Message Digest 5 (MD5) is a popular cryptography algorithm.  Message Digest works by breaking up the message into chunks of 512-bit blocks.  Generally in any cryptography algorithm you need to store the key somewhere so that when a genuine party needs to decrypt it needs to get the key to decrypt it.  There is no concept of key in MD5, the message is basically digested by an algorithm that converts it into a hash value. So the only way you can know the content is that if you know the original content use the same algorithm to encrypt it again using MD5 and compare the digest value with the originally digested value.  MD5 algorithm can be used in applications where you want to store the password in a database.  First time when the user registers with your application you can apply the md5 algorithm to digest the password and store it in the table.  When the user tries to login, you accept the user name and password and again apply md5 to the password and then compare the result with the value stored in the table.

Happy book day and happy weekend!

SAML stands for Security Assertion Markup Language. It is a standard that defines the framework for communication of authentication and authorization details between services that could be located geographically different places and owned by different business. You must have visited some sites from the MSN or Yahoo site that uses your already authenticated user id to provide their services. To give you a more concrete example, let us take an online airline ticketing system. This system apart from helping you book your tickets provides the ability to book hotel rooms. Now the airline system may have tie up with different hotel business partners who have their own room reservation services. So when you login into the airline reservation system, and you want to book a hotel room, your authentication and authorization information is sent as part of the request to the hotel reservation service. The hotel reservation service trusts the requests from the airline reservation system (a contract is established) and uses that information to book you a room. The concept of using a single authentication mechanism across business boundries is called “Single Sign On” (SSO). SAML helps in achieving SSO.

A good example here would be the MSN or Yahoo site, where you have different categories of service and you can switch between them without the need to login everytime you switch between these categories. SSO is achieved by different proprietary security tools, but what if the different services use different security tools? SAML comes to your help in this case.

To explain this, consider another scenario. You have services that interact with each other and span across domains and hosted by different parties. In each service you have registered under different email id. Assume the same airline and hotel reservation services. The mail id you have registered in the airline reservation system might be jamesbond@detective.com and in the hotel reservation system it might bond007@goldeneye.com. SAML allows you to link these two and tell the service provider that it is James Bond for whom the reservation is required and his mail id registered in your service is bond007@goldeneye.com. This concept of name identifier management across domains with SSO is called ‘Federated Services’.

SAML is based on XML standards created by OASIS and is part of the message that is used between the services. A SAML request/response has two parties. The party that sends security information about a user is called the “Identity Provider”. The party that recieves the security information and uses it to provide the service is called the “Service Provider”. The Identity Provider not only can send the authentication information but authorization and user profile information that may be of use to the service provider. For example the request sent by the airline reservation system to the hotel reservation service could be that the user is a gold member, so provide some discount on the room tarrif or provide with a first class suite. Look at some sample SAML XML’s on Wikipedia.

Are you a serious J2EE developer? Then relax and chill out with some J2EE cartoons. TheServerSide.com has launched a J2EE cartoon site “Tales from theserverside“.

Have you been hearing the term Web 2.0 frequently? Do you have an idea about it already? If you are new, very good you have the right opportunity to know what it is in the right sense first time. If you already knew something about it, then check it out if what you have in mind is what it is, otherwise unlearn and relearn. If you think Web 2.0 is a technology, if you think just by using AJAX or rich UI in your web application then it is Web 2.0, if you think that it is an open source applcation that you can download and do some cool stuff, if you think it is a combination of technologies, then you are mistaken.

The key principle of Web 2.0 is “The Web as platform”. What this really means is that it is not just your application providing some information, rather there are multiple services (could be hosted by a different party at a different geographic location) integrated together and work together. Its just like how when you want your application to be running you need a hardware and an operating system and necessary softwares that can aid in running your application, Web 2.0 is aimed at using the Web as a platform, meaning multiple applications over the net collaboratedly working together to solve a purpose.

Rather than me explaining in detail about Web 2.0 I would highly recommend you to read Tim O’Reilly’s article on “What is Web 2.0?“. In a nutshell, here is an excerpt of what is Web 2.0.

“…The question is particularly urgent because the Web 2.0 meme has become so widespread that companies are now pasting it on as a marketing buzzword, with no real understanding of just what it means. The question is particularly difficult because many of those buzzword-addicted startups are definitely not Web 2.0, while some of the applications we identified as Web 2.0, like Napster and BitTorrent, are not even properly web applications!…

…Like many important concepts, Web 2.0 doesn’t have a hard boundary, but rather, a gravitational core. You can visualize Web 2.0 as a set of principles and practices that tie together a veritable solar system of sites that demonstrate some or all of those principles, at a varying distance from that core…”

The following is the summary of the key principles of Web 2.0 from the article.

• Services, not packaged software, with cost-effective scalability
• Control over unique, hard-to-recreate data sources that get richer as more people use them
• Trusting users as co-developers
• Harnessing collective intelligence
• Leveraging the long tail through customer self-service
• Software above the level of a single device
• Lightweight user interfaces, development models, AND business models

Read the article completely and you will clearly understand what is Web 2.0. Next time when you mention Web 2.0 make sure you are talking in the right context.

Java-Source.net is a useful website that you can keep in your favorites and use it to look at available open source tools in/for Java. It is a neat web site with tools categorized with description and links to the tool’s website, articles and other resources. This will come handy if you are looking at open source tools for your project.

Continuing on my previous post here is another excerpt from the book “Introduction to Computers and Information Processing“. In the chapter “Programming” on a section “Programming in Perspective”, Larry E Long lists the qualities that make a good programmer. If you are a programmer keep this checklist with you and cross check often.

A good programmer:

• Is self-motivated, has patience, and can work well in a disciplined environment;
• Can assimilate details and think logically;
• Enjoys the creative challenge associated with solving problems;
• Is technically sound and has a good grasp of the capabilities and limitations of computer systems;
• Has the ability and desire to communicate with system analysts, users, and their programmer colleagues;
• Looks forward to a day’s work and doing whatever is necessary to get the job done right and on time.

While all of the points are important, I liked the the 3rd and the last point most, what about you?

I was in my hometown last weekend and I was browsing through some of my school day books. One of the books I was looking at was “Introduction to Computers and Information Processing” by Larry E Long published in 1984 by Prentice Hall publications.It is one of my favorite and was the one which built my foundation on computers. As I was surfing through that book, the section on “Programming in Perspective” from a chapter caught my attention. Here is an excerpt from that section in the book which is so true and something every programmer should think about and cross check.

“To encourage teamwork and quality information systems, some companies have asked their programmers to adopt the principle of egoless programming. In short, this means that programs are developed for the team and the project, and not for the individual and his or her ego.

There is no such thing as an easy program. A programming assignment, whether it be in the classroom or in business, should challenge your intellect and logic capabilities. As soon as you develop competence at one level, your instructor (and, if you become a career programmer, your boss) will assign you a program that is more difficult than anything you have done in the past. Even when doing recreational programming on your personal computer, you won’t be satisfied with an “easy” program. You will probably challenge yourself with increasingly complex programs.”

Think about it before giving up whenever you run into challenges or you just think about your work as a job and do not challenge your intellect and logic capabilties. With the IT industry boom I am sure you will have no difficulties finding a job but what matters most is the challenge. Are you being challenged and/or do you challenge yourself? You would agree that it is a constant question to be answered frequently.

Most of the time I have seen beginners struggle with compiling programs that use package names. Generally when you are learning java, you write everything in one program, compile and run the program. This means that you would never start practicing using package names. These days most of the junior developers directly start working on a IDE. When you start with IDE you miss out certain stuff which is fundamental. If you are a developer try writing a simple program using a package name and compile and make it run in the DOS prompt. If you are successful, well and good.

The point here is not about packages but when you get into a compilation error that says that a particular class is not found, and interestingly the class that the compiler is looking for might be under the same directory as your other classes might be or from where you are compiling. Wait a minute, did you check if you had a CLASSPATH variable set? If yes did you also include the current directory in that path? OK you might ask, how to add the current directory? Today it might be c:\java, tomorrow I might run another program in another location. Well if you didn’t know one of the basic information that a OS recognizes . (dot) as a current directory then know it now. Include . (dot) in your CLASSPATH variable, the java compiler looks into the directory where you are trying to compile from as well. The class not found issue occurs when you have a CLASSPATH variable set that does not include the current directory and a class refers to other classes in the same project under different package structure.