It seems like I've deteriorated into semi-annual blog posts.  Sigh.  At least the discussion groups at www.directoryprogramming.net continue to flourish and we are seeing a nice uptick in activity on the ADFS board there.  I think the writing may be on the wall for me as a blogger, but who knows.  Perhaps I'll get back on the wagon.

Anyway, thanks to all the people who came to see my talks at DEC this year.  I hope you enjoyed visiting my town and you got a lot out of the conference itself.  DEC is one of my favorites and I'm happy to see it continue to do well.  I got a lot of nice feedback on both of my talks and I'm always interested to hear what you thought.

My first talk this year was on customizing ADFS.  To my knowledge, this type of stuff has never been talked about publicly before, so the session was a bit of an experiment.  I essentially tried to cover all the different types of things you should and could do to ADFS V1 or 1.1 (2003 R2 server or 2008 server) to make it do different things.  It started off discussing some cosmetics to apply to the pages displayed by the FS, moved through ADAM account store tweaks and then covered custom claim transformation modules and some advanced hacks/mods such as non-Windows authentication.  Some of that stuff has been discussed here on this blog and nearly all of it was based on stuff we've actually done at work, so basically real world experience.  My fear was that the subject matter would be a little over the audience's head since it wasn't introductory at all (assumed you already knew ADFS pretty well) and covered some developer stuff which might have seemed alien to many of the audience members who tend to be more of the IT Pro sort.  Still, I think it was valuable stuff.

I mentioned a sample custom claim transform module that I'd post the source to.  I'll follow that up in a separate post shortly.

The audiences for all the ADFS talks were pretty small by comparison to the big AD talks, but this doesn't surprise me.  Not only is ADFS still a new thing, but to a great extent it is a luxury for most DEC attendees to be able to go to those sessions.  ADFS largely assumes that both the directory and the identity provisioning stuff is all a solved problem and that we have rich repositories filled with security principals whose identity is trustworthy and stuffed with useful metadata that can be converted to claims.  For many, that is not (yet) a solved problem at all and federated identity is still largely wishful thinking.  Still, you have to start somewhere.

My second talk was essentially the talk I've done at DEC now for 3 years, although this time modified heavily to cover the new .NET 3.5 stuff in System.DirectoryServices.AccountManagement.  I was really dreading this talk and didn't finish the slides for it before the conference, so between the last minute PPT work and the anxiety, I only got about an hour of sleep.

Still, the talk seemed to go off pretty well.  I was in the big room this time and in one of the last slots of the conference, so I had low expectations for turnout.  It seemed like I had a pretty good crowd though (not the Dean and Joe show, but I'll take it!) and people seemed to be into it.  I think it was probably the best version of that talk I've done to date, so all in all I'm quite happy.  I miss having Ryan there to bounce stuff around with, but so it goes.

Thanks also to Donovan for inviting me up for his case studies talk and giving me an opportunity to talk about some of the real world stuff we are doing with federation at work and talking about the process and legal stuff as much as the technical aspects.  People clearly have as many if not more questions about those things than the engineering parts.

I think I finally get CardSpace now, especially as it applies to the enterprise, and am looking forward to having a chance to get it running internally.  That should be interesting.  Stuart, I need some bits I can actually deploy.  :)  Thanks to Pamela Dingle for coming to DEC and bringing both the CardSpace love and the non-MS platform perspective.  I'm anxious to go to a conference where everyone knows her and no one knows me at all and see how I do.

She's got a nice follow up on the Wook Lee Challenge this year which I played a tiny role in.

Customizing-ADFS.zip (1.06 MB)

DotNet-DS-Programming.zip (1.27 MB)

Given that I haven't posted on this blog for months, I'm not sure if anyone still reads it, but I thought I'd take a few moments to inform my loyal readers of a new addition to the family.

Micah Kaplan Yarbrough was born October 15, 2007 at 11:40 AM at Prentise Women's Hospital (part of Northwestern Memorial Hospital) in downtown Chicago, just like like his older brother Evan.

He arrived 10 days before he was expected and almost a month sooner than his brother (who was quite late) and was a little smaller, but still a robust 7lb 11oz and 20.25" long.

Mom and baby are doing fine.  They are both sleeping right now in fact.  We'll be heading home in a few days and start to figure out the mysteries of chasing two kids around.

Evan is at home with his grandparents right now trying to convince them that he goes to bed at 10:30 usually and get 10 cookies everynight before bed.

Here is a picture at 1 hour old.  He was sleeping then too.  He sleeps a lot so far.  He barely ever cries, but I'm sure he's just building up his strength for later. :)

I was lucky enough to attend DEC again this year and was even more lucky to have been asked to speak due to an unfortunate last minute cancellation.  This year, I presented on a variation of the same type of stuff that Ryan and I presented on at DEC 2006.  This year, I had to fly solo as Ryan could not attend.  :(

Here's what we did differently this time around:

• No PowerShell (DEC already had 2 PowerShell sessions, so why bother?)
• Focus on some new Longhorn LDAP and AD features (Fine Grained Password Policy)
• A "slideware" overview of what's coming in .NET 3.5 "Orcas" with the new System.DirectoryServices.AccountManagement namespace (formerly known as the Principal API).

I'd like to thank all of those who attended.  I hope you enjoyed the talk and hope that some of you got free books.  I apologize if I could not accomodate all of you.  :(  Thanks to the Addison-Wesley marketing team for providing the books for your enjoyment.

For those of you interested in the Snippet Compiler tool I used in my demos, you can find it here.

The slides and code for the demos are attached and I did get around to converting them to VB for all of you VB people (I'm a VB.NET guy too; I really don't know why I coded all the demos in C# :)). 

Note that my application of the "in chain" matching rule turns out to be incorrect usage.  Don't do it like that!  Read more here.  I feel silly.

Note that if you are confused about which API to use, S.DS or S.DS.P, I discussed that in some detail here.  There is really no right answer, but hopefully that helps. 

To ask us any specific questions about LDAP programming, please use the book's discussion forum.  This is the only place that Ryan and I both use together.

As always, DEC is a treat and I really enjoyed all the conversations and interaction and am happy to see ADFS gaining a little traction.  Now, about that hot chicken...

Both of the readers of my blog probably think of me primarily as a .NET LDAP/Security/ADFS guy, and that's fine with me.  The vast majority of my posts aren't about my personal life, so that's what I seem like.  However, those who know me better know that I also play drums and have played in a few bands in my day.

I went on hiatus from doing any serious band stuff after my son was born and thought I was pretty much done.  There does come a time when one packs that sort of thing in, although I'm not certain what that threshold is.

Apparently I haven't quite hit that yet, because I was recently lured back into playing in a band again.  I am now the drummer for Arriver (replacing the dude in the left in the photo), which is basically a metal project started by Dan MacAdam, the guitarist from my previous band, Viza-Noir, and Dan and Rob Sullivan.

I've played with Dan M. for years and have also played with the Sullivan brothers for years as well, although never in a serious songwriting type of band.  The Sullivans and I, along with Jimmy "Bigstacks" Grabowski, formed the core of the legendary Dave LaCrone and the Mistletones, a band that existed only to play a rather insane annual holiday party.  The 'tones also played quite a few of my friends' weddings and a prom in a cover band capacity.

Dan M. played with the Sullivans and their other brother Andy in a straight up bluegrass band called Skeeter Pete and the Sullivan Mountain Boys, which I was fortunate enough to record a few years ago.  Them boys can sing and they pick pretty well too.  :)  I also recorded a record for Dan Sullivan for his Nad Navillus project, which was a singer/songwriter project featuring Dan's virtuoso guitar playing and some more introspective material.

The Sullivan brothers also play in one of the most ambitious rock bands in Chicago, the Butcher Shop Quartet.  The BSQ plays arrangements of contemporary classical pieces for rock band (generally 2x guitar, bass and drums).  They are most famous for their truly impressive rendering of Stravinsky's Rite of Spring, something that has to be heard to be believed.

You are also plenty likely to find Rob playing bass at a bar near you with the Blue Line Riders, a 6 piece honky tonk band with one of the most impressive set lists I've ever seen.

Arriver is a metal band.  This takes me back to my childhood, as that's what I grew up listening to in the South as a kid (didn't everyone?).  However, metal has changed a lot since I was into it.  I had pretty much switched to indy rock by the time thrash metal and speed metal transformed the genre.  We now have blast beats, crazy time signatures and demonic vocals to round out the power chords and "widdly-widdly" guitar solos.  Sick double kick chops are assumed as the price of admission.  I've got a lot of catching up to do. :)

I actually got a double bass drum pedal when I was 16, as all the cool kids had one and I wanted one too.  I used it for years in various band projects, although I never learned how to do the fast metal rolls that you need to have to play this stuff.  20 years later, I sill have the same DW 5000 double kick pedal.  It works ok, but I might need an update.  It is pretty lose and the sprockets are all worn down.

China cymbals, often frowned on in indy rock as being too "something" (having to do with uncool I'm sure) are welcome in metal, so some of my other 20 year old gear is geting a ride again.  I'm actually using 2 on my current set, something I've never done before (a 20+ year old 19" K china and a 10 year old 22" swish knocker with rivets that I bought when they reissued them a few years ago; obnoxious cymbal!).  This part I like quite a lot.  I haven't yet gone over the top with my set-up, still just using a 4 piece kit with 4 cymbals, but the 2 china thing is super fun.  I also only have 1 crash, which is weird for me.  Maybe I'll round this thing out with something that goes "ping". 

The odd time signatures are things I'm pretty used to, so that's less of a struggle.  I'm not going to sound like Meshuggah anytime soon (although the same can be said for a lot of others who are trying way harder than we are), but I know how to play in 5 and 7.  My double kick and blast beats are a little embarassing right now, but that will motivate me to get better.  Arriver has as much appreciation for Man-O-War as we do for the cerebral stuff and is pretty song-oriented in general, so I doubt we'll ever go over the top into pure inaccessibility.

If you are 30+ drummer getting back into music and have decided to add blast beats and blazing double kick into your repertoire, drop me a line and let me know how you did it.  :)

Ok, so I've bought a new house, sold my old one, moved and have my life returning to its typical state of order.  Baseball season ended tonight (congrats to the Cards; I couldn't really get into it though), I have broadband and the weather is starting to lend itself towards staying inside.  As such, it is time to start blogging again and getting back into some technology. 

For anyone who may have ever subscribed to this humble sign post and was not impressed by the quantity of content forthcoming, I will now try to ratchet things back up.

On my mind these days are still ADFS and Identity Federation in general (which we are getting close to deploying at the mothership now), directory programming (as usual), crypto and application-level authorization approaches (a la AzMan).  Let's see what I can come up with.  :)

So, this whole moving thing has happened pretty quickly.  We started looking at houses before we really had decided whether we were going to move or remodel, and we hadn't really decided where we wanted to live (although it was a toss up between staying in the city or moving to one of two nearby suburbs that are quite city-like; Oak Park or Evanston).

As luck would have it, the house we liked the best was the first one we saw and it was right around the corner.  We decided to move fast on it, so we started the purchase before we had even really thought about getting our house on the market.  Conventional wisdom suggests that one takes care of the sale first before jumping in on the purchase, lest one end up with two mortgages and a world of trouble heading into the winter.  Given the current state of the supposed housing market meltdown, this was a real fear.

However, we did manage to get through the listing process quickly, did a bunch of stuff on the house to make it more presentable and just went for it.  We sold the house in 8 days and arranged a same day closing (no bridge/home equity loan), so basically it all just worked out perfectly.  I think good pricing advice and a great work ethic from our agent was the key here.  Thanks, Lee!  Lee and I know each other from our punk rock drumming days (he is still rocking, while my rocking behavior is much reduced).

One must reasonable conclude that I must lead some sort of a charmed existence. :)

Of course, now I have to pack and move, which is less charming. 

I think more tech blog postings may be a while in coming.  I'm doing a bunch of work with build automation again though, this time with a lot of SQL stuff that I haven't done before, so maybe I'll talk about that some.  I haven't had much time at work for new ADFS, LDAP or Windows security work, so I have nothing new to say there, unfortunately.

I haven't been blogging for very long, but I've been a pretty active community participant in general for many years now and am generally always happy to try to help people be more productive using the technologies that I know something about.

If you happen by here via a search or something and don't find what you are looking for but suspect I might know something to help you, feel free to ask.

There are two forums that I actively participate in, the web-based forums for our book (www.directoryprogramming.net) and the Microsoft newsgroups (primarily the ADSI.general group, but also the various .NET security groups).

Feel free to leave a comment here too or send an email via the link on the main page.  No promises, but I'll try...

I've been telling myself I was going to finally get into the blogging racket for almost 2 years now, but even though I've had the hosting all put together for that entire time, it took me forever to actually get it together.  I just had to do it myself instead of using another site...

Anyway, this blog will probably resemble the blogs I already read, in that it will be mostly technical with a focus on building software using Microsoft's .NET platform.  It will probably lean heavily on my specialties, .NET LDAP programming and application security, but will likely also feature other stuff I'm into like application architecture, agile development, identity federation, cryptography, and setup development in MSI using WiX. 

Speaking of .NET and LDAP, if you've ever heard of me before, it is most likely because you might have stumbled across one of the myriad usenet posts I've made over the last 4-5 years on the Microsoft newsgroups, or perhaps I answered your question directly.  Micrsosoft has actually designated me an MVP in this area, and I've even written a book about this with my intrepid co-author, Ryan Dunn, to further our aim of providing resources for the .NET community in this obscure, but stranglely difficult and increasingly important aspect of software development.

That's all for now.  Maybe some real content next time, eh?