XACML editor. It has been completely redesigned and re-implemented to provide a better user experience. Even a user who does not have any knowledge on XACML, can start defining policies with the new editor.

Please take a look at this listing to get an idea about the bug fixes and improvements incorporated into Identity Server 3.2.0 release.

Identity Server v.3.2.0 is available for download from here.