Notes2 comments
03
Jan 12

Simple behind-the-scenes API authentication with OAuth2

Like many others I’ve been spending a lot of time with OAuth2 lately. The single-sign-on system we’ve built at GDS acts as a very simple oauth provider for our other apps (effectively just joining up the oauth2-provider and devise gems), and we’re probably going to be extending our API adapter code so that we can use it for those apps whose APIs need authentication.

What I’d not explored for a while was the simplest way to implement app-to-app oauth where there’s no UI for user interaction so over the New Year break I pulled something together for another project. It’s all pretty straightforward but not very well documented so I thought I’d better share.

The easiest thing to do if you want to allow an oauth client to work with your app is just to generate the ID, secret and access token for whoever’s responsible for the app and to provide them (securely) for direct use.

In order to do that in the rails app I was focussed on I knocked up a class to help me with that when using the aforementioned oauth2-provider:

and then a few rake tasks for interacting with it:

In the oauth-provider world, any “authorization” can be owned by a resource, which is any other model in your app. In a standard app like our SSO solution that’ll probably be a user, but in the app I’m working on here it’s an organisation that may have many users. You get access to that resource in your controllers with, eg:

And with that I had my API protected using everyone’s favourite standard authentication protocol.

NotesNo comments
02
Jan 12

Outside-In APIs

We spend a lot of time at work talking about APIs so Anant Jhingran’s “Six API predictions for 2012” was a particularly relevant read among the current glut of review/prediction pieces.

The section on “API-centric architectures” particularly chimes with our approach and the idea of an “outside-in model” resembles what I was getting at in “Building APIs, building on APIs“. I quite like the use of the phrase “outside-in”, and the iterative approach implied in:

In an outside-in model, one would start with easy consumption (read REST) of perhaps “chatty” APIs and then improve upon them. This is in contrast to thinking performance first and ease of use second.

As with anything user-centered this approach does require some sense of who those users are, and as ever that’s going to be the biggest challenge in most cases. To follow through, organisations are going to need to be proactive in understanding the value for others in our systems and try even harder to approach them as outsiders might.

NotesNo comments
05
Oct 11

Where Is He Now?

Nearly five months ago we revealed Alpha.gov.uk. And then this blog became even quieter. It’s been a few months of big transitions, two of which had to be kept quiet for a while. Since I last wrote here we’ve been busy arranging a move of house (from Harringay to Homerton), have discovered we’ve got another child on the way, and I’ve become a Civil Servant.

All three are exciting changes, but it’s the last that I sat down to write about here. For several years I’ve been working on building Ket Lai, initially alone, then with James Weiner, and gradually with a wider selection of collaborators. Things were going well, and we were building up a solid base of clients and getting close to having a couple of products of our own to release. But when the call to the public sector came, it didn’t take long to agree that we’d put Ket Lai on the back-burner and jump on board.

It’s a really exciting time to be joining, becoming part of the new Government Digital Service team and working (as tech lead) on the new Single Domain beta. We’ve had some great new people sign up to join us over the past few weeks, building a team I’m really enjoying working with.

For those who want a little more detail I’ve written a couple of pieces for the GDS blog: one about our approach to APIs and another about our platform choices.

AnnouncementsNo comments
11
May 11

Alpha.gov.uk is GO!

Late last night I commented out the HTTP authentication settings, and Alpha.gov.uk was live.

I’ve not slept much since then, but so far everything seems to be running smoothly. Apart from my email and twitter clients which are swimming in a deluge of feedback.

There’s a quick post from me on the Alphagov blog exploring the way we’re handling geographic information and place names. A longer post is coming later in the week with an outline of the technical architecture of the site, and a few more will follow exploring more nitty gritty details.

For now, please take a look, and let us know what you think!

NotesNo comments
09
May 11

Reading before writing (about alpha.gov.uk)

I’ve been working on an entry for the Alpha.gov.uk blog for publication later this week. The idea is to give a quick overview of how we’ve approached the technical side of building that prototype. It’s been tricky as we have a very diverse audience and a lot of ground to cover, but hopefully it’ll be a helpful start and the coming (post-reveal) weeks will allow a bit more space to expand on some of the key components. Maybe even open source a thing or two?

As I was writing a few links crossed my radar that felt relevant but didn’t fit in the post itself, so I thought I’d compile them here. None of them have had a direct impact on my post, but there are tangential connections aplenty.

Varnish 3.0 Changes: We’re using Varnish quite heavily so it’s good to see some momentum behind its new version. We were bitten by the behaviour of Edge-Side-Includes with gzip’ed content so I’m particularly pleased that that’s getting some love.

If all you have is a hammer…: Rachel Andrew explains why she uses wordpress rather than one of her company’s CMS products. It’s a very good response, and I’m hoping we’ve exhibited a similar pragmatism in architecting (which sounds overly grandiose, perhaps “piecing together” would be better) Alpha.gov.uk.

What is #devexp?: Adewale Oshineye’s write up of a set of ideas around how to improve the experience of using development tools and libaries: “Developer Experience (#devexp) is an aspirational movement that seeks to apply the techniques of User Experience (UX) professionals to the tools and services that we offer to developers.” It’s a far cry from where we currently are with Alpha.gov.uk tools but I’d hope some of this thinking will be included in any future development programmes.

Summary of the Amazon EC2 and Amazon RDS Service Disruption in the US East Region: We’re heavily dependent on Amazon EC2 for alpha.gov.uk so I was glad they published such a thorough explanation of what caused their recent outage and what they’re doing about it.

Alpha Conversation: Richard’s post on accessibility kicked off a flurry of discussion on Saturday morning. Public Strategist pulled some of it together. It’s great to see our work triggering public debates in just the way it should.

Cloud Foundry Blog: VMWare’s work on CloudFoundry is really impressive and if it had come along a couple of months earlier we might well have been tempted to make use of it. As it is, I’m looking forward to playing with it more once alpha.gov.uk settles down a bit.

AnnouncementsNo comments
29
Mar 11

And so we’re revealed… AlphaGov

Last time I got round to writing weeknotes I mentioned an exciting new project. I wasn’t meant to say much about it, which is part of the reason that was the last time I got round to writing weeknotes. But today a post on the Cabinet Office digital engagement blog took the wrappers off and we can begin to talk about what we’re up to.

For the past few weeks we’ve been hard at work on an alpha version of a new “single domain” website for the UK government. From the first time I chatted with Tom about the project it was clear it was going to be something special, and an opportunity not to miss. And so far it’s certainly that. We’ve got a great team working flat out to produce something very special–though I should heavily emphasise that it will be an alpha release–for release early in May.

Hopefully the schedule will allow me to talk a bit more about what we’re working on, or at least about my contributions as Tech Lead. But that schedule’s tight, so I’m not promising anything!

In the meantime you might like to check out Jemima Kiss’ piece on the Guardian PDA blog or Simon Dickson’s piece.

You might also like to follow @alphagov on twitter, check out our team twitter list and/or follow me.

Uncategorized1 comment
24
Mar 11

SxSW Interactive: A federated future?

It’s a week now since I got off the plane home from my second SxSW Interactive. I’ve primarily spent the intervening time catching up with work, but it’s also provided a little space to read a few other peoples’ take on the event, to listen to the Tech Weekly podcast that the Guardian produced at the event, and to look out for patterns.

It seems I was far from alone in starting this year’s South By complaining about the size, but then finding that that subsided as the week wore on. It definitely had a very different feel from just two years ago (and even then people were commenting on how big it was). With events spread around town, distance between talks was a very real consideration in choosing what to go to. Or whether to go to anything at all. Most of the central food establishments had intimidating queues.

There was clearly a scaling problem. But as time wore on the usual “must go to panels” panic subsided into a focus on talking to people and enjoying Austin, and the hidden gems revealed themselves. We discovered that our friends had discovered the quality of the coffee served by Matt and his team at Frank, and that hanging around the front of that establishment was a good way to find people. And of course we fired up Foursquare, which suddenly opened up a lot more of what was going on.

(not firing up Foursquare until a couple of days in may count as my biggest blunder of SxSW 2011 – I installed it at SxSW 2009, used it for a while after it launched in London, and then abandoned it a year ago. In its home territory of a huge tech conference it is a useful tool, and the new ‘social atlas’ features are well put together)

Kellan’s point that this was the first anti-social SxSW, where public declaration was replaced by small group sharing, seems to have been borne out, at least in the way Foursquare almost entirely replaced use of twitter for letting people know where you were.

A pivotal moment for me came in the session on Edinburgh, Austin & The Future of Festivals where a comment was made that perhaps SxSW hasn’t grown too big, it’s just not yet big enough. Pointing to the example of the Edinburgh fringe, the commenter appeared to be suggesting a new feel for the event as it began to spill out of the convention centre and a new equilibrium that might follow. I found that a pretty compelling idea, and one that I mentioned to a number of people (including Adam Greenfield, who has subsequently touched on the point on the Urbanscale blog).

For me that chimed with the fact that one of the most interesting events (and one that I missed) was the fringe session run by Etsy on ‘code as craft‘. It sat alongside SxSW, a few blocks from the convention centre, but it wasn’t an official event and didn’t require a badge. Combine that with another pertinent post from Kellan suggesting that AirBnB was the breakout app of SxSW as it provided accommodation when the hotels were overflowing (it worked very well for us) and you do have strong hints at a more distributed SxSW Interactive. It’s going to require a lot of work from a lot of people, some letting go on the part of the core organisers. But as I discovered on my last day in Austin, it’s not at all dissimilar to the way SxSW Music went years ago.

One thing I would love to see–but almost certainly won’t have time for myself–would be some mapping of how people navigated SxSW. It seems like Lanyrd, Sched, and a few others have a whole pile of data that could be combined with twitter networks to give a sense of what patterns there are in how people choose their sessions. I didn’t like the “streams” in the programme at all, but it certainly felt like there were common themes running through the schedules of a lot of people I knew. Anyone want to take a stab at that? It could be useful for next year’s conference programming team.

UncategorizedNo comments
11
Mar 11

Fair Trade Letter Forms

Ben wrote a piece about a typeface that a lot of people in the UK will have seen around, and are hopefully seeing a lot of at the moment. It’s the one being used by the Fairtrade Foundation on all their materials, and it’s really quite nice. We don’t often hear the stories behind fonts, but since Fair Trade is in large part about hearing the stories behind things we take for granted it’s good to hear this one. So head over to Noisy Decent Graphics and have a read.

NotesNo comments
11
Mar 11

Empowered, engaged adults

Matt Thompson’s “A 5-minute framework for fostering better conversations in comments sections” has cropped up in my twitter feed several times over the past few days but it wasn’t until the flight to SxSW that I got a chance to read it. It collects together lots of sensible stuff, and distills it quite helpfully. Definitely something I’ll come back to next time we’re designing commenting systems, or their like.

But the line that really leapt out at me was:

“The very best filter is an empowered, engaged adult.”

(It comes along as part of a response to Clay Shirky’s comment that “There is no such thing as information overload, there’s only filter failure.”)

It seems to me like a very handy telling of something we don’t hear often enough. In all the chatter about what living in the flow, and what being surrounded by twitter and the like will do to our brains, there’s a lot of taking sides, some discussion of automated filters, but not really enough stepping back and wondering what it means to be an “empowered, engaged adult” in the midst of it. We can entirely disengage, we can build better software, but at some point we always need to fall back on self-awareness and self-restraint to mediate whatever we’re surrounded by.

(it feels quite appropriate to be saying that while on a plane (and hence disconnected) and at the start of Lent)

UncategorizedNo comments
06
Mar 11

Week 182

So I’ve clearly fallen off the weeknote wagon. A big, new, exciting project came up a few weeks back and almost everything has slipped as we’ve dug into it. We’re working with a much bigger team than usual, in a different location to usual. It’s quite a change.

There has been time to slip out one new site: a simple presence for Sheridan Tongue’s soundtracks to the BBC series Wonders of the Universe. Sheridan’s contributed the score for both Brian Cox’s “Wonders” series (the latter of which is on TV as I write this) and it’s been great to work with him on getting the site together.

There’s another reason I’ve not been writing here, which is that my writing time and energies are currently distracted by a growing 750words habit. For years I’ve meant to set some time aside each day to write, and at present that site and it’s daily email reminders are working pretty well to make that happen. Hopefully in time it’ll spill over into more frequent blogging, but for now it’s providing a very helpful space to step back and reflect each day.

← Older Entries