Internet-scale identity systems
If you're interested in what's happening (and there's a lot) in the world of user-centric and federated identity you'll want to know about Microsoft's CardSpace, OASIS' SAML, OpenID and the Liberty Alliance's ID-Web Services Framework (ID-WSF), all of which I have discussed here in one way or another. Given recent
developments, it's also important to understand the interplay between these different systems.
Ping Identity (who is not a client) has recently published a
very useful white paper, which goes into these issues in some detail. The paper uses the interactions between a user, a service provider/relying party and identity provider to define a framework which considers the pros and cons of the different systems in terms of the identifiers they support; how they deal with attributes; authentication mechanisms; the flow of identity data and the involvement of the user; trust models and discovery mecahnisms. It concludes with a number of use cases which highlight how the systems can be used to together in a way which exploits their mutual strengths.
Definitely worth a read.
Labels: identity
