Web Workshop, Tech Summit Plans and Security

Last week, I mentioned my short visit to Gothenburg, Sweden, for a mini web workshop hosted by CAD-Q and promised you more information about it anon.

Well, the time has come to summarise the results from that venue, and also start planning my internal Autodesk Tech Summit proposal, due today, February 7, at the latest.

I was a bit surprised by the contents of the web workshop. I had expected to contribute my part, for an hour or two, and then hear something from the others as well. It ended up running from Thursday at two in the afternoon until after six, and continuing on Friday. Unfortunately, I had to return to Switzerland already Friday morning, and, unexpectedly, the one and only scheduled presenter for Thursday afternoon was me :-)

Web workshop agenda

I ended up presenting on the following topics:

All except the last two have already been covered extensively on the blog, so I had no problem filling the four hours ad hoc.

Autodesk 360 Web Services

In preparation for this workshop, I put together an overview of the A360 web services and their API coverage last week, mainly gleaned from the cloud & mobile platform web service API overview presented at the DevDay@AU in December 2013.

As said, if you are interested in making use of any of the available APIs, please apply to join one of the pilot programs.

REST API Programming

Here are some of the explorations I made so far in various areas of REST API programming:

Wow, that is a bit more than I expected, actually. Please note that most REST APIs are very simple to use. Pick a service that is useful to you and start exploring!

Revit and the Cloud

Revit is evolving slowly but surely (well, actually not so slowly at all) towards a structure that can be split into separate components, and enables individual bits of functionality to be replaced by custom implementations, which may or may not be remote and cloud based, just as you prefer, e.g.:

I think we can expect the use of these kind of externalised services to continue growing rapidly, presenting lots of new customisation and maintenance enhancement opportunities.

RoomEditor – my Cloud-based 2D BIM Model Editor

Also in preparation for this workshop, I summarised the available source code and presentation recordings for my RoomEditor, a cloud-based real-time round-trip simplified 2D BIM model editor.

Most of the work I completed to implement it has been presented extensively by The Building Coder under the cloud, desktop and mobile categories.

Future Plans and Ideas

As said, I am still in the process of submitting a proposal for the internal Autodesk Tech Summit.

I have two ideas in mind:

Adding Security to the Existing RoomEditor

I talked this over with my colleague Gopinath Taget. Here is a quick summary of our discussion:

Question: What security options would you suggest adding to the room editor?

Currently, it consists of two components:

I have not set up any security at all yet.

When setting up a new CouchDB database, it is originally set up as a so-called admin party, a free-for-all setting with no access restrictions whatsoever. Anybody can go to the cloud database and has complete admin rights.

The first step would obviously be to switch on users management and credential handling in the cloud database.

Answer: I think the basics would be:

It is unclear how to secure the REST API itself though. A web API can never be private, unlike a web page that can use login/password authentication. At most, you can require public/private certificates to identify the user making the calls.

You could use certificates to identify the API user and certificates for SSH.

Of course, more complex the app, the more potential for security holes.

Two of the most common vulnerabilities for many web applications are SQL injection (if it uses stored procedures in databases) and cross-site scripting, i.e. someone intercepting the user communication and injecting malicious code into it.

I don't think there is any danger of this scenario in your architecture.

Question: No. 1 is definitely top of the list, as I already stated.

No. 2 also seems high priority and may be covered by CouchDB itself.

I have no SQL, since I am using a NoSQL database, so the injection issue is moot.

Conclusion: Not much to do, really, beyond setting up the access rights and credential handling on the database, which is awfully obvious and very standard.

So maybe I'll skip this idea and go for the second one instead:

Implementing a New More Generic BIM Editor

The current RoomEditor generates its own simplified 2D plan view by determining room boundaries and projecting 3D family instances onto the XY plane.

A more useful and generic approach might base a similar cloud-based real-time round-trip simplified 2D BIM model editor on selected plan views in Revit instead. It might also add an option to include other additional non-graphical properties and parameters, besides the pure minimal graphical data required to interactively manipulate the furniture placement.

Here is a suggestion for such an approach by Samir Balicevac of CAD-Q:

This has a strong similarity to the existing implementation, plus several important advantages, e.g.:

Well, I only have a few more hours until the tech summit proposal submission deadline, so I had better start deciding fast.

WhiteHat Security Presentation

Talking about web application security above, did you ever wonder how hackers find vulnerable websites? Or how much your personal data is worth?

Here is a pretty short and very instructive presentation on these topics by Ashley Hamilton, WhiteHat Security Application Security Engineer, covering the whole range of security from exploit to marketplace and demonstrating:

Here are the direct links to the: