Re-use of Services on Different Platforms

Work Completed By: Richard Scannell

DESCRIPTION

One of the key benefits we want to exploit from using a service oriented approach is the ability to provide data or functionality to various hardware software platforms using a single source.

The aim of this project is to show how a Warwickshire service (either an existing one or a service that was created in the first round of R&D work) can be used on at least 3 different technology platforms without any variation to the original service.

If possible the different applications should take advantage of the different platforms characteristics.

source

DETAILS/LOCATION OF PRACTICAL DEMONSTRABLE OUTPUT

The source feed was an events RSS feed, which is located at http://www.warwickshire.gov.uk/corporate/eventdbp.nsf/eventsfeed.rss.2.0?openpage
The results of this can be loaded directly into a
personal google page: http://www.google.co.uk/ig?rls=ig&hl=en&source=iglk

Twitter : http://twitter.com/Richardscannell

Ning : http://warwickshireevents.ning.com/

Facebook. http://www.facebook.com

DESCRIPTION OF THE WORK CARRIED OUT

IPHONE
I investigated the possibility of creating an RSS feed consumer for the Iphone. The Iphone SDK has a full Integrated Development Environment, Source code management system and & Iphone simulator to test the applications. There are source template applications, which allow developers to create new applications based on an existing ones. However I could not find a version of the SDK to download for a Windows operating system. The only downloads were for the MAC OS. There was not time to order & create a MAC OS virtual machine, onto which I could download the DMG file(the mac equivalent of a zip) .

NING
The ning feed was straightforward enough to create as it enables you to import RSS feeds during the editing process.

GOOGLE
Google also lets you load RSS feeds directly into it.

TWITTER
Twitter doesn't have this facility - but there are a variety of sites that let you take the RSS feed & push it into Twitter.

I used twitterfeed http://twitterfeed.com/ to parse the RSS feed & then direct the results to my twitter account. Initially this didnt work too well, in that it just sent details of some deleted events. Experimenting with the settings in twitterfeed, (by setting the scraping process to ignore date & process entries based on GUID, every 30 minutes eventually gave a result that could update twitter automatically & regularly.
This approach means that it is suitable for systems which create absolutely new pages, but that there may be issues with systems (such as the elections) which involve updates to existing pages. The RSS feed would need to take this into account in its design.

OPENID
One area of great interest was twitterfeed's use of the OpenID authentication protocol. This is something that we should look into further. It lets users have the same id, between multiple websites. The implemetation I tested used MyVidoop. This also lets you authenticate without using a password. Instead people choose memorable categories - they pick between 3 & 5 categories from a list of 9 to be their credentials. The categories were displayed as pictures of such things as Cars, Castles, DVDs, Cats, Flowers, Space. Every time you log in you are displayed 9 categories, & you pick the letters next to the images which match your categories ( they are different pictures of Cars, Castles, DVDs, Cats, Flowers, Space each time you log in & different letters next to the relevant picture) .

This effectively generates a 1 time password for that account, which acts as a counter to both keylogging threats & dictionary attacks. It also means that we should not have to deal with password resets. More investigation is needed into the security of this approach, before we can consider it as an extention to me@WCC.

FACEBOOK
I created an RSS feed into Facebook of events, by using the Import Blog command. This was straightforward enough, as was the process to set the privacy level.

PROJECT OUTCOME

The project was a success. An extisting RSS feed was automatically loaded into 3 separate channels. It would have been nice to have built some Iphone apps. The discovery of OpenId was also very useful, as it potentially gives us an open source authentication method, which works with LDAP, & which may allow us to have a single sign on method, which could work with both Domino & future technologies & hence allow us to implement new technologies, whilst still supporting the existing ones. It offers the potential of a better service to the public, whereby they could use an existing id ( fickr, Aol, Paypal etc….) with Me@WCC. It also has the potential to cut down on the support needed for password resets.

SHORT TERM BENEFITS

Ning & twitter could be opened up with automated RSS feeds from events, news, school closures, election results etc… so that members of those social sites can opt to be informed of changes that are happening on our website. These would be quite straightforward to set up & easy for the public to use

The google feed is similar, but the onus is on the google users to know how to load the RSS feeds into their page

STRATEGIC IMPLICATIONS

OpenID raises big questions. So many & so big that its difficult to know where to start ! The prospect of allowing the public to use the same account as they use for Paypal, AOL, Yahoo, flickr, facebook, myspace etc ( These are are all organisations who are involved with Open ID, as well as IBM & Microsoft, but who havent all got solutions implemented) gives them enormous benefits. If we don't have to handle registration & password resets, then there will be savings in support costs for WCC. But if we were to rely purely on external providers for authentication, we'd need a method to migrate old ids to new. Alternatively, we could be an authentication provider ourselves, but potentially we could then be providing authentication for the likes of AOL, Paypal etc……

OTHER NOTES ETC

Resources on Open ID
http://www.openid-ldap.org/
http://www.itwriting.com/blog/139-how-secure-is-openid.html
http://www.nabble.com/how-secure-is-openid--advise-pls..-td21919617.html
http://luxsci.com/blog/extreme-webmail-login-security-with-openid.html

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License