[OpenID] My 2 Cents to the OpenID foundation

Peter Williams pwilliams at rapattoni.com
Thu Apr 2 19:01:49 UTC 2009


If I reviewed it and analyzed where the handoffs from OAUTH to openid would be matched by functionally equivalent handoffs from OAUTH/SAML and openid to SAML delegation tokens, would anyone object (in principle)? Could we imagine at this stage having a non normative annex, exploring those interactions?

I was impressed a year ago by the work on openid + cardspace/STS (whatever happened to that work?). Now that I have a production SAML STS minting SAML 1 and 2 tokens (facilaiting holder of key signing with our FIPS 140-2 crypto hardware, rather than merely always exploit bearer confirmation of assertion origin  [thanks Ping Identity!]), there is lots of potential interaction.

If folks don't want to work on specific handoffs, perhaps at this stage the focus could be identify equivalencies - and the logical handoff points. A service should always be delivberable by any one of multiple protocols, facilitating the (real world) of gateways, proxies, routing, switching, legacy integrations, etc.


> -----Original Message-----
> From: Martin Atkins [mailto:mart at degeneration.co.uk]
> Sent: Thursday, April 02, 2009 11:45 AM
> To: Peter Williams
> Cc: general at openid.net
> Subject: Re: [OpenID] My 2 Cents to the OpenID foundation
>
> Peter Williams wrote:
> > Seeing as there is no formality to that spec - in terms of process -
> id like to see those who are orchestrating it go one step further -
> have it cooperate with saml websso, too. Then, we are starting to see
> the kind of convergence that makes mass markets and mass adoption - as
> all the religion has been taken out of the technology.
> >
> > Just a hint, from a (powerless) consumer of assertions.
> >
>
> While that's a good goal, I think it's better to solve one problem at a
> time.




More information about the general mailing list