[OpenID] [OT] OpenID, SAML and UCI (was Re: For the nominees)

[John Kemp]

(highly off-topic for OIDF board nominees!)

Peter Williams wrote:

...

> With judicious account linking at RPs and by ensuring delegation CAN be 
> 100% controlled by users (if they care enough), UCI in the openid sense 
> is NICELY implemented. Of course, none of this low-assurance world 
> (equivalent to self-signed certs) stops openid protocols being used in 
> closed-community overlays to implement the more TTP control model 
> facilitating high-assurance, governance based control practices over a 
> subscriber’s web-life.

SAML architecture doesn't prevent an implementation to be deployed where 
the RP accepts assertions from any IdP. Nor does it prevent the 
deployment of an IdP which accepts requests from any RP.

The basic *architectures* for OpenID and SAML are similar, if not 
exactly the same. Both have the notion of RPs who accept assertions 
about a particular "user" from an IdP. Both consider that there will be 
more than one IdP in the world.

There seems to be wide agreement throughout the "identity metasystem" 
these days on this basic architecture.

Whether the IdP and RP trust each other's assertions is orthogonal to 
that architecture.

Regards,

- johnk