Here is the body of an e-mail that I got announcing that the latest CTP of BizTalk Services has been released and is ready for us to start working with and providing feedback on.

Announcing the BizTalk Services "R12" Release

We're thrilled to announce that the BizTalk Services "R12" Community Technology Preview (CTP) is now available for general use.

"BizTalk Services" is the code-name for a platform-in-the-cloud offering from Microsoft. Currently in active development, BizTalk Services provides Messaging, Workflow, and Identity functionality to enable disparate applications to connect quickly and easily. Combined together in an integrated offering, these capabilities deliver a Service Bus architectural pattern that is immediately usable by applications that need to connect across the Internet.

Many enterprises employ the 'Enterprise Service Bus' pattern to interconnect disparate systems within an organizational domain. Built on Microsoft platform technology, an ESB might include building blocks such as Windows Server, Active Directory, BizTalk Server, as well as the Windows Communication Foundation and Windows Workflow Foundation technologies included in the .NET Framework. "BizTalk Services" extends the concept of an ESB to truly exploit the Internet, for instance by exposing individual service endpoints in a secure fashion or by selectively federating elements of distinct identity systems to facilitate cross-company collaboration.

For ISVs and Solution Providers creating specialized business solutions that enable collaboration and information exchange across increasingly mobile and distributed work-forces, "BizTalk Services" provides the cloud-based platform building blocks to create sophisticated (Internet-) Service Bus solutions with broad reach that could otherwise only be realized by operating dedicated Data Centers of significant complexity - which is often out of reach for both, ISVs and their customers.

Major Changes

With the release of BizTalk Services "R12", developers must update all clients and SDK installations to the new release.

New in R12 - Workflow

The most exciting new capability we've added in the "R12" CTP is Workflow. These new cloud-based Workflow capabilities enable 'service orchestration' from the cloud. This specialized cloud-based, or hosted, Windows Workflow Foundation runtime can orchestrate services that connect to systems in your enterprise, or to systems running anywhere on the Internet via Web services messages. This new power and capability will enable an entirely new set of application scenarios, and we're very excited to see what people will do with it.

In the SDK you will find samples showing how to create and control Workflow instances hosted on the BizTalk Services cloud, including a sample Workflow implementation that monitors the availability of a website and fires multicast events into the service bus indicating the state.

New in R12 - Identity

For R12, the BizTalk Services Identity Service has been expanded and enhanced to enable more flexibility for scenarios demanded by our customers. R12 introduces a new approach for creating, viewing, and managing access control rules. This approach relies on a few key principles outlined below:

* Every Identity Service account owns a Security Token Service (STS).

* An STS is composed of one or more scopes.

* A scope contains zero or more access control rules.

* An STS owner can grant another Identity Service account permission to edit the access control rules in a scope

A practical illustration to clarify:. The Messaging Service owns an STS whose root scope is http://connect.biztalk.net/services/. When you create a new account (newaccount) in the Identity Service, the messaging service creates a new scope http://connect.biztalk.net/services/newaccount. The Messaging Service then grants (newaccount) the permission to create access control rules in that scope. Any communication endpoints hosted there can thus be secured by the owner of the scope. Rules from R11 accounts have been migrated to the "root" scope of the new account.

On the protocols front, we've added several new capabilities for 'REST' services. We now support integration with Windows Live ID and have added RFC2617 Basic and HTTPS/Client Certificate support for acquiring security tokens using simple HTTP GET requests.

New in R12 - Messaging

Connectivity Modes

The most fundamental new feature area in the Messaging service are the new 'connectivity mode' settings on the RelayBinding. Before this release, BizTalk Services clients and listeners always required outbound TCP ports 808 and 818 to be available for connecting to the BizTalk Services cloud for all connection modes except the clients of a listener running with ConnectionMode.RelayedHttp.

In this release we are introducing three different connectivity modes: Tcp, Http, and AutoDetect. The connectivity mode can be set on a static property of the RelayBinding. The Communication\ExploringFeatures\ConnectionModes\Multicast sample shows how. For clarity: 'Connection Mode' defines the type of end-to-end connection that is to be established through the Relay. 'Connectivity Mode' defines how a particular endpoint connects up to the Relay.

The 'Tcp' connectivity mode is the most efficient one and works as in previous releases. The 'Http' mode is new. It creates a volatile FIFO buffer for messages in the BizTalk Services cloud and polls for messages using HTTP 'parked requests'. The Http model exhibits delivery latency characteristics similar to Tcp mode, albeit with slightly higher bandwidth consumption on idle connections. The 'AutoDetect' mode will check whether TCP connectivity is available and will choose 'Tcp' if that's the case and 'Http' otherwise.

The new HTTP-based connectivity option is only effective for the RelayedOneway, RelayedMulticast and RelayedDuplex connection modes. RelayedDuplexSession, HybridDuplexSession, and RelayedHttp (listener only) still require TCP connectivity at this time.

Transport Credentials and Unauthenticated Access

Also, in the "R12" release, the model for specifying the client credentials for the Relay has now been closely aligned with the standard WCF client credentials model. Instead of picking and instantiating token providers, there is now a TransportClientEndpointBehavior that holds all credential information and credential types. The samples in the Communication\ExploringFeatures\RelayAuthentication of the SDK download clarify the use of this new behavior.

We have added a pair of 'WebNoAuth' samples which introduce a new capability that we had a lot of requests for: Unauthenticated client access. When registering a service listener you can now explicitly waive the authentication requirement for clients connecting to your service. This is very useful in Web scenarios where you want to enable any HTTP client to connect to your service and don't want them to authenticate in any way. For the time being we suggest that you always use this new unauthenticated access mode for RelayedHttp services until we release the update for the 'Web' client authentication capability.

For R12, we have omitted the 'Web' (REST) samples for Relay authentication since that area is undergoing some substantial protocol changes. The update for this will be released soon. In the interim, existing applications that were built on a prior release of the BizTalk Services SDK to use the authentication technique shown in the R11 'Web' sample must be modified to use unauthenticated access as shown in the new 'WebNoAuth' sample.

Give it a try

The new BizTalk Services "R12" CTP is online and available now for your use. The SDK is available at http://labs.biztalk.net. If you already have an account for BizTalk Services, your accounts and settings have been migrated to the new environment. If you don't have an account yet, just sign up, download the SDK, and get started creating the new generation of connected applications.

Tonight we will be having our monthly meeting of the Utah County .NET User Group. As always our meeting will be held at the NuSkin Network Operations Center at 1175 S 350 E Provo at 6:00. Tonight we will have a short presentation on WCF and then have some time to answer coding questions you might have.

Yesterday I got an e-mail saying it was and open letter from United Airlines to its "best customers" about the high cost of fuel and how it is causing problems in the industry. The gist of the e-mail was that speculation on the cost of oil is what is driving up the cost of oil and that the government needs to regulate the market to save us all from high fuel prices. I was immediately suspicious because I have flown United Airlines but do not have enough miles to be awarded any status in their frequent flier program. The e-mail was "signed" by the executives of several airlines asking me to  I didn't click on the link for several reasons.
1. I was busy and didn't think I had the time.
2. The text on the link and the actual link didn't point to the same web site. The link goes through unitedoffers.com which could be a web site by United Airlines but I didn't want to spend the time to check it out.
3. As I already stated I was a little suspicious of the "best customers" claims.
4. I generally don't click on links in unsolicited e-mail but instead prefer to go directly to the web site linked to.
5. The emotional nature of the subject. When I get an e-mail that gets me fired up and angry I always try to stop, calm down, and think a little before I do anything with it. This was drilled into me early on in my career by a VP of Software Engineering who would talk a lot about Carreer Shortening Moves.

Later in the day yesterday I got my monthly notice from Delta Airlines about my frequent flier account. Since I fly with Delta and have a lot of frequent flier miles I was sure they would mention this open letter since they were one of the signers. They didn't so I was pretty sure it was a phishing e-mail. I went on my way smug in my assurance that I had done the right thing.

As I was watching the local news they ran a story about the open letter. The story was more about the rising cost of fuel for airlines and the number of layoffs each airline had announced for this year but they did mention the open letter. So then I got to thinking that maybe the letter was legitimate.

This morning I spent a few minutes looking around for the answer to the question on whether the e-mail is valid or not. Here is what I found out.

When I went to the TV station's web site I couldn't find the article in the list of most recent articles. I also tried their search on the site but it couldn't find the article either. That makes me wonder why other stories from last night are on the web site but not that one. [+1 for phishing e-mail]

I checked the United Airlines, Delta Airlines, and Delta Airlines blog sites but didn't see the open letter mentioned on any of them. [+3 for phising e-mail]

Unitedoffers.com redirects back to the United Airlines web site. [+1 for legitimate e-mail]

I typed in the address of the link in the e-mail. The site looks like it is calling for reform of the oil speculation market. I haven't clicked on any other links. [+1 for legitimate e-mail]

Doing a Live search and Google search for the web site bring up the web site, a lot of people asking in forums if this is a real site, and some descriptions like this one:
"Go to the web site and enter your zip code so your representatives can be identified. Next, enter some personal information and emails get sent to the peeps that made an oath to serve." [Neutral since I don't know what personal information they are collecting]

In the end analysis I decided that I wasn't curious enough to go to the web site and enter my personal information (or even get to the page where I could see what the information they are asking for is) so I may never know if this is a legitimate e-mail or not. If I start seeing it posted to the official web sites of the airlines that supposedly signed the document I will probably decide that it is legitimate and then see if I want to sign the petition. The other thing that I have decided to do is to give into the emotion that I felt when I first read the e-mail and look up the e-mail address of my Senators and Representative and ask them if they have seen this and if there is anything that they can do.

According to eWeek at http://www.eweek.com/c/a/Application-Development/Microsoft-to-Deliver-SQL-Server-2008-in-August/ Microsoft announced that SQL Server 2008 will be released next month. I have been playing with the release candidate 0 for the last couple of weeks, specifically looking at the spatial data types. I have enjoyed it and can see many applications for this technology. I am looking forward to the full release.

Make sure that you check out the list of webcasts for .NET 3.5 at http://www.microsoft.com/events/series/msdnnetframework35.aspx?tab=webcasts&id=liveall. There are several webcasts scheduled for this month by a bunch of good speakers.

Microsoft has set up a new web site for Windows CardSpace. It is geared to the end users and will be useful for people like my parents to help them understand what Windows CardSpace is and why it might be important to them. It doesn't have any technical information (although it does link to several useful sites) so I wouldn't expect it to be some place I visit daily but I hope it will help to grow the number of people who understand the advantages of Windows CardSpace.

There has been a lot of press coverage about Bill Gates leaving his day-to-day activities at Microsoft to focus on philanthropy. As I have been reading them I have been thinking about what it will mean for Microsoft. I have seen several companies where the founders have left. In most cases the transition was smooth because everyone understood their jobs and realized that what they were doing wouldn't change. Over time, however, the new leadership started to change things and the companies took on a new feel. This transition happens every day on a much smaller scale when a manager leaves a team or sometimes even when a new member joins a team. What makes this so newsworthy is the size of Microsoft and the effect that it's products have in our everyday computing life. I would venture to say that even if you have never used Windows (say using *nix or the Mac exclusively) you are still influenced by what Microsoft does just because people will ask you questions about their Windows machine.

I wish Bill Gates the best of luck in his new ventures and hope that his work will have a huge positive effect on the world. It would be nice if we could see some of the diseases that have been eradicated in the United States completely eradicated in the world, learning opportunities for more of the people in the world, and technology solving more problems that don't revolve around profit and loss. I don't know that it will lead to world peace but we can always dream that someday all of the efforts of the good people in this world will lead to something like that.

I am sure you have had a time in your life when it seems like everyone gives you advice. It might be graduation, marriage, the birth of a child, a change in jobs or something that prompts the people around you to offer advice. Most of the time you are forced to smile pleasantly, act like you are going to take the advice, and then wait until the giver of the advice is out of earshot to mumble to yourself about how you wish people would leave you alone. Occasionally you really need advice and go looking for it. One of those cases might be if you thought that your personal information had been stolen. You would expect that the government that had issued the identity claims would have the best advice on how to fix the problem.

I read an article about the web page at http://www.hmrc.gov.uk/manuals/nimmanual/NIM39140.htm that will tell people in the UK how to handle the case of their National Insurance Number has been abused. (The original article likened the National Insurance Number to the US Social Security Number but whether they are similar or not isn't really important here, just that someone thought you should have a way to report/fix fraud of the National Insurance Number.) The web page has a title that boldly proclaims:

NIM39140 - National Insurance Numbers (NINOs): Format and Security: What to do if you suspect or discover fraud

You can see from the formatting that there are several paragraphs and bullet points that should give you the information that you need. However each and every paragraph and bullet point is replaced by the text:

(This text has been withheld because of exemptions in the Freedom of Information Act 2000)

This leaves you wondering what you should do if you suspect or discover fraud. I haven't looked around to see if there is any information on another web site or if you are just stuck going back to the people who always give you advice and asking for some. This time, however, you will need to listen closely and follow their advice.

I meant to blog this earlier but the page at http://www.microsoft.com/events/series/msdnnetframework35.aspx?tab=webcasts&id=live lists the webcasts for the .NET Framework 3.5. There are several 100 level webcasts on ADO.NET Data Services and WCF to help you get started along with some 400 level webcasts for those who want to go deep into the technology.