[OpenID] My 2 Cents to the OpenID foundation

Martin Atkins mart at degeneration.co.uk
Thu Apr 2 19:05:23 UTC 2009

Peter Williams wrote:
> If I reviewed it and analyzed where the handoffs from OAUTH to openid would be matched by functionally equivalent handoffs from OAUTH/SAML and openid to SAML delegation tokens, would anyone object (in principle)? Could we imagine at this stage having a non normative annex, exploring those interactions?
> I was impressed a year ago by the work on openid + cardspace/STS (whatever happened to that work?). Now that I have a production SAML STS minting SAML 1 and 2 tokens (facilaiting holder of key signing with our FIPS 140-2 crypto hardware, rather than merely always exploit bearer confirmation of assertion origin  [thanks Ping Identity!]), there is lots of potential interaction.
> If folks don't want to work on specific handoffs, perhaps at this stage the focus could be identify equivalencies - and the logical handoff points. A service should always be delivberable by any one of multiple protocols, facilitating the (real world) of gateways, proxies, routing, switching, legacy integrations, etc.

The OpenID/OAuth hybrid was designed by folks who are familiar with both 
OpenID and OAuth. That group is not necessarily expert in SAML.

However, if you have the knowledge necessary to do this then certainly 
it would be good to have a spec for interop with SAML too. I don't think 
this can be one spec because both require different fields of expertise, 
both from the spec authors and from implementors of the specs.

More information about the general mailing list