A couple of days ago we had a long holiday down here in Argentina for easter and I had some free time. I was very busy in last months (you may notice my blogging absence) and I didn't had the chance to do something that exceeds my current projects (which are very interesting).

Browsing the web I found a very interesting specification of an Access Control mechanism based in Xml that was something new for me, called XACML, released by Oasis. I heared about WS-Security and some other specs in WS-* but none of them are based in Access Control, and I also love rule engines and this spec is something very similar to a rule engine. The spec is version 1.0 and a small update in a 1.1 version, the WG is currently working in the 2.0 version which is a draft but there are some public documents to see their work.

I liked the way the express the policies and the requests over that policy and how the scema can be extended with custom features. I also liked to experience what means implementing a speification. I always feel that some specifications does not covers all the questions you may had about the behavior or the implementation, and I wanted to experience by myself.

The results are very interesting, you may find the code here . The code is very draf but it's working, all ConformantTests are passed, it needs some documentation and I hope I have more time to add new functionality and start updating the engine to the the next version 2.0, probably working in Whidbey, using all the cool new features. And this is also the first .Net implementation and the only one supporting Hierarchical resources.

The code is in SourceForge so you can get the code and see how its working. And there's also a ZIP release you can download and execute the code using the ConformanceTests that you can find here.The project includes the Core code, a simple console test that can be executed specifying the Policy and the Request, and a set of NUnit tests that can be executed to test all the Conformance Tests.

Of course many issues were found in the specification:

Assumption of the resource-id dataType

There is only a single place in the document that makes reference the resource-id data type is a URI (line#4505), but many features like hierarchical resource depends on the data type. So if the attribute will always be a URI why specifying the dataype.

XPath current node assumption

The AttributeSelector element description does not describes what is the current node used for the XPath expressions. Many tests uses // which does not matters what is the current node, but many other uses ./ which means the current node is assumed to be some node, and there's no description about it. I used the ConformanceTests to guide me, but they are inconsistent, it means, if I set the current node to satisfy a test another test will fail.

Missing desription about how to determine the hierarchically relationship between resources

There's no description about how to determine the hierarchical relationship beteween two resources. And this is related the the first issue, if the resource-id is not a URI what happens.

Incorrect and incomplete ConformanceTests

The conformance tests are incomplete and they don't have much explanation about what is the expected behavior, and why that behavior is expected. Some others are inconsistent, for example the XPath sentences that start with ./

If during the evaluation there are two errors: missing attribute and processing error, which one should be notified in the status code?

There is not information about the precendence of the errors and I have to use the ConformanceTests to guide about them.

Match vs. Condition

Match can only be used with functions that receives 2 parameters (an AttributeValue and a chioce of a Selector or an AttributeDesignator), why this limitation? The same concept of the Condition can be used here and the implementations will look very clear, and also allows the usage of functions that have more than two parameters.

XSD difference in .Net

The XSD Schema included with the specification defines the ResourceContent element using the following: <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> but using the .Net schema validator elements fails because the contents of the RequestContents are not valid, so I have to change the processContents to "skip" in order to make them work in .Net. Probably this is because of my ignorance in XSD.

I was talking to a friend of mine called Mario "Cubano" Rodriguez who is a Java guy that have started working in .Net, he's a very smart guy and he really likes to talk about development and programming languages. He's very advocated to create some support for C# similar for the features provided by Eiffel and he created an interesting implementation of it using the ContextBoundObject interception and an Xml configuration file to place the invariant rules, preconditions and postconditions. He can place rules for his objects in an Xml file using any .Net languaje and the framework can apply those rules on every object usage during runtime.

I asked him why he does not uses attributes and he says the problem of placing rules in atttribues is that he must recompile his code every time a rule is changed. And he's correct. I was thinking about that and the original idea of the Atrtibutes was the ability to extend the language "expresiveness" without extening the language itself. It's a great solution for the __export in MS C compiler, for all the IDL language in the C++ compiler, and many of the #pragmas in the C/C++ compiler. But some information is related to the program structure (in/out parameters, parameter marshall information, external methods) that should not be changed without also changing the code implementation. But some other metadata information may be changed without having to recompile the code (transactions, security attributes, business rules, etc).

So I really like to have a framework to extend the compiled metadata with an external file, so i can override the metadata in the original assembly. There should be some restrictions in order to provide security, for example the extended metadata should be signed with the same key.

I was wondering how to implement this in .Net, in Java i can create a class loader and the JVM will call my class to load any class, if i have such suppoort i can load the assembly and the metadata extension, merge the metadata in a single assembly and tell the CLR to use that assembly. But seems I can't hook the assembly loader in .Net. So i think the only way to do this is the ROTOR code.

Anyway i'm very busy in theese days to do that so i'll keep thinking about it.

One of the new templates added in Whidbey's BCL is Nullable, which allows defining Nullable providing "nullness" on value types. The usage is very simple:

Nullable oi = null;
Console.WriteLine( oi.HasValue ); // false
Console.WriteLine( oi == null ); // true
oi = 3;
Console.WriteLine( oi.HasValue ); // true
Console.WriteLine( oi == null ); // false

The instance can be null because it's a reference type and the assignment can be done because operators are also specialized for type T.

I don't want to talk about the difference between ValueTypes and ReferenceTypes, or if the performance of the Nullable instances can be compared with the ValueTypes usage. But i was wondering about its usage in applications and probably their usage could be a bit complicated.

Any method that wanted to receive any value will receive an object:

void MyMethod( object t ){}

In the method body any one will query if the value is a ValueType or a ReferenceType. Now we have to ask for the instance to see if it's an Nullable<> instance. But what is the template implementation that will be used to query using the "is" keyword, there's no way to use the template as an abstract base class, so we can't know what is the type without using Reflection.

I have some solution for this. If the Nullable is declared using an interface defining the property HasValue, we can solve the problem because any template implementation will also implement the interface and "is" can be used to query the type of the reference.

public interface INullable
{ 
     bool HasValue{ get; set; } 
}

public class Nullable : IINullable
{
   // implementation
}

He did it again!, yesterday i went to the movies to see Dogville, and i'm amazed. Lars von Tirer is an incredible director, he really knows how to tell a story and how to surprise again and again with each movie he creates.
Dogville is a story about a small american town, the houses are painted in the floor and there are no walls in an incredible scenario, with no sky, no sun, in a black or white environment with only nature noises (birds, dogs, rain).
The people in that town receives a strange visitor (Nicole Kidman) and the movie shows how the town inhabitants react to the visit, how the complete town starts "leaving" with her, in a story full of metaphors and hidden messages.

I'm very glad to announce my MVP award was renewed for the next year, so i'll be an MVP for .Net technologies. This year and the next one i'll be traveling by the region in conferences and courses so i hope i can meet you.
Thanks MS folks and Latam Comunity.

A year ago i have coded an native CLR-JVM bridge that allows to access code from one VM to the other, using P/Invoke, JNI, managed extensions and some .Net vodoo. The approach is very basic, for example to create an instance of a Java class from .Net code you have to write:

try
{
	JavaObject test = new JavaObject( "TestClass", "()V", null );
	test.CallMethod( "Do", "()V", null );
}
catch( JVMException e )
{
	Console.WriteLine( e.ToString() );
}

And in order to call .Net code from Java the following code can be written:

try
{
        DotNetObject dno = new DotNetObject( "mgdsample.dll", "mgd.Sample", new Object[] { new int[] { 23 , 32 } } );
        dno.CallVoidMethod( "Metodo", new Object[] { new String[] { "AVER", "SALIR" } } );
}
catch( CLRException e )
{
        System.out.println( e.Message );
}

The code was for a year in my machine andi really like to share it with you. I hope somebody found this interesting, there's a lot of code, and the code is not "production" code and please forgive any spanish comment. :)
My prototype also include a set of code generators that creates Java and .Net wrappers so classes in the other VM can be called using hard-typed classes avoiding the whole bridgind code.
The workspace with the code and a compiled version can be found here

I'm really excited about this. I hope i can get some time to get my hands on InfoPath and all the development sutff included in this new version.

On last thursday (11/Sep) i gave a conference at a Universidad Tecnológica Nacional (in spanish only) here in Argentina, (about 1:40 hours by plane), talking aobut Windows NT Architecture. Past year i noticed that Microsoft Research had awarded a research project in that university so i really want to mee the team. I had the chance to meet Ing. José Perez who is the team leader, the project is about a solucion supported on Windows CE (with Compact Framework), for anesthesiologists. José is very young an d a nice guy, he's very produd of his achievment, and the whole team (10 people) is working in the university to get this project running. He really likes .Net technologies, Remoting and WebServices, here's an interview in english.
One of the most important thing about it, is that Carlos is hosting the project in the university with graduates, teachers and sudents and the laboratory he had created for this project will stay there, which is a public university with some budget problems. The University is in Resistencia city (Chaco province head) which had 250.000 inhabitants, i mean is not one of the main cities in Argentina.
Carlos told me they are going to apply with a new project this year, i hope they keep walking this way.

How long since my last blog !! I was very busy writing design documents for the new project i'm working now for PAG, but in the mean while:

• Lagash have moved, now i have a new desk at our new office, very comfortable, and pleasant... it's only a block away from my house !!!!... I'm not applying for the not a legend award :)
• I have get my VISA to visit USA so i'll be there at the PDC and try to know a lot of people i have only know by mail or iM
• I was preparing some conferences to talk at universities around here, i have one on Wedneday about Windows NT Architecture for the operating systems courses.
• Coding and learning a lot on the Whidbey Alpha, i love generics and every new feature in C#. There's a lot of new stuff to learn on the next major release.
• Writing a document for the Spanish MSDN (the document was written by Pablo Cibraro here at Lagash) i just place some corrections on the style and added some explanations. The document is about ServiceConfig class in Fx 1.1. it will be published in short.

As you can see i was very busy, and blogging have a lower priority in my scheduler.
I have not posted anything about movies so here's my first recomendation:
Julio Medem is a spanish joung director his movies are very personal only watching 1 minute you can recognize his unique style and the way he develops the story. He have shoot 5 long movies: Vacas (Cows), La Ardilla roja (The Red Squirrel), Tierra (Earth), Los Amantes del Círculo Polar( The Lovers of the Arctic Circle), Lucía y el sexo (Sex and Lucia). The best one is "Los Amantes del Círculo Polar" is a very strange story about two boys growing since childhood. The second best is La Ardilla roja . Anyway you can see any of his movies and you will experience his unique style.

A week ago I started working on a new project for PAG, this new project is a reference document and implementation for an application architecture, it's a very interesting project.... of course I can't talk too much about it here ;). One of the first tasks I was given is researching many different ways to implement COM+ transactions for .Net. code
Of course using COM+ which is very interesting and widely used technology, it's also nd a set of component services totally based in interception. In COM+ aspects are widely used (there's a lot of articles and blogs about this here, here, and here ).
One of the most ugly features of COM+ is that in order to use transactions you must declare a component as "transactional", for example if the component Customer had a method Save and the component Order aslo had a method Save, in order to define an ACID transaction that calls customer.Save and order.Save, both operations within the same transaction, you must declare the component Customer and Order as "transactional". Of course this brings a lot of performance troubles if your Customer component also had, for example, a method SelectAll, because the transaction will lock every record selected until the transaction gets Committed or Rollbacked (Aborted in COM+ terms). The problem is that "transactionability" is an aspect for the execution context, it does not belongs to the Customer or Order components.
There are some solutions for this problem but many of them changes the way you have to code or develop your components.
In COM+ 1.5 (W2K3 and WXP) there's an unpopular feature which is named "COM+ Services without Components", explained in this MSDN article and here is the MSDN documentation, it's a COM component that allows creating a COM+ context (with the desired context feature) without using a COM component to initialize the context. The programming model allows to call a method to create a context, after the method is called, every operation issued over a transactional resource will be included in the transaction until another method is called to leave the context.
Using .NET 1.0 you can define the Interop classes or using Managed Extensions a wrapper can be created so those features can be used in a managed environment. In .NET 1.1 a class called ServiceDomain was included as a wrapper for that feature.
The following code demonstrates how to use it:

// (A) perform any operation on any transactional resource

ServiceConfig svcc = new ServiceConfig();
svcc.Transaction = TransactionOption.Required;
ServiceDomain.Enter( svcc );

// (B) perform any operation on any transactional resource

ContextUtil.SetAbort(); //SetCommit();
ServiceDomain.Leave();

// (C) perform any operation on any transactional resource

After the execution you will notice that operation performed on A and C have been committed, but the operation performed on operation B does not. It's a great feature you can use in .NET.
Some limitations In MSDN says it's only supported on Windows 2003, in Windows XP there's a version of COM+ 1.5 but some people says it's broken.... i run a very simple code and it worked fine.... i really don't have field experience about it's behavior in WinXP. It CAN'T be used on Windows 2000.
There's also a cool feature in COM+ 1.0 called BYOT i was using, and i'm really impressed about it. This allows passing transactions between proceses... and a very simple solutions about how to marshal transactions using Remoting. I'll blog about BYOT in a couple of days.
If you may have some questions you can take a look at the EnterpriseServices FAQ in GDN.