Code with OAuth and Social networks

I have been working with social networks like linkedin, tiwtter, wikipedia and facebook to extract more details from them and also update the social networks from a single place. It was learning to see that these social providers offer API access based on java-script and REST for third party guys to integrate through a program.

1. The API are no more described in terms of functions and parameters, but are described more in terms of URIs,REST,JSON,XML and javascript. This is quite different from the approach I have taken to write web services and clients in the past. To invoke the functionality to extract data from providers, one needs to understand the various URIs supported, query strings, filling GET or POST data in HTTP request and reading raw HTTP response in XML or JSON format and understanding HTTP error responses. I thank Sendhil for his blog Client-Side Web Application development using JavaScript to make myself aware of what I was doing.

Linkedin APIs
Twitter APIs
FaceBook APIs
Wikipedia APIs
Bing Search APIs

2. The social providers support a way to authenticate program using OAuth. OAuth allows you to share your private resources stored on one site with another site without having to hand out your user name and password. It seems that they are saying that users don’t care about protocols and standards – they care about better experience with enhanced privacy and security. I was amazed at the multiple ways to impersonate other person in your code to perform functionality and also make sure that the privacy details are safe-guarded.

3. There was no official java or C# based client example provided by the service provider and client examples were targeted towards PHP, java script and Python. Neither one finds organized information about accessing social providers and OAuth security from a desktop application or NT service. I actually have build OAuth client that works from a windows web service or simple windows Forms application.

4. There are default clients available that could be used to test APIS
LinkedIn Console
Twitter Console
Bing Search Console

5. Once of my challenge also was to work with limited documentation to get a grasp of the entire set of capabilities offered by the APIS. By offering them free, it might be a strategy to allow developers to learn things what is of interest to them. The error codes need to be explained better and that is surely lacking. The explanation of how OAuth authorization affects API can be explained in better manner.

Book marking some references(Thanks to all authors to help me grasp OAuth)
Getting Start with OAuth
OAuth 2.0 Microsoft page
OAuth for Dummies.
OAuth 2.0 and the Road to Hell
How to write a complete OAuth Provider in PHP5
Four Attacks on OAuth – How to Secure Your OAuth Implementation

My learning with OAuth makes come with the below judgements.
• best suited for web, mobile and can work for Desktop clients with some tricks.
• One-time tokens. For this, OAuth is a lot of complexity to make one API call.
• OAuth might not be the solution when the only clients of your API are servers, with the requirement to log in securely using a browser on the way.
• Where do you store credentials on the client?

Visit arthavidhya.com

This is a follow-up to the blog Training opportunities for non-engineers. Here comes a training organization with cloud based learning platform focusing on training students on corporate processes & back office requirements and remove the gap between collegiate education & corporate expectation. I am happy that I had an opportunity to conceptualize the training from mind to a software.

Will cloud providers offer “Confirm and Pay” option for customers?

I was reading the article “Why Facebook, Google, Twitter, LinkedIn don’t offer customer support on phone”. I have been watching the customer support related to payment offered by cloud providers.

Today I make use of broadband internet from a internet service provider at home. I make use of monthly subscription plan and make payment to the internet company at the end of the month. When there are unknown charges in my bill. I call the internet service provider and refute the chargesand there is possibility of them to be removed prior to payment. When I delay payment, I am expected to pay late fees or fine.

• I use the service and pay for the service, with an opportunity to review bill.
• The bill comes to my home through regular post or a document is received in my inbox. I have physical record or digital record in my email inbox.
• The customer understands that there is a minimum payment to be done whether the service is consumed or not.

I also make use of Skype calls. Here i pay $10 in advance that can be used in a specific fashion and needs to completed within a time period. This is nice and I make my calls and the money gets deducted based on the calls made by me.

• I pay for the service and use the service with a confidence that the money that can be spend on the account is limited to what I have paid.
• The invoice is provided me right at the time of payment and have physical record for my purchase or digitla record in my inbox.
• The customer understands that the service needs to be consumed within time period for which the payment done.

Some of the above services provide an option called “Confirm and Pay” in collabration with banks, where customer can reach his bank website and initiate payment process to the provider.

Let me look at the cloud providers like amazon, azure or google app engine. They ask me to provide the credit card details to use of the service. At the end of the subscription period, they charge me first and then send an email.

The email does not have a digial copy of the bill and provide a link with the statement “This e-mail confirms that your latest billing statement is available on the XXX web site. Your account will be charged the following: Ple $money. Please see the Account Activity area of the XXX web site for detailed account information:”

When I click on this link, it goes to account login page where i need to login. Once you login, you need to search for the bill and then you need to search more to understand the nuances of the bill when there is a dipute. It is not easy to find details. Assume that there is a dispute, one needs to write email to support center. There is no phone support and some of them have started to add them now.

• I give credit card details and I have no idea what i need to pay.
• The bill or invoice is not send across to me. Alas! They email with URL link to search bill.
• As consumer there is very less information available for me to understand better with the additional risk of being charged unfairly.

Content Sharing, Content Protection, DRM

I have written a white paper, recorded short audio clipping or video. I want to share my knowledge with people across the globe or people who missed my class. I share content free say through podcast or a blog(like this). Over time I become popular and want to generate my money from my hobby of sharing.

I try to publish a book, Audio CD or Video CD and sell the self created content for a price. This has been happening for years. People published and sold books. People sold entertainment media on record labels, then cassettes, then CDs, then DVDs. In all these cases, the created content is sold and the buyer purchased content agreeing to copyrights. The buyer is expected not to make copies of the content and sell and make profit and it was not easy or profitable to create copies also.

Buyer could share with his friends or family. As, there was only one copy of the material at any instant of time, all is well with content sharing. If cost of content was low, people prefer to purchase rather than share and when the cost was high, they bought one copy and shared among friends.

Things changed. Technology started progressing. Now comes era where people could mutate original book or audio and video and impersonate the author or creator and project the content as their own. The creator wanted to protect the content. Technology proposed to ensure the identity of the content from impersonation by encryption and demanded a player that can decrypt only can play the content. This is Content Protection. The creator choose to provide free content and a free players to plays free content.

The creator choose to provide some free content and some paid content and provide a paid player or device capable of playing the purchased content and free content. iTunes came with a device that enabling sharing to multiple ipods, media available one iTunes account for a set of family devices. Please see the article Share iTunes with my ipod and ipad and http://apple.stackexchange.com/questions/32351/how-does-a-family-with-multiple-idevices-and-multiple-laptops-share-music-and-di. I have personally tried to connect to single iTunes account with iPod of mine and my wife. Plural-sight comes with licensed player that would play any content created by Plural sight and allows only a predefined quantity of content to be downloaded offline. In both above cases, sharing is made possible limited to a set of users or a set of content.

It is quite possible that content has been downloaded for offline viewing and the player license gets expired. It is quite possible that content purchased is lost in hard drive crash. People propose a time bounded, low cost subscription based license model, to enable continuous usage of the content. I view this as an approach trying to be fair to creator, distributor and the licensee.

With technology getting sophisticated,arrives DRM. Here the content and application purchased can be used only on a single device. The buyer can still share the device and share the content and nothing stops the buyer. Middle men are demanding for DRM that might not be fair to the buyer, as follows.

• Limit the number of times content can be used?
• Limit the capability to play content when device is connected to projector or internet?
• Prevent screen capture of videos and audios?
• Disable access to the user from the server if suspicion activities are noticed?

How to make it fair to the buyer also? Can the license be priced competitive based on the usage moments? Can the following be published?

• Cost of using content content once
• Cost for using specific content a fixed number of times for a predetermined time period
• Cost of using specific content for a predetermined time period
• Cost for using all available content fixed number of times for a predetermined time period
• Cost for using all available content for a predetermined time period?
• Make all the above cost as cheap to users and competitive

To summarize, DRM attempts to use technology to make it harder to share and collaborate; Technology gets adopted enabling sharing and collaboration. DRM will lose if collaboration and sharing win. It is harder and slower to build and deploy restrictions than destroy them. Once restrictions are broken by approach, the method to break can be shared using technology. DRM will win when the cost of breaking DRM is higher than the profit to be made and it doesn’t have to be perfect. Does DRM represent Digital Rights Management or Digital Restrictive Management?

Do we need 4G services in India?

Let us start pondering on the question reading the document The Growth Phase of 3G in India. My personal observation in India is as follows. In India, the internet penetration is less than 10% of the population. I am very much in the 10% of the population and enjoy the fruits of internet technology. But the remaining 90% of India population is not using internet except for railway booking, bus booking and utility payments. I am seeing banks move to internet for payment and money transfer and the number of Indians with bank account is less also. But ATMS need power to work and there is regular power-cuts in India. I have been banking for 28 years now and today really miss the friendly manager, who would help me across my school breaks( today i am supposed to be a privileged customer), rather than being pushed to toll free number and send emails. I did not expect technology to create issues, but that is reality today.

Let me come to question on 4G. Are 3G services really used By Indians? I used to carry my Blackberry with unlimited internet for last year and disconnected my internet for a month now. Am I missing something? No. it seems that I have more time for myself than in the last one year. Did I really need 3G? I am still finding.

Being in mobile learning space, I see that very few students to use internet in their phones. Even if they have android phone, they seem to prefer using wi-fi at home rather than internet on mobile. 8 out of a batch of 100 students are ready to use internet to download irrespective of their phones. What will be the case when 90% of mobile users in India are pre-paid customers and the average balance is Rs 7. Mobile users do not even renew the mobile numbers though that option is provided to them in India.

Is there really a critical mass using 3G services to migrate to 4G services? Is it because 4G devices have started to come in the market? Do we have surplus money to invest in 4G infrastructure?. So, right now I am not sure if the consumer needs access to 4G speeds. If the telecom companies and Device manufactures and government thinks wants to make India ready for 4G, I recommend them to perform the following

• Focus on consumer delight
• Offer better battery life, support for Indian languages in devices
• Create a larger consumer base to start using internet available today and available on their phones.
• Make people use mobile devices as content creation devices rather than only content access devices.

Let us create real demand for introduction of 4G services.

Are Cloud Services taxed?

I do not pay any taxes for charges paid to cloud computing service or purchasing a mobile application in android platform. I learn that all services in India are taxable. How about cloud services or mobile application service?

Cloud Computing allows Governments and Companies to access IT resources as a Service over the Internet. One is not required to invest in the IT infrastructure, Software and Services upfront. The software and data is stored on the servers of the Cloud Computing Service provider.

Taxation of cloud services is complex and is subject to the fact where is the Cloud located. Across the world, the practice is to tax where it is used, whereas in some cases,it is taxed where the service is offered( location of the server) or it is taxed where the office of the cloud computing provider is located. If companies are accessing Cloud Services from outside India, can the Indian Government tax it?
I might need to understand International law and Taxation domain and this is going above my head/ knowledge.

Governments depend on tax revenues on goods sold within their borders. How will the Indian government like to treat the cloud? They would like to follow an approach similar to off-the-shelf software purchases, which are of course taxed. How will the cloud computing company project this? They would claim that Cloud computing amounts to providing Software as a Service which will be governed by the local laws where the cloud computing company is located or where their servers are. These locations are mostly in the US where these are non taxable. As Infrastructure, Platform and Storage is provided as a service on the cloud model, this is going above my head/ knowledge.

Now I am in confused state.. On one hand as Indian citizen, I do not want Indian government to lose the tax revenues. At the same time, I would like Indian companies to make use of cloud computing and save costs,be leaner and more efficient. if Indian company wants to offer cloud computing services,this company would be under Indian tax jurisdiction and the cost would become charges + taxes. Can this company compete against the existing ones?

Are the above leading to the reason to my own question,”why the cloud computing providers like amazon and azure do not have cloud data centers in India?”. For both these providers, I was able to use my Indian credit card.

Economics of Cloud Development

While learning to build applications with Azure, developers and architects please learn economic of developing and deploying applications on windows Azure and SQL Azure. I see that developers and architects need to be connected to cost. Your manager would be interested in the following costs, but there is more you can help him.
• Number of hours you’ve reserved a virtual machine (VM)
• Number of CPUs in a VM
• Bandwidth, measured per GB in / out
• Amount of GB storage used
• Number of transactions on storage
• Database size on SQL Azure
• Number of connections on Windows Azure platform AppFabric

Effectively if the resources are used well, we save cost. If the resources are not used optimally, then we lose money. How can one take responsibility during application development to optimize Azure costs for deployment?
Azure Compute:
1. Extra Small Windows Azure instance is for the purpose of development and testing.
2. Windows Azure compute hours are charged only for when your application is deployed, Partial compute hours are billed as full hours.
3. Large allocation of shared resource helps in higher I/O performance.
4. License for the Windows Server 2008 R2 is covered through the Windows Azure VM Role licensing
5. You can’t change VM Size once you’re running your application
6. Hoe many number of hours of the application translates business?. When one deploys application, performs some operation and forgets to turn them off after use, one is charged for the unused compute power. Please un-deploy the application as soon as possible to stop paying for any inactive applications
7.How to decide the number of web roles and Worker Roles?. One can use one web role and one worker role. When we scale, we need to identify whether we need to decide whether we need to scale as two web role and two worker roles or two web roles and one worker role.

Windows Storage:

If the web role and storage are located in the same region (Both in “North America” for example), there would be no bandwidth bill for communication between Web role and storage.
o Keep Azure services coupled within the same Azure region.
o One can make use of CDN for cost-reduction measure, as it gets cached locally
o Keep in mind that cache expiration time can create challenges

People store session data in Azure blobs and table storage and the storage and transaction of writing and reading impacts the cost of deployment. Hence please separate the structures and data that needs to be placed in the session . Please also look at the article Understanding Windows Azure Storage Billing – Bandwidth, Transactions, and Capacity , Windows Azure Storage Abstractions and their Scalability Targets, How to get most out of Windows Azure Tables

Transactions :Every operation on a storage account is a transaction. Be smart of the operations that count as transaction.When performing an operation such as blob storage, for example, you would first check if the blob container exists. If not, you would have to create it and then store a blob. That’s at least two, possibly three, transactions. The same counts for hosting static content on blob storage. If you have n images to display on page, you can run up to 2n transactions or more. One can reduce to n +1 transaction just by removing the check whether the blob container exists or not to once at startup.

Diagnostics

Writing diagnostics every minute increases storage transaction and extra costs and setting a long time interval to write can make the diagnostics data always old by the time interval.

You need to own the clearing of the old diagnostics data, else you would billed for the storage that does not provide much value.

SQL Azure

Please be aware that it can be more cost-effective to distribute your data across different SQL Azure databases, rather than having one large database

Please check whether Indexes and tables can consume a lot of database storage capacity. Some indexes may consume 0.5 percent of a database and make sure whether they provide needed performance gain to justify the cost of index. Please check this article The real Cost of Indexes

Do you make use of object relational mappers instead of stored procedures to perform a data oriented operations in application logic? If yes, performing data calculations in application might require extra Web Role or Worker Role instance. By performing the same in SQL Azure, you can save some processing of role instances and SQL Azure is not metered on CPU usage and you get free CPU cycles in your database.

Role of multi-tenant in SaaS cloud offering? -Part 2

I feel that we should not generalize the fact that SaaS business in the cloud must be only multi tenant. Effectively a company like SalesForce needs to be multi tenant. Should company providing HR solution to enterprise also think the same? Yes after they address company providing HR solution needs to keep end customer in mind and be ready for single tenant model too. The challenges with Cloud + SaaS makes me think so.

1. For company offering SaaS, being dependent on other PaaS/IaaS vendors is a newer concept and creates complexities and is uncharted territory and meeting SLAs together is evolving and generares competition and conflict. In addition, building multitenancy into the product proves to be challenging and expensive.

2. When you continuous upgrades and support, and will always benefit from the highest point in the evolution cycle of the product, the product is going to change over time, and the customer must be willing to go with the changes. This is not true with large enterprises. I have seen SaaS vendors offering free supporting older version as users do not want to mvoe to the newer model

3.if customers want customization specific to them, yesterday they did not have options, today they have the cloud.

4. There are no standard security mechanisms where multiple vendors provide authentication using a single authentication user name and password for multiple SaaS services and forces end user like me to remember multiple passwords.

If you have vision to beome some one like SalesForce, they need to think of multitenancy in their model. if they have vision to handle enterprise, then they need to think of both multitenancy and single tenant model of deployment. I would expect that SaaS providers need to think of both multi tenanct and single tenant model.

Role of multi-tenant in SaaS cloud offering? -Part 1

Is there a different way to look at SaaS multitenant model with the advent of cloud from a business perspective? Should we see with same eyes in the cloud too?

When SaaS applications were developed, ISVs hosted them on private data centres and offered them as service. ISVs came with pricing model that covered the machine cost, the software license cost and the application cost. When they handle machine cost and license cost, they want to optimize this cost and take care of times when the machine is not used and started with hosting multiple tenants on same database. Then they wanted to reduce Web Server cost and decided to host sample applications for multiple tenants in one machine.

There were advantages what SaaS characteristics brought to the table in pre-cloud times.
• As SaaS vendor, I am interested to know features that are most used by the customer and least used by the customer and put my money accordingly. As enterprise, I look for consolidate view across various departments in my organizations. Effectively Data residing in single db across multiple tenants could be easily used to consolidate, identify trends and insights to features of the application both for ISV and both for enterprise
• As enterprise, I do not want to keep on buying machines and software license. This was because the machines were costly and it was not possible to get them on demand. No one other than Saas Vendor offered by subscription model.
• As enterprise, Based on SaaS maturity model, the SaaS vendor was enforcing some rules on the freedom of end customer and end customer was happy due to above point.
• As enterprise, SaaS Vendor ran it as separate business. They had no easy integration with Active directory as they need to be seamless to customer

Today, when we look the advantages that SaaS characteristics bring to the table cloud days for the above ones, I see them different
• Has things not become simpler with (Hadoop, MapReduce) even if there are in multiple data stores, start a instance for short time which perform the crunching and release the instance.
• As enterprise, I no more need to buy machines and licenses for a long time. There is a subscription model which was not available earlier from providers other than SaaS vendors.
• As enterprise, I am looking for more independence to customize my applications as I have ways to follow subscription model.
• As enterprise, SaaS vendor if they run on cloud as single tenant on end customer infrastructure, then can integrate with different active directories. My backup would be more simpler than when it is multi-tenant

Cloud is enabling the end customer to take care of economics by a subscription model for the hardware and software licenses and if the SaaS vendor provides pricing model independent of these costs, wil it not be to advantage of the end user?

To conclude, Cloud is enabling enterprise to demand more on the product/application for flexibility and ease of use and sustenance.
1. In case of large enterprise, muti tenancy may not be desirable in all scenarios as they come with their own constraints vs. benefits.
2. One can write application to support multi-tenancy, and have the capability to be deployed to the cloud, ISVs should allow customer to make the decision of using the application as multi-tenant or single tenant.
3. when there is cloud, multi tenancy may not be the only factor for scalability, involve the customer and he might already have resources for scalability.

Like article Cloud computing coundrums

Liked the puzzles and copied here for my reference.

Puzzle #1: Create flexibility by being less flexible: Moving capability to the cloud might provide flexibility such as storage elasticity and pay-per-feature options, but may come at the price of vendor lock-in and limiting feature sets.
Puzzle #2: Determine the cost of an existing IT solution: Cost of existing application (hardware and software) is compared against the cost of running a technology service. How to understand and calculate the true costs that come from labor, utilities, backups, disaster recovery etc and allocate the appropriate costs for each service being considered for the cloud.
Puzzle #3: Simplify the environment by introducing more complexity: One claims to eliminate the complexity of developing, managing, and hosting the solution internally. However in this process, supporting disparate vendor solutions adds a new level of complexity and there are challenges in getting these applications to interface with each other.
Puzzle #4: Provide assurances of sustainability in a domain of uncertainty: With the benefits so compelling, it can be hard to resist moving forward to cloud, but the challenge is to receive and provide assurances to already skeptical stakeholders.
Puzzle #5: Maintain security while reducing it.: By moving services to the cloud, you may essentially be outsourcing your security.