FSSO - where are we?
With so many federated sign on specification out there, it was becoming really tough to keep track of them. The way I see, we can divide them in to community site initiated Identity URL based specs like SXIP (new addition), LID, OpenID, i-names(XRI) vs standard/large vendor initiated identity token based specs like SAML, WS-Federation and infocard.
Given that the community initiated specs based on URL based Identity have come together under YADIS (except SXIP and I am hoping they will join the party soon), where does that leave us with WS-*, SAML, Microsoft Infocard and Passel (with counter-signed and self-signed attributes). While the community based FSSO specs are consolidating, the businesses are rolling out services mostly using SAML to perform FSSO between the services that they are providing. We are still waiting for the Infocard and WS-Federation to pick steam. It seems that the infocard may be obsolete by the time it comes out if YADIS is accepted by the community (unless they find a way to coexist which I do not see at the moment given the love of SOAP on Infocard side and love of REST in the URL based identity) and SAML becomes the norm in the Business business community.
At this point one thing that is bothering me is complete lack of initiative from Yahoo, Google (more important) and ebay on the FSSO front. If these company "don't get it", the community based initiative may not succeed (unless somebody figures a way to integrate with them without their involvement). But the basic question is why should these companies "get it" i.e. what are they going to get out of this? Only benifits that I see for these portal companies is the ability to sign on more partners who would like to receive some sort of users' identity for better marketing purpose. So, the idea would be that as soon as you click on an advertisement, search item or any link to the partner site, the basic identity from these portal would flow to the partner site giving them the ability to customize the website based on the attributes like age, location, name, gender, etc. Obviously, this will extensively utilize anonymization techniques (like that part of SAML 2.0) to ensure that user information is not given out without his knowlege. At this point the game is getting very dynamic. A single new annoucement may change the way FSSO would grow over next few years which makes the whole game all the more interesting....
Given that the community initiated specs based on URL based Identity have come together under YADIS (except SXIP and I am hoping they will join the party soon), where does that leave us with WS-*, SAML, Microsoft Infocard and Passel (with counter-signed and self-signed attributes). While the community based FSSO specs are consolidating, the businesses are rolling out services mostly using SAML to perform FSSO between the services that they are providing. We are still waiting for the Infocard and WS-Federation to pick steam. It seems that the infocard may be obsolete by the time it comes out if YADIS is accepted by the community (unless they find a way to coexist which I do not see at the moment given the love of SOAP on Infocard side and love of REST in the URL based identity) and SAML becomes the norm in the Business business community.
At this point one thing that is bothering me is complete lack of initiative from Yahoo, Google (more important) and ebay on the FSSO front. If these company "don't get it", the community based initiative may not succeed (unless somebody figures a way to integrate with them without their involvement). But the basic question is why should these companies "get it" i.e. what are they going to get out of this? Only benifits that I see for these portal companies is the ability to sign on more partners who would like to receive some sort of users' identity for better marketing purpose. So, the idea would be that as soon as you click on an advertisement, search item or any link to the partner site, the basic identity from these portal would flow to the partner site giving them the ability to customize the website based on the attributes like age, location, name, gender, etc. Obviously, this will extensively utilize anonymization techniques (like that part of SAML 2.0) to ensure that user information is not given out without his knowlege. At this point the game is getting very dynamic. A single new annoucement may change the way FSSO would grow over next few years which makes the whole game all the more interesting....
Comments