IIW2007A Concordia
From Project Concordia
Eve Maler facilitated a Concordia session at IIW2007 on 15 May 2007. Thanks to George Fletcher for providing the raw notes and other input that were the basis for the edited notes below.
George's previously published use cases:
- User uses Cardspace to authenticate to a picture service that uses ID-WSF with its billing partner(s)
- Does the RP/SP have to ask for the user's DS-EPR (discovery service endpoint reference)? That seems the simplest.
- What do we do if the user doesn't have a DS-EPR? Can we auto-provision them one? Would this mean activating a managed card?
- How is the identity federation done between a self-asserted card and an IdP identity?
- User authenticates with her college library using SAML and then wants to SSO into zooomr.com
- User uses OpenID to sign in to their favorite hiking site which wants to display their buddy list as part of the site experience
Themes that we see repeatedly in discussions of getting protocols to work together:
- Discovery (XRDS/Yadis...)
- Token transformation (to/from OpenID's representation, SAML's representation, and so on)
- Identifier mapping (linking) of various sorts
- Bringing the level of functionality up (AQE...)
- Assurance/trust measurement
- Privacy preservation
One way to distinguish different ways of solving the "same" use case is to ask: who has the "smarts"? In some cases the IdP may be willing to pick up the slack (often IdPs are willing to speak multiple SSO protocols to satisfy a larger number of RPs). In other cases the RP may have the incentive. In still other cases it may be an option to install or take advantage of a smart client (whereas sometimes you're stuck with COTS browsers). Smart clients could include things like CardSpace and Liberty advanced/robust/enhanced clients.
A favorite saying of Eve's: Interop is what you have to do when you can't achieve convergence. George's key question: Can user experience be "converged" (that is, made seamless)? Another favorite saying: The truth is on the wire.
