Thursday, November 28, 2013

Open Authentication (OAuth)

OAuth is a free and open protocol, built on IETF standards and licenses from the Open Web Foundation, and is the right solution for securing open platforms. OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access. An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.
OAuth is ‘An API access delegation protocol’
The heart of OAuth is an authorization token with limited rights, which the user can revoke at any time should they become suspicious or dissatisfied. OAuth supports "delegated authentication" between web apps using a security token called an "access token". Delegated authorization is grating access to another person or application to perform actions on your behalf. An OAuth token gives one app access to one API on behalf of one user.
Below is the pictorial representation of OAuth Authorization Flow:
Microsoft provides the "Microsoft.Web.WebPages.OAuth.dll" for OAuth implementation via .Net applications. The Microsoft.Web.WebPages.OAuth namespace contains core classes that are used to work with OAuth and OpenID authentication. The classes in this namespace interact with the classes from the open-source DotNetOpenAuth library.
OAuthWebSecurity Class
This class manages security that uses OAuth authentication providers like Facebook, Twitter, LinkedIn, Windows Live and OpenID authentication providers like Google and Yahoo. Below are the main API that commonly used for implementation.
  1. Register...Client (... : Microsoft, Facebook, etc) : These various register methods allows user to register specific identity provider.
  2. RegisteredClientData : This API provides the list of the registered identity providers. This is necessary for the ProviderName property when requesting authentication.
  3. RequestAuthentication : This is the API to invoke to trigger a login with one of the identity providers. The parameters are the identity provider name (so one of the ProviderName values from the RegisteredClientData collection) and the return URL where you will receive the authentication token from the identity provider. Internally it does a Response.Redirect to take the user to the identity provider consent screen.

Reference Links:

Tuesday, November 5, 2013

Kanban Vs Scrum

Difference between Kanban and Scrum:
  • Iterations : Kanban sees development as a forever ongoing flow of things to do where as in Scrum you work in iterations.
  • Commitment : Kanban is ongoing where as in Scrum a team commits to what they will do during a sprint.
  • Estimations : In Kanban it’s optional since focus is on time-to-market. In Scrum you need to estimate to be able to have a velocity.
  • Cross-functional teams : That’s one of the pillars of Scrum. For Kanban it’s optional.
  • Workflow : The Kanban Method does not prescribe any workflow. Scrum prescribes a set of activities that are performed within a Sprint.
  • Roles : Kanban does not prescribe any roles. Scrum generally prescribes three roles, Scrum Master, Product Owner, and Team Member.
  • System Thinking : The Kanban Method takes a system thinking approach to process problems. Scrum is team-centric.
Kanban Scrum
Board / Artifacts board only board, backlogs, burn-downs
Ceremonies daily scrum, review/retrospeective on set frequency and planning ongoing daily scrum, sprint planning, spring review, sprint retrospective
Iterations no (continuous flow) yes (sprints)
Estimation no (similar size) yes
Teams can be specialized must be cross-functional
Roles Team + need roles Product Owner, Scrum Master, Team
Teamwork swarming to achieve goals collaborative as needed by task
WIP controlled by worklfow state controlled by sprint content
Changes added as nedded on the borad (to do) should wait for the next sprint
Product Backlog just in time cards list of prioritized and estimated stories
Impediments avoided dealt with immediately