Yet Another Decentralized Identity Interoperability System

Assumptions:
  • Open
  • Identity is in URL format (guess email is not enough?)
  • easy for developer
Profiles
Browser based Authentication:
  1. The service provider contact the IDP URL to get the capability and based on the authentication protocol chosen start the authentication - Now a few things here. First of all this means that SP needs to understand all the authentication protocols i.e. be it LID, OpenID or something else. Does not make a lot of sense but fine, lets continue.
  2. SP uses the "protocol supported way" to redirects user to IP which authenticates the user
  3. Profile exchange: Well if you need to get specific data about the user you need to ask for the Identity URL like IDURL?xpath=field that is needed&lid=SP's Identity
Now only thing is why do we need to have this new "federation" protocol when we already have it in Liberty and SAML. I guess it is all about the removal of SOAP and making the protocol simple. Other than that why sitdown and redo work that people have already done? Won't it make more sense to sit with the others and get a single way to get the same thing. The Liberty has already done the work. It seems the protocol needs to be enhanced just to make the user part of the existing standards and give them control over their data during profile transfer and linking. So guess let's wait and watch.

Comments

Popular posts from this blog

Vendor List

2006 Prediction - Recap

Understanding IAM Technology: Web Single Sign On (Web SSO) Part I - Introduction and Use Case Definition