Development by Davis: “The new software hygiene: Declare a license or risk losing participation” plus 4 more |
- The new software hygiene: Declare a license or risk losing participation
- Beth Noveck predicts two phases of open government in TED Talk
- Google Play services and OAuth Identity Tools
- The elusive book publishing process: A little risk, a little reward
- Taking reality seriously: Towards a more self-regulating management model at Statoil
The new software hygiene: Declare a license or risk losing participation Posted: 27 Sep 2012 03:00 AM PDT I had the privilege of working with David Tilbrook almost 25 years ago. He was the first person with whom I ever worked that clearly articulated proper software construction discipline for collaborative endeavours and captured a summary of it under the title, Washing Behind Your Ears: Principles of Software Hygiene. This posting includes an audio/video/photo media file: Download Now |
Beth Noveck predicts two phases of open government in TED Talk Posted: 27 Sep 2012 02:00 AM PDT I recently watched a new TED Talk by the first and former White House Deputy CTO Beth Noveck, delivered in Edinburgh, Scotland. She is really the initial instigator of the modern open government movement in the United States and is now working to make it a reality worldwide. What I like best about her talk is the litany of examples that are happening all over the world—from painting the national budget on hundreds of walls so that locals can comment on it to a Texas wiki that lets citizens and businesses comment on regulations. Take a look: |
Google Play services and OAuth Identity Tools Posted: 26 Sep 2012 12:27 PM PDT Posted by Tim Bray Google Play services has started to roll out and should arrive on virtually all Android 2.2+ devices with the Google Play Store in the very near future. At that point, all those devices will have new tools for working with OAuth 2.0 tokens. This is an example of the kind of agility in rolling out new platform capabilities that Google Play services provides. Why OAuth 2.0 MattersThe Internet already has too many usernames and passwords, and they don't scale. Furthermore, your Android device has a strong notion of who you are. In this situation, the industry consensus is that OAuth 2.0 is a good choice for the job, offering the promise of strong security minus passwords. Google Play services make OAuth 2.0 authorization available to Android apps that want to access Google APIs, with a good user experience and security. Typically, when you want your Android app to use a Google account to access something, you have to pick which account on the device to use, then you have to generate an OAuth 2.0 token, then you have to use it in your HTTP-based dialogue with the resource provider. These tasks are largely automated for you if you're using a recent release of the Google APIs Client Library for Java; the discussion here applies if you want to access the machinery directly, for example in sending your own HTTP GETs and POSTs to a RESTful interface. PreparationGoogle Play services has just started rolling out, and even after the rollout is complete, will only be available on compatible Android devices running 2.2 or later. This is the vast majority, but there will be devices out there where it's not available. It is also possible for a user to choose to disable the software. For these reasons, before you can start making calls, you have to verify that Google Play services is installed. To do this, call isGooglePlayServicesAvailable(). The result codes, and how to deal with them, are documented in the ConnectionResult class. Choosing an AccountThis is not, and has never been, rocket science; there are many examples online that retrieve accounts from Android's AccountManager and display some sort of pick list. The problem is that they all have their own look and feel, and for something like this, which touches on security, that's a problem; the user has the right to expect consistency from the system. Now you can use the handy AccountPicker.newChooseAccountIntent() method to give you an Intent; feed it to startActivityForResult() and you'll launch a nice standardized user experience that will return you an account (if the user feels like providing one). Two things to note: When you're talking to these APIs, they require a Google account (AccountManager can handle multiple flavors), so specify GoogleAuthUtil.GOOGLE_ACCOUNT_TYPE argument as the value for the Getting a TokenThere's really only one method call you need to use, GoogleAuthUtil.getToken(). It takes three arguments: a Context, an email address, and another string argument called scope. Every information resource that is willing to talk OAuth 2.0 needs to publish which scope (or scopes) it uses. For example, to access the Google+ API, the scope is
In an ideal world, getToken() would be synchronous, but three things keep it from being that simple:
The first consequence is obvious; you absolutely can't call getToken() on the UI thread, since it's subject to unpredictable delays. When you call it, the following things can happen:
Here's some sample code:
This is from a sample library I've posted on code.google.com with an AuthorizedActivity class that implements this. We think that some of this authorization behavior is going to be app-specific, so it's not clear that this exact AuthorizedActivity recipe is going to work for everyone; but it's Apache2-licensed, so feel free to use any pieces that work for you. It's set up as a library project, and there's also a small sample app called G+ Snowflake that uses it to return some statistics about your Google+ posts; the app is in the Google Play Store and its source is online too. Registering Your AppMost services that do OAuth 2.0 authorization want you to register your app, and Google's are no exception. You need to visit the Google APIs Console, create a project, pick the APIs you want to access off the Services menu, and then hit the API Access tab to do the registration. It'll want you to enter your package name; the value of the package attribute of the Also, it'll want the SHA1 signature of the certificate you used to sign your app. Anyone who's published apps to Google Play Apps knows about keystores and signing. But before you get there, you'll be working with your debug-version apps, which are signed with a certificate living in ~/.android/debug.keystore (password: "android"). Fortunately, your computer probably already has a program called "keytool" installed; you can use this to get the signature. For your debug version, a correct incantation is: keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -v -list This will print out the SHA1 signature in a nicely labeled easy-to-cut-and-paste form. This may feel a little klunky, but it's worth it, because some magic is happening. When your app is registered and you generate a token and send it to a service provider, the provider can check with Google, which will confirm that yes, it issued that token, and give the package name of the app it was issued to. Those of you who who've done this sort of thing previously will be wondering about Client IDs and API Keys, but with this mechanism you don't need them. Using Your TokenSuppose you've registered your app and called GoogleAuthUtil.getToken() and received a token. For the purposes of this discussion, let's suppose that it's "MissassaugaParnassus42". Then all you need to do is, when you send off an HTTP request to your service provider, include an HTTP header like so: Authorization: Bearer MissassaugaParnassus42 Then your HTTP GETs and POSTs should Just Work. You should call GoogleAuthUtil.getToken() to get a token before each set of GETs or POSTs; it's smart about caching things appropriately, and also about dealing with token expiry and refresh. Once again, as I said at the top, if you're happy using the Google APIs Client Library for Java, it'll take care of all the client-side stuff; you'll still need to do the developer console app registration. Otherwise, there's a little bit of coding investment here, but the payoff is pretty big: Secure, authenticated, authorized, service access with a good user experience. Join the discussion on +Android Developers |
The elusive book publishing process: A little risk, a little reward Posted: 26 Sep 2012 04:00 AM PDT My favorite thing about the Internet is the way it makes so many of us into storytellers. It turns people on to sharing their own experiences, especially experiences they might be uncomfortable relating in person. My enthusiasm for the Internet's encouragement of transparency extends beyond digital confessionals and group therapy and well into the mundane: instruction manuals; wikis packed with the sort of minutiae one used to have to wait to overhear at a cocktail party; and the open listserv a friend maintained as a shared journal, where my every entry addressed the lone lurker no one knew (but who seemed to be named Paul and kept showing up in the output of a REVIEW DIARY-L). |
Taking reality seriously: Towards a more self-regulating management model at Statoil Posted: 26 Sep 2012 03:00 AM PDT Statoil is a Norwegian oil and gas company with activities in 34 countries, 20000 employees and a turnover of around USD 90bn. The company is listed in New York and Oslo. On Fortune 500, it ranks #67 on size but #1 on Social Responsibility and #7 on Innovation. |
You are subscribed to email updates from Developers by Davis To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |
No hay comentarios:
Publicar un comentario